Skip Links

Network World

  • Social Web 
  • Email 
  • Close

(Comma separation for multiple addresses)
Your Message:

Governance, risk management and compliance and what it means to you

GRC: governance, risk management and compliance
Technology Executive Alert Network World , 05/07/2007
Sign up for this newsletter now!

Linda Musthaler's CIO-level look at the latest networking technologies and their benefits and pitfalls.

  • Share/Email
  • Tweet This
  • Comment
  • Print

By Linda Musthaler and Brian Musthaler

Get ready for a new buzz phrase to descend upon the IT department: “governance, risk management and compliance,” or GRC. You’re probably already familiar with compliance, especially if your company has to comply with regulations such as Sarbanes-Oxley, HIPAA, GLBA or any number of other government or industry regulations. Now it’s time to understand your role in corporate governance and risk management.

Looking at your company as a whole, there are people at the top who are trusted with running the company in an ethical way, making sure that the company establishes appropriate objectives and shows measured achievements toward those objectives. This is governance. Up until the days of Enron, WorldCom, et. al., governance took place quietly in the background. Now it has been thrust into the spotlight, and it is much more closely tied to risk management and compliance.

Risk management is the practice of identifying, measuring, reporting on and appropriately managing the risks that could impact the company’s governance objectives. For example, risk managers look for competitive threats, political situations and new government regulations that could impact the business. They study the known risks and come up with ways to mitigate them.

Compliance, of course, has taken center stage for the past five years or so. Companies of every ilk are required to comply with numerous rules for how they conduct their business. What’s more, they need to be able to prove they comply. Sarbox, for instance, requires that the CEO and CFO certify financial statements. In some cases, there are severe penalties for non-compliance with regulations.

Not long ago, governance, risk management and compliance were unique disciplines that were managed by unique individuals and departments. In other words, they were silos. Each silo had its own set of tools and software applications to assist with its specific management and reporting requirements. Today, that silo strategy is changing to one of an integrated framework called GRC with the purpose of providing a holistic view of a company’s health and well-being.

According to Wikipedia, GRC is a type of enterprise software that ensures that a business complies with legal requirements. Initial interest in GRC was driven by the Sarbanes-Oxley Act, but GRC software requirements have changed and now are seen as a means to achieve Enterprise Risk Management. Specifically, GRC has evolved from managing risk as a transaction or compliance activity to adding business value by improving operational decision making and strategic planning. The GRC software becomes the governance platform for defining, maintaining, and monitoring risk.

Linda Musthaler is a principal analyst with Essential Solutions Corporation.

  • Share/Email
  • Tweet This
  • Comment
  • Print
Partner Content

Blue Stripe Software

www.bluestripe.com/

Improving Application Performance Troubleshooting

Diagnosing why an application is slow is hard, at times taking days or weeks to isolate and resolve. This paper explains the challenges involved using current management tools, provides a 'wish list' for application management and analysis, and explains the need for an application system-wide approach that monitors entire applications, not components.

Download Whitepaper

Virtual Vigilance: Managing Application Performance in Virtual Environments

This paper highlights the impact of virtualization on application performance.  "Managing Application Performance in Virtual Environments" states: "Best-in-Class organizations are predominately taking actions around improving visibility across both physical and virtual systems, assessing the business impact of application performance and understanding interdependencies of applications in virtualized environments."

Download Whitepaper

Application Service Requests: The Missing Link for Pragmatic ITSM

Forrester Research analyst Glenn O'Donnell and BlueStripe co-founder Vic Nyman discuss a breakthrough approach to application problem management. Learn the new approach for ITSM problem management, which provides: Rapid isolation of application slow-downs to specific components for quick problem resolution, 24/7 monitoring for proactive notification of potential issues before end users are impacted and much more.

Register for Webcast

Comment
Login
Forgot your account info?
Add comment
Anonymous comments subject to approval. Register here for member benefits.
Have a NetworkWorld account? Log in here. Register now for a free account.

Videos

rssRss Feed