The 2014 ‘Gartner CEO and Senior Executive Survey: 'Risk-On' Attitudes Will Accelerate Digital Business’ report indicated 64% of senior executives listed Growth as the number 1, 2 or 3 priority. Companies have many paths to fuel growth such as mergers, acquisitions, launching new products and services and broadening out to new markets. However, all of these activities involve risk. Without the proper handling of risks, compliance obligations and the general preparation it takes for the business to take on these strategic initiatives, growth can be in peril. In the same report, executives reported that they were more likely to grow the business IF they had good sense of the risks involved – and the ability of the organization to deal with those risks. This is why Governance, Risk and Compliance programs have risen from the humble beginnings of point efforts, grass roots initiatives and a select few practitioners huddling in the corner at organizations to become a board level discussion today. While GRC placed 11th on the list of priorities in this survey, managing risk is an absolute imperative for the organization to meet that #1 priority of Growth.
When it comes to building any enterprise GRC program – and truly affecting change in an organization – the journey has many twists and turns. Organizations must go through a transformative process of maturing processes from localized, concerted efforts into a broader, comprehensive strategy. The maturity of a GRC program is the sum of many parts. Some organizations are just embarking on this journey; other organizations have been trekking this path for several years.
I am pleased to announce the RSA Archer Maturity Models – a series of white papers that outline the six major dimensions of risk management. The RSA Archer Maturity Models focus on key capabilities enabled by the RSA Archer solutions. As a technology enabler, RSA Archer provides the critical infrastructure to leverage processes, share data and establish common taxonomies and methodologies. Our vision is to help organizations transform compliance, manage risk and exploit opportunity with Risk Intelligence made possible via an integrated, coordinated GRC program.
The RSA Archer Maturity Models outline multiple segments of risk management that organizations must address to transform their GRC programs and articulates the five stages of Maturity an organization experiences during the journey from Siloed efforts to an Advantaged state of risk management. Each white paper discusses the different phases and the key capabilities that organizations should pursue in building maturity across the core components of a GRC program:
- Operational Risk Management,
- IT Security Risk Management,
- Regulatory and Corporate Compliance,
- Third Party Governance,
- Business Resiliency,
- Audit Management, and
- Assessment & Authorization/Continuous Monitoring (Federal solution).
The GRC Strategy team will be posting a series of blogs highlighting the maturity models over the next few weeks. As with all journeys, we expect that your organization may have taken its own unique path as your pursue GRC Maturity. We welcome your feedback as you research our positions in these domains.
The White Papers are available to members of the RSA Archer Community at https://community.emc.com/docs/DOC-44019