The changing nature of governance, risk, and compliance

In my ongoing work with clients, I try as often as possible to stress the importance of flexibility in GRC programs. Internal processes and technology implementations must be able to accommodate the perpetually fluctuating aspects of business, compliance requirements, and risk factors. If GRC investments are made without consideration for likely requirements 1 to 2 years down the road, decision makers aren’t doing their job. And if vendors don’t offer that flexibility, they shouldn’t be on the shortlist.

via The Forrester Blog For Security & Risk Professionals.