The Changing Nature Of Governance, RIsk And Compliance

In my ongoing work with clients, I try as often as possible to stress the importance of flexibility in GRC programs. Internal processes and technology implementations must be able to accommodate the perpetually fluctuating aspects of business, compliance requirements, and risk factors. If GRC investments are made without consideration for likely requirements 1 to 2 years down the road, decision makers aren’t doing their job. And if vendors don’t offer that flexibility, they shouldn’t be on the shortlist.

News outlets over the past year have given us almost daily examples of change in the GRC landscape. The recent stories coming out of Davos have been no exception… giving us some truly fascinating debates on the necessity and detriment of regulations. As quoted in a Wall Street Journal article on Sunday, Deutsche Bank AG Chief Executive Josef Ackermann argued against heavy-handed regulation, saying, “We should stop the blame game and we should start looking forward… if you don’t have a strong financial sector to support the this recovery… you’re making a huge mistake and you will regret that later on,” he said. French President Nicholas Sarkozy summed up the opposing argument in his keynote, explaining, “There is indecent behavior that will no longer be tolerated by public opinion in any country of the world… That those who create jobs and wealth may earn a lot of money is not shocking. But that those who contribute to destroying jobs and wealth also earn a lot of money is morally indefensible.”

Risk and compliance professionals, whether they side more with Ackermann or Sarkozy, still have to ready themselves for continued backlash against large financial firms (and corporations as a whole). US Representative Barney Frank said he’s expecting Congress to pass new regulation this spring, but assured the audience that they had learned valuable lessons about stifling competition from the Sarbanes Oxley Act. But just in case he had forgotten, Lloyd’s of London Chairman Lord Levene joked, “Sarbanes Oxley was a huge success, not for New York and Wall Street, but for London and the City… We wanted to build a statue to Messrs. Sarbanes and Oxley for sending so much business to us.”

As government regulations change, GRC vendors continue to evolve their offerings as well. In my recent GRC Trends 2010 report, I mentioned the increasing role of technologies like BPM, BI, and CCM will play. For another look at the GRC technology landscape, check out CFO Magazine’s great, well-rounded piece from yesterday, GRC: The Solution Remains Elusive.