What a week! This pre-Halloween week, we held RSA Charge 2016 in New Orleans, the most haunted city in America – and what a phenomenal turnout! We’re thrilled to have more 2,000 attendees join us this week to share best practices for GRC, security and business risk management and to gain invaluable insights from their peers and subject matter experts alike. And the stories shared at RSA Charge are just a small sampling from the more than 1,300 organizations who have implemented Archer.
The spirits of RSA Archer gatherings past – this being our 13th year – give us this opportunity to look at how much the industry has grown and how GRC is shifting. Risk and compliance management is out of the shadows, transitioning from a functional role to an enterprise-wide strategic perspective. Looking at the “Ghosts of GRC Past, Present and Future” helps provide perspective on the continuing growth and transformation of this increasingly business-critical practice.
The “Ghost of GRC Past” had organizations trying to keep up with new regulations and emerging compliance requirements. GRC was anything but a strategic program for the business, focusing on very discrete problems and a few, select processes. Archer was there in 2000 at GRC’s beginning, as companies began investigating technology enablers.
The “Ghost of GRC Present” has companies formally adopting practices based on industry and international standards, implementing combined strategies to tie together data and consolidate processes, and instituting frameworks to guide procedures. While technology is a cornerstone of risk management strategies, many organizations still have “skeletons in their closet” – pockets of disconnected risks that can cause serious damage.
The “Ghost of GRC Future” shows growing emphasis on determining how risks impact your company’s overall performance. The very strategies that fuel your company’s growth are the same initiatives that introduce more risk into your organization. GRC can no longer be considered separate from business strategy and objectives, and evolves to become Business Risk Management.
Business Risk Management is more than connecting dots – it’s anticipating where the next dot will be. That means gathering the right information from the right sources to get the complete risk picture you need to analyze and predict your risk landscape, rather than merely survey it. Clearly, it’s time for the “Ghost of GRC Past” to be laid to rest. It’s time to evolve to beyond GRC to Business Risk Management.