Skip Links

Network World

  • Social Web 
  • Email 
  • Close

Governance, risk management and compliance and what it means to you

GRC: governance, risk management and compliance
Technology Executive Alert Network World , 05/07/2007
Sign up for this newsletter now!

By Linda Musthaler and Brian Musthaler

Get ready for a new buzz phrase to descend upon the IT department: “governance, risk management and compliance,” or GRC. You’re probably already familiar with compliance, especially if your company has to comply with regulations such as Sarbanes-Oxley, HIPAA, GLBA or any number of other government or industry regulations. Now it’s time to understand your role in corporate governance and risk management.

Looking at your company as a whole, there are people at the top who are trusted with running the company in an ethical way, making sure that the company establishes appropriate objectives and shows measured achievements toward those objectives. This is governance. Up until the days of Enron, WorldCom, et. al., governance took place quietly in the background. Now it has been thrust into the spotlight, and it is much more closely tied to risk management and compliance.

Risk management is the practice of identifying, measuring, reporting on and appropriately managing the risks that could impact the company’s governance objectives. For example, risk managers look for competitive threats, political situations and new government regulations that could impact the business. They study the known risks and come up with ways to mitigate them.

Compliance, of course, has taken center stage for the past five years or so. Companies of every ilk are required to comply with numerous rules for how they conduct their business. What’s more, they need to be able to prove they comply. Sarbox, for instance, requires that the CEO and CFO certify financial statements. In some cases, there are severe penalties for non-compliance with regulations.

Not long ago, governance, risk management and compliance were unique disciplines that were managed by unique individuals and departments. In other words, they were silos. Each silo had its own set of tools and software applications to assist with its specific management and reporting requirements. Today, that silo strategy is changing to one of an integrated framework called GRC with the purpose of providing a holistic view of a company’s health and well-being.

According to Wikipedia, GRC is a type of enterprise software that ensures that a business complies with legal requirements. Initial interest in GRC was driven by the Sarbanes-Oxley Act, but GRC software requirements have changed and now are seen as a means to achieve Enterprise Risk Management. Specifically, GRC has evolved from managing risk as a transaction or compliance activity to adding business value by improving operational decision making and strategic planning. The GRC software becomes the governance platform for defining, maintaining, and monitoring risk.

Partner Content

NetScout is one of the world's premier providers of integrated network and application performance solutions.

www.netscout.com

Know First

Get Proactive — Move from Troubleshooting to Monitoring to Management with nGenius K2's Service Dashboard & Intelligent Early Warning Alarms

Watch the Video

Know Where

Get Rapid Performance Problem Isolation with nGenius Performance Manager and Diagnose Problems up to 70% Faster!

Learn More

Know Why

Get the Details to Validate and Solve your Toughest Performance Issues with nGenius InfiniStream and Sniffer Intelligence Modules

Read the Whitepaper

Comment
Login
Forgot your account info?
Add comment
Anonymous comments subject to moderator approval. Register here for member benefits.
Have a NetworkWorld account? Log in here. Register now for a free account.

Videos

rssRss Feed
Save The Date!
What They Are Saying

All you guys are fighting about is the fact you can reset the routers. This was childs point. He created...- Daniel

Join the Discussion