Private and public sector executives alike are under pressure today to increase their understanding of governance, risk and compliance (GRC) issues -and their ability to respond to them. They are expected to deliver against a range of key performance indicators, including profitability, customer satisfaction, revenue growth, etc. And then there’s increasing demands from regulatory bodies, including Sarbanes-Oxley (SOX), Gramm Leach Bliley (GLBA), the 21 CFR Part 11 regulations concerning IT controls, and others – now and soon to follow.
They are also operating in an environment more prone to risk, as increasingly companies have either a global reach and/or their supply chain partners do. Mergers and acquisitions (M&A) only add to complexity and risk as networks of multiple business partners are brought together.
Compliance with a web of new regulations adds another dimension of complexity and risk. We’re talking about compliance more broadly across the enterprise and specifically beyond the realm of software license compliance.
None of this helps executives to sleep well at night. They are battling against a tide of information, and frontline staff struggle to cope. That said, regulators hold them responsible for acting on such information.
What to do? Well, many of you will wait. It’s human nature to. Wait until a crisis strikes that triggers your company’s scrutiny of its GRC processes and systems. Then the “blank hits the fan” and reputations -even jobs- are on the line. Executives are usually aware of the threat posed by viruses and hacking, but some may fail to truly grasp the full implications of IT risk to their business. IT applications are today behind almost all critical processes needed to run the business. Security and transparency should be built into everything you do these days. And not just to mitigate the risk of system failure, but to mitigate as well the risk of regulatory risk.
Well, folks, it more than software licensing and compliance we have to worry about.