Governance, risk, and compliance (GRC) continues to be a hot topic of interest for security and risk professionals. Between July 2007 and July 2008, Forrester’s security and risk management team received 1,798 inquiries on a variety of topics — 198 of which were from clients interested in GRC. Of the GRC-related inquiries recorded, 46% covered compliance best practices, 32% concerned GRC vendor selection, and 24% addressed risk management. Forrester doesn’t expect the focus on compliance to diminish drastically, but maturing companies are focusing more on how to manage a federated compliance program that encompasses all standards and regulations rather than managing separate initiatives for each. Inquiries about enterprise risk management and selecting comprehensive GRC management software platforms also echo the same trend toward maturity. Forrester recommends that professionals looking to adopt GRC programs begin by identifying where converging governance, risk, and compliance can provide greater efficiency and insight, and only then consider technologies that can support these benefits.
A Comprehensive & Proactive Approach to Managing Regulatory Compliance Challenges Yields Substantial Benefits
Proactively Addressing Today’s Mounting Regulatory Pain-Points Results in Increased Detection of Weaknesses in Compliance Controls, Improved Accuracy of Compliance Related Information, and Decreased Number of Compliance Incidents and Breaches
Last update: 11:56 a.m. EDT Oct. 14, 2008
BOSTON, MA, Oct 14, 2008 (MARKET WIRE via COMTEX) — In the newly released benchmark report “Continuously Compliant: Ensuring Proactive, Comprehensive Compliance,” Aberdeen Group, a Harte-Hanks Company (NYSE: HHS), found that Best-in-Class organizations realized a 17% increase in the efficiency of compliance tracking and reporting as a direct result of proactively incorporating the right blend of targeted GRC and compliance enabling tools, technologies, and services into a structurally sound, holistic, and business-prioritized internal framework; an average increase more than 7.5 times greater than Laggards. To obtain a complimentary copy of the report, visit: http://www.aberdeen.com/link/sponsor.asp?cid=5289.
The purpose of this report is two-fold. First, it identifies the strategic actions, internal capabilities, technologies, and services Best-in-Class organizations are employing to transition from reactive, fragmented, and manually intensive compliance activities to proactive, comprehensive, and automated continuous compliance. Then, it provides a roadmap of actionable analysis and recommendations for companies seeking to: (1) ensure accurate and auditable compliance with all relevant governmental, industry-specific, and internally mandated regulations; (2) streamline, automate, and optimize operational processes; and (3) secure the integrity of company image and brand value.
Considered an integral part of their compliance strategies, establishing and enforcing an enterprise-wide, consistent approach to the achievement of compliance objectives allows the Best-in-Class to more effectively identify process breakdowns and inefficient controls, thus enabling valuable internal resources to be re-allocated towards core business activities. As a result, Best-in-Class companies were able to increase the detection of weaknesses in internal compliance processes and controls by 13% and improve their flexibility to adjust to changing regulatory requirements by 15%; an average increase over 3.5x greater than all other organizations.
“By fostering an ethical and compliant company culture and embracing an internal framework that emphasizes communication, accuracy of information, and collaboration across channels and roles, Best-in-Class companies allow employees to structure a work-plan and timetable that ensures compliance objectives are met within specified timeframes while providing both compliance managers and business unit heads with visibility into the status of compliance activities; facilitating dramatic improvements in both the speed and accuracy at which business-critical decisions are able to be made,” said Stephen M. Walker II, GRC specialist, Aberdeen. “Ensuring effective, efficient, and on-going compliance with external regulations while reaping internal operational benefits is dependent on pairing the right blend of targeted, scalable tools and technologies with clearly defined internal processes, controls, and organizational buy-in.”
A complimentary copy of this report is made available due in part by the following underwriters: Oracle, and SAI Global. To obtain a complimentary copy of the report, visit: http://www.aberdeen.com/link/sponsor.asp?cid=5289.