By the pace of activity in governance, risk, and compliance (GRC) software, you'd think this was the biggest thing since the cloud: EMC acquired Archer. IBM bought OpenPages. Thomas Reuters bought Paisley. Wolters Kluwer acquired Axentis. Even Standard & Poor's is getting into the game by establishing enterprise risk management criteria for financial institutions, insurance companies, and other corporations.
Now, GRC, enterprise risk management, and compliance software can help IT tackle the difficult and tedious tasks of establishing and coordinating a cohesive risk-based program. But then, so can spreadsheets. In fact, in our survey, when we asked which technologies companies use to run their IT risk management programs and activities, the lowly spreadsheet was No. 1 by a wide margin.
For those just starting out, the spreadsheet is your friend. Begin with a basic risk registry and control library. Get in the habit of documenting and tracking organizational risks and controls before you consider a more comprehensive suite. Compliance software--on premises or software as a service--may be cost-effective for small companies that must be diligent about multiregulatory or multijurisdictional requirements. More comprehensive risk management software systems really come into play for large and/or complex companies.
Rise Of Risk Management
Continue to the sidebar:
Tenets Of Risk-Based Security Management