A global leader in serving libraries of all types, ProQuest LLC (“ProQuest”) supports the breadth of the information community with innovative discovery solutions that power the business of books and the best in research experience. More than a content provider or aggregator, ProQuest is an information partner, creating indispensable research solutions that connect people and information. Through innovative, user-centered discovery technology, ProQuest offers billions of pages of global content that includes historical newspapers, dissertations, and uniquely relevant resources for researchers of any age and sophistication—including content not likely to be digitized by others.
Finding GRC Software to Suit Your Needs By James Bone ogy strategy for managing compli- derstand how the programs work. Compliance Week Columnist ance? Depending on the size of your corpo- ration, however, you may well reach the T he popularity and proliferation of governance, risk, and compliance systems has grown over the years as regu- Every company will answer those three questions differently, so let’s explore the main points of each one in turn. limits of capability with MS applications. That doesn’t automatically mean you must look to outside vendors. Whether you use latory requirements have become more relational databases or non-relational da- complex. So it’s little wonder that IT, risk, Key Issues: First begin with a concise tabases (cloud computing, Web-based and compliance professionals have sought policy on the three pillars of oversight: development, or other computer technol- ways to make their lives less complex. governance, risk, and compliance. Gover- ogy), you may have the framework for After all, who wouldn’t want some nance is the main driver of the next two creating a GRC system that could be tied form of automated process that deliv- pillars, risk and compliance, so before you into online applications with real-time ers real-time data to senior executives even start to implement a system, senior data. and business-unit managers so they can management must agree on who is re- Is all that still cheaper than using a ven- better assess and manage your risks? As sponsible for governance and what that dor? That’s a complex decision that only businesses have looked to cut costs and looks like. Be precise in that agreement. Is your firm can weigh against the choice of streamline processes, technology is often governance decentralized or centralized? buying from an outside vendor. expected to provide efficiency for many How often will reporting occur? What If you do decide to buy a suite or plat- of the previously manual functions per- are the critical issues and topics that must form to integrate into your organization, formed by individuals. Enter the vendor bubble up from work papers from compli- consider whether the vendor can accom- of GRC software. ance and risk management? modate the requirements imposed by the Not surprisingly, however, achiev- Lastly, you must decide how to priori- IT department. Before you circulate any ing the promise of GRC software has tize the mitigation of critical risk and com- request for proposals from vendors, you been elusive. Vendors’ products typically pliance issues. Without formal agreement absolutely must consult your IT depart- are compilations of templates from risk and support of a governance framework, a ment; this is critical. Many companies and compliance frameworks, such as the GRC project may be viewed as a “compli- mistakenly believe that the implementa- Committee of Sponsoring Organizations ance project” that competes for business tion of a GRC system is the IT depart- (COSO) or Control Objectives for Infor- resources during tight budgetary times. ment’s responsibility. Wrong! A GRC mation and Technology (CoBIT). Home- Just as bad, smaller projects might crop system should be chosen to solve the chal- grown programs are usually built in up across the firm that aren’t connected lenges set forth in the governance policy business silos, preventing scalable imple- to the strategy set forth in the governance and must be owned by those responsible mentation across the whole enterprise— policy. You want a governance framework for implementing the governance strat- which is precisely the perspective that the that allows for a strategy that can evolve egy. The IT department is critical in the C-suite needs. with GRC, rather than one that exists as process, yes—but should be used to enable Why have these systems failed to live a collection of siloed approaches livi
Pages to are hidden for
"Finding GRC Software to Suit Your Needs"Please download to view full document