Governance, risk and compliance – 3 pillars of an effective organization

…with a subtitle of Technology, Process & Organization – The 3 pillars of adoption
Evolving governance, risk and compliance (GRC) management requirements (process) and a raft of new technologies to automate, coordinate, monitor and audit those processes are enabling, or shall I say forcing, significant shifts in organizational structure. While changes within finance, legal, HR, risk and compliance offices are certainly profound, IT organizations have a unique two-front battle on their hands. Obviously, IT has to get its own house in order – document and put into motion an effective and sustained IT governance program. This should not be confused with the second broader and more strategic challenge of application and technology expansion in support of finance, legal and the rest of their internal constituents. The critical importance of sustaining effective GRC programs and the central role of technology as an enabling catalyst makes the successful adoption of GRC technology one of the most important operational challenges of the day.
It is for all of these reasons that I am very excited about the recent work of the Open Compliance and Ethics Group and the soon to be announced OCEG IT Forum.

I have spent much of my time at Gilbane focusing on tracking and measuring technology adoption because it has always seemed obvious that the only true realization of technologies’ value is through its adoption (see case studies within the CTW program at https://gilbane.com/case_studies.html and The total cost of adoption at https://gilbane.com/whitepapers.pl?view=9, etc.). Yet, adoption assessment must not be limited to tracking how individual processes evolve. Rather, it is the evolution of organizational structure to institutionalize those processes that turns out to be a much more significant indicator of successful technology adoption (or lack thereof).
OCEG’s charter is to help companies, auditors, regulators and legislators work together to address all of these organizational, policy AND technology challenges. OCEG recently formed a technology council to focus on the articulation of a reference architecture and to help IT organizations win their “two-front war.”
This member-driven activity is going to be supplemented by an OCEG IT Forum that will offer a multi-component curriculum that will include multiple conferences and publications integrated into a single program. In the interest of full disclosure (and because I am very excited by the project), I have to pass on that I am serving as the OCEG IT Forum 2006 conference chair. We are currently putting together the agenda (that will spread across the year) and I am very interested in suggestions on how to make the content as valuable as possible – send away to sebastian@gilbane.com or sholst@oceg.org. Look for more details in a few weeks including the timing and locations of the connected events in 2006. When I have registration information and more detail that I can pass on, I will certainly post it here.
Some recent news on OCEG comes from Business Finance Magazine where OCEG is included in their annual “Influencers” column. BFM writes
“The recently created Open Compliance & Ethics Group (OCEG), a nonprofit led by chairman and CEO Scott L. Mitchell, has a straightforward, ambitious and timely mission: “to help organizations align their governance, compliance and risk management activities to drive business performance and promote integrity.” The OCEG intends to execute that mission by creating a new compliance vocabulary; its guidelines framework, a draft of which was released for comment last year, is designed to help organizations build effective and efficient compliance functions.” See the entire article at
)