IT Compliance and Controls

Converging Business, Information, and Controls

IT Compliance and Controls header image 2

Hard valuations and real world returns for IT GRC

November 5th, 2009 · No Comments

In the past five years of delivering work that has been focused on aligning and enhancing corporations against contractual agreements, operational requirements, and risks – today officially classified as Governance, Risk and Compliance (or GRC) through technology I have seen real returns for my clients.  While these improvements happen immediately, the real rewards are realized through embedding the efforts over the long haul.  I have been quite pleased with the results of my own GRC activities, and based the book on highlighting these core success criteria.

A recent survey, albeit funded by a GRC vendor, conducted by the Aberdeen Group reinforces the returns corporations receive through adopting GRC into their organizations.  I find these results to be in-line with my own personal experience.  The link to the press release is here.  A quick bit of the numbers they highlight include:

Some of the main results pointed out by the research shows that Best-in-Class companies:

1. estimated that business-critical decisions are made 10% faster, based on improved management visibility into current risks.

2. eliminated redundant risk management activities and processes, with a reduction of 8.5%.

3. improved efficiency of their compliance tracking and reporting processes by 12% and their ability to provide clear, timely communication of risks and compliance status to shareholders and board of directors.

4. increased their flexibility to adjust to new or updated regulatory requirements by 11.5%.

I strongly encourage organizations to develop a culturally correct IT Governance process and create an ongoing GRC initiative.  Only when technology, business risk, and innovation are moved together can organizations truly capitalize on the benefits of their existing assets.

A separate report, Managing Risk, Improving Visibility, and Reducing Operating Costs was released in May 2009 which is also quite good and highlights the IT GRC benefits.  As with any industry report, be aware of the samples, scope, sources, funding for report, and how your organization differs and is similar in nature.

Other considerations?

James DeLuccia IV

(Please note, I was unable to locate the actual report beyond the broken link in the press releases.  I will check periodically and see if I can locate it when it becomes available.  If you find it, please post a comment and I will update here)

Tags: Uncategorized

0 responses so far ↓

  • There are no comments yet...Kick things off by filling out the form below.

Leave a Comment