Volume 1 Issue 2

April 7, 2008

2008 GRC Drivers, Trends, & Market Directions

Blog

Read and comment on Michael Rasmussen's thoughts on the GRC.Pundit blog:

• 3/25 - Spreadsheets are inadequate for risk and compliance assessment questionaires

• 3/17 - SAP delivers on GRC vision

• 3/12 - What is IT-GRC?

• 3/10 - Getting it right

• 1/23 - GRC 2.0 - The GRC.EcoSystem

Upcoming Conference Presentations

Michael Rasmussen will be presenting at the following events:

• 4/11; Executive Meeting 2008; A Collaborative & Integrated Approach to Governance, Risk, & Compliance

• 5/14; Converge08; Identity & Access Management: A Foundation for Governance, Risk and Compliance

• 9/14; Association of College and Univesity Auditors.

• 10/14; Axentis Engage!

• 10/28; BITS/American Bankers Association Conference

Upcoming Webinars

Michael Rasmussen will be presenting in the following webinars:

• 5/20; RSA Webcast; Developing a Sustainable and Cost Effective IT Compliance Program

Archived Webinars

Michael Rasmussen has presented in the following archived webinars:

• 3/25; CFO.com Webcast; An Integrated Approach to Risk & Compliance.

• 3/11; Institute of Internal Auditors; Measuring the Ethical Environment of Your Organization.

Upcoming Travel Schedule

Michael Rasmussen has travel plans that brings him to the following areas):

• 4/7-11; São Paulo, Brazil (GRC Executive Meeting 2008)

• 4/16-18; Phoenix, Arizona, USA (OCEG Leadership Council)

• 4/23-24; Dallas, Texas, USA (OCEG GRC Forum)

• 4/28-52; San Francisco, California, USA (OCEG GRC Forum)

• 5/13-14; Chicago, Illinois, USA

• 6/2-6; Washington D.C., USA (tentative)

• 6/9-13; London, United Kingdom (tentative)

• 6/16-18; Paris, France (tentative)

• 8/11-15; Oklahoma City, OK, USA

• 9/15-24; Phoenix, Arizona, USA

• 10/6-10; Dublin, Ireland (tentative)

• 10/14-16; Tuscon, Arizona, USA

• 10/27-31; Washington D.C., USA
  

Recent media interactions with Michael Rasmussen:

• 4/08 - SearchFinancialSecurity.com

• 2/08 - Finally a Clear Business Connection to ERM, Treasury & Risk.

• 1/08 - The Emergence of Converence, CFO.com

• 1/08 - Portland Business Journal

Corporate Integrity, LLC is working on the following upcoming research pieces in the GRC space:

• Strategies for Enterprise Investigations Management, April 2008
• GRC 2.0 - The GRC.EcoSystem, May 2008
• Developing a GRC Strategy and Framework, June 2008
• Next Generation Policy & Procedure Management, July 2008
• Developing a Regulatory Intelligence Strategy, August 2008
• Marketing Corporate Compliance: Success Strategies in Branding Your Corporate Compliance Program, September 2008
• Developing a Risk Intelligence Strategy, October 2008
• Monitoring Risk with Risk Dashboards, November 2008
• Effectively Managing Geo-Political Risk, December 2008

Notable Quote:

“An act, a habit, an institution, a law produces not only one effect but a series of effects. Of these effects, the first alone is immediate; it appears simultaneously with its cause; it is seen. The other effects emerge only subsequently; they are not seen; we are fortunate if we foresee them."

Frederic Bastiat

(1801-1850), French Economist

Friend,

I recently published my"2008 GRC Drivers, Trends, & Market Directions"research illustrating the dynamic and growing nature of GRC adoption within organizations and the direction and size of the overall GRC market for products and services. Below are the summary highlights from this piece of research. . .

Organizations Embrace GRC Principles

The Governance, Risk, and Compliance (GRC) market is in significant momentum as organizations embrace collaboration across silos of GRC and generally recognize that something needs to be done.

GRC is About Organizational Collaboration

GRC is more than a catchy acronym used by technology providers and consultants to market their solutions – it is a philosophy of business. This philosophy permeates the organization - its oversight, its processes, and its culture. Organizations are approaching GRC to get an enterprise view of risk and compliance that requires that GRC initiatives involve a federation of professional roles working together in a common framework, collaboration, and architecture to achieve:

• Sustainability. Organizations demand a sustainable process and infrastructure for ongoing governance, risk, and compliance processes that are becoming more onerous.

• Consistency. Organizations require that multiple roles in the organization start working together in an integrated framework.

• Efficiency. GRC aims to ease the burden on business by leveraging common processes, assessments, and information.

• Transparency. Business demands transparency across key-performance and risk indicators so it can monitor the organization's health, take advantage of opportunity, and avert or mitigate disaster.

Drivers Influencing Corporate Directions in GRC

Good governance is built upon diligent risk and compliance management processes. In today’s business environment, ignoring a federated view of GRC results in business processes, partners, employees, and systems that behave like leaves blowing in the wind. Through ongoing research and interactions with organizations around the world, Corporate Integrity has identified the following drivers that are the primary influencers driving organizations to consider and adopt GRC strategies:

• Growth of Corporate Social Responsibility.

• Increasing governance demands.

• Rating agencies focused on enterprise risk management.

• Increasing risk profile in a distributed world.

• Connecting performance management to risk management.

• Increasing regulatory compliance profile.

• Impact of the extended enterprise.

• Inefficient, manual, and siloed risk and compliance initiatives are ineffective.

Silos of GRC Lead to Greater Exposure to Risk

A reactive and siloed approach to GRC is a recipe for disaster and leads to . . .

• Lack of visibility. A reactive approach to risk and compliance leads to siloed initiatives that never see the big picture.

• Wasted and/or inefficient use of resources. Silos of risk and compliance lead to wasted resources.

• Unnecessary complexity. Varying risk and compliance approaches introduce greater complexity to the business environment.

• Lack of flexibility. Complexity drives inflexibility - the organization is not agile to the dynamic business environment it operates in.

• Vulnerability and exposure. A reactive approach leads to greater exposure and vulnerability.

2008 Trends Maturing GRC Practices

Organizations are driven to ‘think’ GRC. The complexity of business, increasing risk and regulatory profiles, as well as the nature of extended and global business requires that organizations reengineer how they approach governance, risk, and compliance by leveraging processes as GRC. The 2008 GRC trends within global enterprises addressing GRC include:

• GRC 2.0 – the GRC.EcoSystem.

• Maturation of GRC technology.

• Next generation policy and procedure management.

• Enterprise investigations and loss management.

• Policing the extended enterprise.

• Software as a Service grows as a GRC implementation model.

• Beginning of GRC outsourcing.

• Risk & regulatory intelligence.

• GRC is growing organically within organizations.

• GRC is spanning industry verticals and business processes.

The GRC Market in Momentum

The GRC market is growing and expanding - though, from a market size perspective, it remains difficult to define and put boundaries around. Corporate Integrity sizes the GRC market in 2008 at approximately $52.1 billion. This is broken down into the three primary categories of Corporate Integrity’s GRC.EcoSystem:

• GRC Professional Service Market is $40.6 billion in 2008.

• GRC Technology Provider Market is $9.3 billion in 2008.

• GRC Information/Content Provider Market is $2.2 billion in 2008.

NOTE: If you are interested in purchasing this research to dive deeper into these points, click on the following link "2008 GRC Drivers, Trends, & Market Directions"

Thank You,

Michael Rasmussen

President, Corporate Integrity, LLC

mrasmussen@corp-integrity.com

+1.888.365.4563

P.S. - I am intimately involved in the OCEG GRC Forums. There is limited space available, but if you are a senior internal GRC executive/practioner at a large company I invite you to register for this event . . .

OCEG GRC FORUM: HOW TO ENSURE INFORMATION TECHNOLOGY SUPPORTS GRC PROGRAMS

OCEG continues it's innovative thought leadership through the OCEG GRC Forums. These forums afford senior GRC and IT professionals the opportunity to collaborate on ways to improve how GRC can be enabled by technology. In one day intensive workshops, leading companies along with subject matter experts will take a "deep dive" and develop strategic plans that address the challenges of improving GRC program information flow and consistency.

Five key issues will be considered with a focus on how technology is leveraged to improve the overall GRC program:

1. Corporate risk mitigation emphasis
   
2. Organizational change emphasis
   
3. Global markets emphasis
   
4. M&A emphasis
   
5. Technology-driven business emphasis

If you would like to learn more please go to OCEG GRC Forum.

Copyright text - Entire contents © 2008, Corporate Integrity, LLC. All rights reserved.
Corporate Integrity clients may make one attributed copy or slide of information contained herein.

Additional reproduction is strictly prohibited. For additional reproduction rights and usage information, email: info@corp-integrity.com. Information is based on best available resources. Opinions reflect judgment at the time and are subject to change. Privacy Notice: We never release your e-mail address to third parties.