What 2011 Holds in Store for Your GRC Program – Five Predictions | Prediction #1

Chris Noell

It’s certainly not news that 2010 has been a tough year for organizations looking to establish and maintain an effective GRC program as they face the ongoing challenges of balancing GRC obligations with budget and resource constraints.  In 2011, as the number of applicable regulations and standards increase and organizations look to protect themselves against security breaches, I expect the importance of GRC to increase in the coming year. 

So, where should your organization start? Over my next five blogs posts, I will share my five predictions for what 2011 holds in store for your GRC program.

Prediction #1 | Greater Focus on Risk Management Capabilities

Although many pundits have predicted more focus on risk management for years, in my discussions with clients, I haven’t really seen it in action. Quite simply, even if organizations purchase a GRC technology with the expressed goal of improving risk management efforts, compliance has tended to predominate, as the simpler and more achievable objective.

However, I’m going to go out on a limb to call 2011 as the year risk management finally surpasses compliance as the top GRC initiative.  I’m willing to make this leap for a couple of reasons:  compliance maturity and client requests.  I believe the majority of organizations have matured their compliance processes enough to move on to other objectives.  In addition to compliance maturity, I’m seeing more and more clients asking how to get the most out of TruComply’s risk management capabilities – TruComply being ANX’ GRC technology.

Hopefully, as organizations mature their risk management capabilities, they will find that their compliance program has not only resulted in controls that meet regulatory requirements, but these same controls also mitigate a significant degree of business risk.

Come back on Thursday, December 9, 2010 to read Prediction #2.