Governance: the overlooked part of GRC – contributions welcome
GRC stands for governance, risk management, and compliance. However, most pundits, analysts, vendors, and service providers focus on the R, with some attention on the C, but give scant time and attention to the G.
It is time to shine more light on Governance and related software solutions. While there is no doubt about its importance, too little information is available on how technology can enable efficient and effective governance functions and processes.
There are several different definitions of Governance. For the purposes of this exercise, let’s use the OCEG definition of Governance as:
“.. the culture, values, mission, structure and layers of policies, processes and measures by which organizations are directed and controlled. Governance, in this context, includes but is not limited to the activities of the Board, for governance bodies at various levels of the organization also play a critical role. The tone that is set, followed and communicated at the top is critical to success.”
Everybody can contribute by adding to my list of functions/processes included in Governance:
- Shareholder meetings and communications
- Proxy management
- Board meeting management, including board briefing material communication, security, etc.
- Code of conduct communication, training, and testing
- Investigation management
- Whistleblower hotline management
- Legal case management
- Strategy management
- Long-range planning
- MBO management
- Policy, standards, and procedure management
- Human resource management
- Operational and financial performance management
- Capital project management
- Business continuity management
- Fraud detection
- Legal entity management
- Corporate social responsibility management
- Intellectual property management
- Physical security management
- Information security
- Product quality
I want to provide a location where organizations interested in software for governance processes can see what is available.
This is an open invitation for any vendor or service provider to post a comment that describes their Governance solution(s).
A few conditions:
- Only provide information on solutions for Governance. Solutions that focus on Risk or Compliance do not qualify
- Explain how your solution addresses one or more Governance processes/functions
- No negative comments on other vendors are permitted
- While I agree that internal audit, information security (including privacy), and fraud detection are a critical Governance functions, this post is not to collect information on them. They are already fairly well advertised
- Feel free to include links to additional information. However, what is posted here should be sufficient for anybody to understand in broad terms what is offered