GRC (governance, risk management and compliance) software

GRC software enables an organization to pursue a systematic, organized approach to managing GRC-related strategy and implementation. Instead of keeping data in separate "silos," administrators can use a single framework to monitor and enforce rules and procedures. Successful installations enable organizations to manage risk, reduce costs incurred by multiple installations and minimize complexity for managers.

GRC software implementation typically involves complex installations that include coordination of data between multiple departments, including business, IT, security, compliance, and auditing. Once in place, however, dashboards and data analytics tools allow administrators to identify an organization's risk exposure, measure progress towards quarterly goals or quickly pull together an information audit. Good governance, defined as effective, ethical management of a company at the executive level, is treated as an objectively measurable commodity. Data retention and risk management are converted to similarly measurable metrics.

GRC software can satisfy the needs of multiple stakeholders, including:

• business executives that need to identify and manage risk.
• finance managers assigned to meet regulatory compliance requirements.
• legal counsels grappling with discovery and records retention.
• IT directors managing software installations related to GRC projects across an organization.

Data retention and risk management procedures mandated by the Sarbanes-Oxley Act (SOX), HIPAA, Basel II and regional regulations have all placed unprecedented pressure on IT administrators to coordinate enterprise-wide tracking and organization of compliance measures. As a result, the GRC software category has rapidly become a hotly contested space between industry giants like SAP, Oracle, IBM, CA and a host of smaller startups. Given the complex regulatory burden imposed upon both executives and IT administrators, the tools provided by GRC software will become increasingly important to meeting the new standards.

Read more about GRC (governance, risk management and compliance) software: - OCEG is a nonprofit that provides advice to organizations implementing GRC practices, including guidelines, standards and evaluation criteria for software. - GRC Journal publishes case studies and research designed to help executives understand current GRC market trends. - Linda Musthaler and Brian Musthaler wrote about "Governance, risk management and compliance and what it means to you" at NetworkWorld.com. - Data management expert Michael Rasmussen compares GRC technology with spreadsheets.

Do you have something to add to this definition? Let us know. Send your comments to techterms@whatis.com

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT How the SEC's proposed IFRS will affect your accounting systems As the SEC looks to replace GAAP accounting standards with the international IFRS, CIOs should evaluate the effects on financial data and application... Health care CIOs grapple with e-health record adoption Adoption of the electronic health record and related technology tools for physicians could revolutionize health care. But health care CIOs need to... PCI deadline looms, but standard still packs little punch The PCI DSS 6.6 requirement moves from best practices to requirement June 30. Are you prepared?

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary sustainability risk management (SRM)  (SearchCIO.com) Sustainability risk management (SRM) is a business strategy that aligns profit goals with internal green computing policies. (Continued...)