GRC trends to look out for in 2011


So, what will be the big trends in GRC for 2011? Everyone's got an opinion. The common thread is that we'll likely see more spending starting this year--which is great news for the industry. 

To get this discussion started, we turned to Scott Gracyalny, Managing Director and Global Leader of Risk Technologies at Protiviti. He offers five trends regarding GRC in 2011: 

1. CIOs will look to GRC for greater control and management over enterprise apps like CRM, ERP and others.  

With more enterprises relying on a cloud infrastructure and application use, CIOs will look for ways to better align their IT governance while ensuring all security measures are centralized and managed in-house. 

2. ITGRC and EGRC will turn into one offering.

With significant M&A activity and market changes in 2010, you can expect to see IT and enterprise GRC tools packaged as one offering in 2011. With the gap between the two sides of the house shrinking, GRC's umbrella will expand beyond financial reporting, play a larger role in infrastructure and shape technology purchasing decisions. 

3. CIOs will look to translate GRC information into business process knowledge.

When businesses store their historical data, it is traditionally held in different and dispersed systems. When analyzed, the data can be useful information that could potentially improve business processes for the future. In 2011 and beyond, companies will look to GRC systems to consolidate the various information that is readily available in the numerous systems, and extract and analyze the data gathered from various GRC domains, different company initiatives, corporate policies, information systems and other business units to improve the efficiency and effectiveness of business processes. 

4. Decision makers will find advantages in choosing GRC systems independent from their regulatory providers.

With the vast number of industry changes and regulatory mandates, companies will seek to keep their GRC systems updated with fresh data by integrating with live regulatory providers. That said, there will be no advantage in using a GRC system pre-packaged with a specific regulatory provider. Regulatory providers will be forced to work with a number of GRC system applications based on actual and individual customer preference. Businesses that choose their GRC system autonomously from the regulatory provider will benefit from an open system. 

5. Governance will take on more than policy and will integrate business objectives to tackle business performance.

With GRC initiatives primed to take a broader role within most organizations in 2011 and beyond, the governance domain will expand and take into account corporate goals and objectives along with measurement. Through a combination of data integration and transformation, governance will be more easily tracked and tied back to GRC metrics and scorecards to measure, and ultimately improve, business performance. 

What do you think? Can you add to the list? As for me, I'm just glad he didn't mention the word "silo." - Jim