Caught two recent articles based on the same study that highlights some nice-current statistics related to businesses succeeding to achieve better profits and easier agility within business operations, as a result of a strong GRC / Information ecosystem. Of course, not everyone is enjoying the benefits, but this is a journey and not a simple destination. Below are two nuggets that highlight huge opportunity for businesses dealing with single regulations – such as PCI DSS, or those managing broad industry, business, and regulated mandates…
Continuity Central – Ownership of governance, risk and compliance role is unclear in many organizations. A short article highlighting management concerns identified in the Economist Intelligence Unit study with KPMG.
- The Convergence Push is being lead by Executives (56%) and Regulators (45%) – This is a point raised across several subject area sites as surprising given the ‘in the trenches’ executives perceived need to achieve these objectives.
- Key Benefit of GRC is the ability to Identify and manage Risks more quickly (59%); 39% stated Performance
One thing I have found consistent is the lack of the correct perception when considering GRC in general. Most look at it as an evolution of simple IT Security with technical risks and therefore technical metrics. I respectfully suggest considering it from a more risk management perspective – concerning the business integrity; contractual obligations; social contract (soft) commitments; technical security; and of course legal compliance. Perhaps with a different perspective, or what Peter Drucker would call – in the context of the customer, those external and served by the businesses resulting services and products.
**While I was writing this article I bumped into this other whitepaper by KPMG worth reading: Survival of the most informed: GRC comes of age – How to envision, strategize, and lead to achieve enterprise resilience