How GRC software works and why public companies need it
He explained that most companies manage their risk and compliance activities in “silos” where different groups maintain redundant and often contradictory information about the current status of their IT controls. This makes it very difficult for an organization to make correct (and timely) decisions relating to risks. Often, Camm said, these organizations are managing GRC activities with spreadsheets, which he deemed as a non-centralized approach.
“GRC software provides a global repository of information where you store all of your policies, all of the regulations and all of the results of tests against policies, regulations and audits to see if you are actually doing what you should. When all of the information becomes centralized, it delivers a higher level of visibility to what is going in business in regards to compliance and risk and makes it difficult to do unscrupulous things,” said Camm.
In terms of why many executives in public companies have not adopted GRC software, Camm believes that as more and more regulations have come up over the years, like SOX and HIPPAA, they are unsure of how to track all of them.
“This whole area of multiple regulations is an emerging and relatively new area where complexity to manage compliance has increased in business and now is the time [for] enterprise class systems to [be deployed] to help manage all of this complexity and provide visibility to compliance officers, which is what we are seeing in the market,” observed Camm.
If organizations don’t have something to help them better manage their GRC initiatives, they will not only face financial and criminal repercussions but jobs will also be on the line.
“Getting a system that helps you manage GRC activities is a way to drive operational improvement and it reflects on your ability to compete in the global market place and also reflects on the cost of compliance,” Camm said.
He added that the channel can help companies in the area of GRC because it requires a fair amount of consultation to businesses. Camm explained that global system integrators will work with software vendors like CA to construct an overall GRC program with the vendor providing the technology and the partner providing the consultation.
“GRC really changed the face of business, [it gives] them a mandate to answer to,” said Camm. “The softness [and the indulgence] on how people conducted business has been wiped away by GRC.”