YRC worked with Pricewaterhouse-Coopers to develop a GRC strategy built around reporting relationships and risk analysis rather than software deployment. "We are also looking to expand the use of the Sarbox software we've invested in [from Certus Software]," Churay says, "to embed more controls." But the primary focus is on assessing what kinds of risks can be managed centrally versus handled by specialists.
Ahead of Its Time?
At Burger King Corp., senior vice president of finance Chris Anderson points out that the company has 12 pages of risk factors in its 10-K. "No software package could handle them all," he says. And "compliance" means many things at Burger King, from Sarbox (handled by finance) to food safety and attendant federal regulations (handled by a dedicated unit). "We did find Sarbox compliance software helpful," Anderson says, "but we went with something simple that provided a repository for documents and flowcharts."
PwC's Miles Everson, a partner who leads the company's GRC Services business in the United States, says that companies "often own a lot of the software they need. The focus should be on minimizing the number of discrete oversight functions and integrating their activities."
That, software companies counter, is why GRC software makes sense: it provides the technological underpinning needed to achieve such integration. Perhaps the software is slightly ahead of its time. As KPMG's Mark Goodburn notes, "Historically, companies had two things to manage: people and processes. Then IT came along. Now GRC is entering the picture as a fourth dimension, but it will need time to become an integral part of a company's culture."
Gartner predicts a robust 23.8 percent compound growth rate for GRC software through 2010, but AMR Research sees much slower growth in the near term (see "It's All GRC to Them" at the end of this article). Estimates differ in part because definitions of GRC are as varied as they are fluid. The big question for GRC as a software category is whether the integration that it claims to facilitate is something companies will want to undertake.
Scott Leibs is a deputy editor of CFO.
Reader Comments» Post a comment