VideoHagerty says the issues that dominate the news tend to drive GRC spending. In 2007, information technology risk, particularly that focused on data security and privacy, became a cause célèbre following widely reported thefts of credit-card numbers and breaches of government databases. In 2008, the banking crisis highlighted how irresponsible risk-taking can cause entire organizations to collapse. Thus risk management, increasingly for operational risk, continued to be "the new compliance," as an AMR report put it.
However, compliance could make a comeback, says Hagerty, thanks to the recession. Cash-strapped companies are reviewing all of their investments with a gimlet eye, including their IT portfolios. If they decide "to get back to essentials," he says, they may refocus on the compliance component of GRC, which handles regulatory issues that companies must address.
The next big driver of GRC technology could be environmental initiatives — managing carbon footprints and greenhouse-gas emissions, or implementing a sustainability program. In a 2008 AMR survey of GRC buyers in the United States, Germany, and Japan, only 6 percent said that environmental health and safety compliance was their largest single GRC investment, compared with 23 percent for IT-specific risk management, 15 percent for Sarbox or other financial-governance initiatives, and 14 percent for operational and general risk management. But that balance could change if global warming becomes a larger corporate priority, or if the Obama Administration steps up environmental regulation. — Edward Teach
Reader CommentsDisplaying 2 of 2
John Capobianco
Jan 14, 2009 10:48 AM ET
Compliance cost reduction
Great points here, John. I agree with Forrester's Othersen. Risk and governance concerns were central to the global … more
Mark Adams
Jan 12, 2009 2:39 PM ET
Nobody Gets It
This entire article shows an almost complete misunderstanding of basic risk management and governance, but here are two … more
Post a comment | View all comments