Businesses are now increasingly recognising the futility of addressing compliance requirements in isolation. However, most companies are still failing to create an integrated approach to the disciplines of governance, risk and compliance and have no complete view of organisational risk. In fact, any organisation that can address even the Top 25 most critical business processes and associated assets – and identify the financial, operational and legislative implications associated with compromise in one of these areas – will be in a far better position than 95% of UK firms.
Instead, piecemeal policies for addressing each regulation or requirement in turn are resulting in duplication, confusion and the excessive use of skilled resources. This approach is creating a compliance burden that’s in serious danger of undermining profitability and constraining critical innovation and development.
However, over the past decade standards bodies have invested heavily in creating important standards for risk management and compliance designed to minimise corporate risk. Yet in too many cases, organisations simply cannot implement these standards due to the lack of accurate, up-to-date information.
There is now a growing acceptance that, with little or no co-operation between those tasked with governance, risk and compliance, organisations are missing a huge opportunity to leverage commonality and drive down the cost of achieving compliance.
The real value can only be derived by providing an effective framework for collecting information, and then using that information to support pro-active risk management for the entire global operation.
Taking this approach means that organisations can evolve beyond box-ticking compliance activity delivered by a dispersed set of security professionals. Rather, by creating a business-wide risk management strategy that provides real-time understanding of the financial, operational and legislative implications of security incidents, UK Boardrooms might finally prove that they can indeed deliver tangible value.
Stephen Hall
Managing Director
Information Governance
