Conversations in Risk-Based Security

GRC Programs Largely Ignore The Risks That Cause Companies To Self-Destruct

Posted by Lynx Technology Partners on Feb 4, 2019 9:50:20 AM
governance-risk-management-compliance

A close look at the reasons companies fail reveals that there are substantial risks that don't typically fall under the purview of most GRC programs. The Forrester Report, Extend Compliance And Risk Management To What Really Matters For Your Business, explores how companies can improve business performance by expanding the fundamentals of their GRC program to the aspects of their company that drive success with customer interactions, which will in turn drive growth and revenue for the company.

Reflecting on the first half of 2017's corporate failures, some of the biggest examples paint bleak pictures of corporate behavior, and some even call into question long-term viability:

  • Poor governance and culture can cause ethical disasters. While investors may applaud corporate cultures that value high energy and performance, if that culture is left unchecked, it can lead to unintended, costly consequences.
  • Ignoring revenue-generating assets can expose risks that threaten viability.  Companies that focus their risk management efforts on compliance requirements or otherwise limit their risk management scope too often ignore risks that threaten their livelihood.
  • Compliance-based risk strategies do not work. Arby's, CloudPets, Kmart, and Netflix all suffered breaches, despite having regulatory compliance or industry standard obligations to meet: PCI, ISO 27001, Motion Picture Association of America (MPAA), and HIPAA to name a few.

To Begin With, GRC Reduces Costs And Losses
Investments in governance, risk management, and compliance — whether they're labeled GRC, enterprise risk management (ERM), corporate compliance management, or something else — have historically earned approval with the expectation of cost and loss reduction. If done correctly, GRC should decrease costs by reducing redundancies and increasing efficiency, and it reduces the risk of fines and other losses by helping the organization allocate risk treatment resources to where they have the biggest impact ( see Figure 1 ).

THE CURRENT FOCUS OF RISK AND COMPLIANCE EFFORTS IS FAR TOO NARROW!  Learn more key takeaways in the exclusive Forrester Report: Extend Compliance And Risk Management To What Really Matters For Your Business.  Download your free copy now!

Figure 1:

Figure1

Topics: GRC, Risk Management, governance risk