CA Takes on the Future of GRC

Last week, we pondered the fate of acronyms -- namely GRC. Continuing the conversation, we sat down with CA’s (news, site) Marc Camm, senior vice president and general manager of GRC Products, and Peter Stapleton, senior principal product manager for CA GRC Manager, to discuss their thoughts about what Governance, Risk and Compliance will look like in 2010 and beyond.

Tackling the GRC question, Camm and Stapleton say that GRC isn’t going anywhere anytime soon. With more companies and IT departments managing programs already in place, the next step challenges them to bring most, if not all the data, into one location.

Anything is Better than a Spreadsheet

Of course, there’s always the risk that the term GRC becomes diluted, says Stapleton, but there’s still a good portion of companies keeping track of records using a spreadsheet. The truth is that companies need a solution, so vendors are quick to offer resources that best integrate into a company’s current platform.

For businesses with more than just a spreadsheet, risk management seems to be a driver. Thanks to a diligent focus on compliance during the past 18 months, companies’ needs are shifting into the realm of risk management.

Increased Enforcement = Increased Awareness

The focus on risk management also comes from an increased awareness about enforcements and prosecutions. Whereas once fines cost a mere US$ 250,000, now they are totaling US$ 25 million. Companies are taking notice and trying to employ the best methods to keep them in compliance.

Automation Keeps Costs Down

Another trend Camm and Stapleton identified for companies tackling GRC is cost management. With client costs on the rise, businesses are looking for ways to keep costs static or cut them as best they can. Automation is one of the best ways to keep costs from rising and to increase efficiency by regulating tasks and streamlining goals.

Is Technology a Driver in the Future of GRC?

Recent discussions taking place within the web publishing industry suggest that future technological innovations will transform the industry. We asked Camm and Stapleton if that same was true for GRC. Would technology bring futuristic advancements to the way information is stored and managed?

Yes and no. They say that while technology can help centralize information, the ability to do so has been around for a while. It’s just that companies are now taking advantage of it because their data and compliance needs are maturing. However, technology is helping to replace manual processes, and we can expect to see more automated enforcement, which will help systems keep up-to-date with regulatory standards.

As well, technology has brought cloud computing into the forefront, presenting many new opportunities and challenges. Companies can now work to centralize their data. Information can be shared into different channels without having to be duplicated, but may put their information at risk, making it hard to be in compliance.

Continued Growth Reduces Costs

Overall, Camm and Stapleton maintain that the need for GRC will grow. As more companies adopt better and more reliable GRC solutions, they will reduce redundancies and increases automation, ultimately reducing costs. And that’s a trend we can trust.