Sunday, August 10, 2008

The integrated approach: Governance, Risk, and Compliance Management

A couple of days ago, Joe McKendrick wrote an interesting post, published in the blog of Informatica Enterprise Data Management, entitled What is 'GRC,' and How Can It Bring the Enterprise Together?

He talks about how the companies nowadays need be able to document the reliability and quality of data, to fulfill mandates such as Sarbanes-Oxley.

For this, the companies need a more automated, systematic form to integrate those information.

He explains that the integrated approach: Governance, Risk, and Compliance Management can build sustainable compliance management: "These include governance, or the oversight of corporate activities and processes; risk management, or the identification, assessment and monitoring of risks and controls; and compliance management. Most importantly, GRC brings together teams of people that normally would not be working with each other. The distinct categories of governance, risk management and compliance were often run by separate groups of specialists. Companies increasingly recognize that there needs to be a single focus –that finance, IT, security and operations teams need to be engaged in a common purpose of bringing greater flexibility and transparency to the way data is managed and dispersed throughout the enterprise."

He mentions Lee Dittmar, a principal with Deloitte, and a thought leader in GRC, that observed, in an article published in the BTQuarterly:
"As leaders strive to meet the raised bar on corporate governance, to achieve better risk mitigation and to meet increasingly complex compliance challenges, a common element is recognized as being critical: high-quality information. They need the right information, at the right time, at the right place, and in the right form. They need relevant, timely, accurate, transparent, and reliable information.
This requirement for higher-quality information puts intense focus on IT's role as a key enabler for improving GRC connectivity - helping uncover its collective synergies and boosting support of stronger, more efficient businesses. Yet CIOs and IT managers find themselves still wrestling with organizational fragmentation and resistance issues, such as ongoing complexity in the corporate silos and continuing manual processes. It's difficult to create a more ideal environment, in which decentralized units are bridged and systems and controls exist on a common platform when they're not free to fully explore all of the possible interrelationships and common dependencies inherent in GRC."

He finishes the article, also mentioning Dittmar: "GRC brings to light the need to be able to transform overwhelming amounts of data coming in from all corners of the enterprise into "information that serves as a strategic asset of the business."

Both are interesting articles (Joe McKendrick and Lee Dittmar) about Governance, Risk, and Compliance (GRC).

A good way to automate and integrate information is through the concepts of Enterprise Decision Management(EDM), with its focus on the automation of operational decisions using analytics and rules and also focus on management.

No comments: