GRC – an academic definition of the word “mess”
I want to commend an article in CFO magazine to you: it can be downloaded at http://www.cfo.com/article.cfm/14470743?f=search.
The article leads with this:
“The software category known as “governance, risk, and compliance” ended 2009 pretty much where it began: still lacking a clear identity. Any apt description of GRC, in fact, remains tantamount to, as one industry insider puts it, “an academic definition of the word mess.”
“It is an open question whether the GRC umbrella — stretching over at least 20 substantially different “enterprise platforms” plus an immense array of more-focused products that address specific facets of GRC (often tailored for a specific industry’s needs) — has any definition at all. ‘There’s no arguing that from a buyer’s perspective, ‘GRC software’ doesn’t exist today,’ Ventana Research analyst Robert Kugel wrote recently.”
No, I didn’t write or contribute to the piece – but I agree with much of what it has to say. Do you?