Data & Spec Sheet January 01, 2013

2013 RSA Archer GRC Summit Key Findings

RSA, the Security Division of EMC, hosted its second-annual RSA Archer® GRC Executive Forum, an invitation-only event attended by more than 50 business leaders responsible for their organizations’ enterprise risk management, corporate compliance, audit, information technology, or security programs (GRC for shorthand).


GRC "integration" continued to be top-of-mind at this year's Forum. Participants typically used this phrase to mean either applying the same GRC solutions across organizational siloes or to pulling outputs of disparate solutions together, to create a unified view of risk management information.

As with 2012's inaugural Forum, GRC program owners from this year's event reported they're creating consistency in their GRC frameworks so that information extracted from different organizational siloes share a common data structure and provide a bigger-picture view of risk and performance.

Another theme carried over from last year's Forum is the idea that GRC may be fading as a discrete discipline. Forum participants reported they're continuing to drive responsibility for risk management into business units.

In contrast with last year's Forum, in which GRC program managers shared strategies for winning board support, the emphasis at this year's event shifted toward winning support for GRC initiatives from business leaders and front-line managers.

Many other trends were discussed at the 2013 RSA Archer GRC Executive Forum. This document highlights recurring themes and important observations from the event.