Around RSA

Stirring Up GRC Ghosts at RSA Charge 2016

Nov 01, 2016 | by Steve Schlarman |

We held RSA Charge 2016 in New Orleans, the week prior to Halloween, in the "most haunted city in America" - and what a phenomenal turnout! We were thrilled to have more 2,000 attendees register and join us in person to share best practices for GRC, security and business risk management. The conference proved again a fantastic venue for our customers and partners to gain invaluable insights from their peers and subject matter experts alike. And the stories shared at RSA Charge are just a small sampling from the more than 1,300 organizations who have implemented Archer.

The spirits of RSA Archer gatherings past - this being our 13th year of bringing RSA Archer customers together - gave us the opportunity to look at how much the industry has grown and how GRC is shifting. Risk and compliance management is out of the shadows, transitioning from a functional role to an enterprise-wide strategic perspective. Looking at the "Ghosts of GRC Past, Present, and Future" helps provide perspective on the continuing growth and transformation of this increasingly business-critical practice.

  • The "Ghost of GRC Past" hearkens back to the days when organizations were trying to keep up with new regulations and emerging compliance requirements. GRC was anything but a strategic program for the business during this period, focusing on very discrete problems and a few, select processes. RSA Archer was there in 2000 at GRC's beginning, as companies began investigating technology enablers.
  • The "Ghost of GRC Present" shows us where we are today - with companies formally adopting practices based on industry and international standards, implementing combined strategies to tie together data and consolidate processes, and instituting frameworks to guide procedures. While technology is a cornerstone of risk management strategies, many organizations still have "skeletons in their closet" - pockets of disconnected risks that can cause serious damage.
  • The "Ghost of GRC Future" looks ahead, where we can assume that there will be a growing emphasis on determining how risks impact your company's overall performance. The very strategies that fuel your company's growth are the same initiatives that introduce more risk into your organization. In the future, and even now, GRC can no longer be considered separate from business strategy and objectives, and will need to evolve, to become Business Risk Management.

Business Risk Management is more than connecting dots - it's anticipating where the next dot will be. That means gathering the right information from the right sources to get the complete risk picture you need to analyze and predict your risk landscape, rather than merely survey it. Clearly, it's time for the "Ghost of GRC Past" to be laid to rest. It's time to evolve to beyond GRC to Business Risk Management.