By Linda Musthaler and Brian Musthaler

Get ready for a new buzz phrase to descend upon the IT department: “governance, risk management and compliance,” or GRC. You’re probably already familiar with compliance, especially if your company has to comply with regulations such as Sarbanes-Oxley, HIPAA, GLBA or any number of other government or industry regulations. Now it’s time to understand your role in corporate governance and risk management.

Looking at your company as a whole, there are people at the top who are trusted with running the company in an ethical way, making sure that the company establishes appropriate objectives and shows measured achievements toward those objectives. This is governance. Up until the days of Enron, WorldCom, et. al., governance took place quietly in the background. Now it has been thrust into the spotlight, and it is much more closely tied to risk management and compliance.

Risk management is the practice of identifying, measuring, reporting on and appropriately managing the risks that could impact the company’s governance objectives. For example, risk managers look for competitive threats, political situations and new government regulations that could impact the business. They study the known risks and come up with ways to mitigate them.

Compliance, of course, has taken center stage for the past five years or so. Companies of every ilk are required to comply with numerous rules for how they conduct their business. What’s more, they need to be able to prove they comply. Sarbox, for instance, requires that the CEO and CFO certify financial statements. In some cases, there are severe penalties for non-compliance with regulations.

Not long ago, governance, risk management and compliance were unique disciplines that were managed by unique individuals and departments. In other words, they were silos. Each silo had its own set of tools and software applications to assist with its specific management and reporting requirements. Today, that silo strategy is changing to one of an integrated framework called GRC with the purpose of providing a holistic view of a company’s health and well-being.

According to Wikipedia, GRC is a type of enterprise software that ensures that a business complies with legal requirements. Initial interest in GRC was driven by the Sarbanes-Oxley Act, but GRC software requirements have changed and now are seen as a means to achieve Enterprise Risk Management. Specifically, GRC has evolved from managing risk as a transaction or compliance activity to adding business value by improving operational decision making and strategic planning. The GRC software becomes the governance platform for defining, maintaining, and monitoring risk.

Whitepapers

• Secure Wireless Printing Options
• Network-Wide Change Management Visibility with Route Analytics
• Getting in Compliance With Government Data Regulations By Leveraging Online Security Technology
• How to Offer the Strongest SSL Encryption
• Maximizing Site Visitor Trust Using Extended Validation SSL
• The Latest Advancements in SSL Technology

View more NETWORK MANAGEMENT whitepapers

Webcasts

• Managing the End User Experience-A Real World Example of Success
• Branch Office Trends and Best Practices
• Correlating granular network and application visibility
• Migrating to an MPLS-Based Network
• Round Table Webcast with Forrester Research
• Best Practices for Deploying WAN Optimization for Disaster Recovery

View more NETWORK MANAGEMENT webcasts

Special Reports

• WAN Optimization: The Ultimate No Brainer
• Ehternet Services: WAN options mature
• Keeping Spam at Bay
• Network World Executive Guide: The Virtualization Equation
• Application Performance Management Executive Guide
• Executive Guide: Building a Service Oriented Architecture

View more NETWORK MANAGEMENT special reports