Have you ever asked yourself how information stewardship plays into the aspirations of your organization? How will it keep your organization viable? Economists have indicated that the economic recovery could take 5 to 6 years. If this is true, it is crucial that companies enact measures to manage change, govern information and ensure sustainability.

In this harsh economic climate, the primary aspiration of most organizations is to simply be sustainable. Ultimately, sustainability is an effort to preserve the long term operations of a company. But remember -- the rules of the game in business have changed.

In fact, the new rule is change. The problem is that the rate of change is outpacing our ability to adapt. Change is now perpetual. Adaptability or agility has become the key to sustainability because a process that is generating excellent outcomes today may not work tomorrow.

An agile organization is one that is proficient at change. It makes vibrant, evolutionary use of its assets --including information. But it is also careful that its information does not become a liability by establishing GRC (governance, risk and compliance) restraints. This controlled-yet-flexible climate within the framework of GRC is a major factor in maintaining organizational sustainability.

GRC Does Not Prevent Agility

Most people think of implementation of GRC as causing information lock-down. Monitoring, checking, regulating, auditing, limiting all have negative connotations. These are the ‘no’s’ of information management.

When endeavors have a negative taint it is difficult to gain organizational cooperation. Really, who wants to support an undertaking that makes access to information even more difficult? I propose we think about GRC differently -- that the framework of GRC fosters a path for organizations to maintain sustainability. To illustrate this, let’s break GRC into its three components:


Governance is the management of information within an enterprise. Governance efforts involve people, polices, technology and ERM. This is your information big picture. Governance is often the bridge between Legal and IT. Instead of thinking of governance as rules and regulations, let’s approach it as an opportunity to invent and redesign our information strategy. Ask yourself, how can we better use our information to confront an unsure, unstable business climate?

Governance also gives us an opportunity to be transparent. Transparency gives us the liberty to proclaim ‘who-we-are-and-what-we-do.’ This window into our corporate ‘inner workings’ is probably mandated and external transparency is certainly important. But let’s not forget about internal transparency. Internal transparency gives staff a sense of participation in the organization’s goals and aspirations. Sustainable organizations cultivate this sense of belonging among employees.


Risk is the dark cloud of GRC. The potential cost of non compliance can be quite daunting. In terms of information management and sustainability, we can approach risk as ridding ourselves of information that has outlived its usefulness.

Much like the participants in a sustainable environment have a lifecycle, so does information. Risk management ensures this lifecycle is documented and adhered too.


Compliance is an assertive action by regulators to ensure organizations do what they are required to do. What is produced to prove an organization compliant is often the result of an enterprise information search. In some ways compliance is the government’s way of ensuring that organizations manage their information.

Successful organizations facilitate internal and external checks and balances to ensure their information management is compliant and sustainable.

The Benefit of Maturity Models

It’s particularly useful to tackle GRC in steps. Maturity models are quite helpful here. Models are abstractions of the “we are here -- but want to be there” methodology. Much like frameworks, maturity models are flexible so they allow you to be agile in your strategy.

Since governance is the overarching concept, consider building GRC within a people, policies, technology and ERM skeleton. This skeleton will give your initiative both structure and agility. 

Follow our continuing coverage of Information Management Agility including: