You may be familiar with the story of Frodo Baggins of the Lord of the Rings trilogy. He was an unassuming hobbit from the Shire who inherited a ring. Once he came to understand the power and dark purposes of the ring, he set out to destroy it in the fires of Mount Doom before the Dark Lord Sauron could use it to destroy Middle Earth. There were many times on his long journey that Frodo tried to do this alone. He did so because he felt it was his quest to accomplish, he didn't agree with how others wanted to proceed or he was scared for the safety of his friends. It was only when he relied on help from friends like Samwise Gamgee, Lord Aragorn and the wizard Gandalf, did his quest finally succeed. There were many adventures, new characters, close calls and misdirection along the way. But in the end, he accomplished his goal of destroying the ring and saving Middle Earth.
You may be less familiar with the story of the ARC. The ARC finds themselves in a very similar position as Frodo and his counterparts. The ARC consists of three groups that set off on similar but separate quests, each to destroy evil and restore peace in the land. The problem is they were very much separate even though their goals were the same. At first, they didn't know much about each other only than they each existed. There were times they crossed paths in their journey and even fought against each other not knowing they could be allies. In the end, only when truly perilous times came upon them all did they begin to work together to achieve their quest.
Ok, I guess it's time to bring this back to the purpose that I'm writing about, and it's not to become the next J.R.R. Tolkien! This ARC group I"m referring to exists in most every substantial organization today. It's the Audit, Risk and Compliance (ARC) teams and when you think about it, they really have been on a similar quest, or what I'd call a maturity journey to abolish evil (risks) and establish control(s). As a Governance, Risk and Control (GRC) company with over 1,300 customers, we've seen our share of organizations all along this journey. Some very separate in their quest to manage risks, implement controls and help steer the destiny of their organizations. Others, working together with similar approaches, sharing the load and reporting results consistently and holistically. Just like when Frodo and his counterparts worked together as a team did they triumph over their foes, the organizations that align their ARC teams (and there are many ways to do this) are more successful. This could be done by evaluating risks in the same way, dividing up the work of evaluating controls, coordinating with regulators or becoming more involved in strategic initiatives to give the unique perspective only ARC groups can provide.
Frodo needed directions to the fires of Mount Doom where the ring could be destroyed. ARC and other groups also need a roadmap, so we've recently implemented Maturity Models to light the way. These Maturity Models cover each area - Audit, Compliance, Risk, Third Party Management, IT Security and more. Each one helps the organization understand where they are on the road to maturity and how to advance further. Finally, just as Frodo and his colleagues had swords, shields and bucklers, organizations have access to the Archer GRC tool, which is a strong enabler if coupled with the Maturity Models to help teams accomplish this shared mission.
It's not an easy journey, so check out our White Papers on the RSA Archer Community RSA Archer Maturity Model White Papers.