Article BY PROFESSOR SANJAY ANAND,
Chairman of the SOX Institute, The GRC Group
Since 1981, there have been over 114,000 new governmental regulations written in the United States. Most of the regulations passed in the last decade have an IT impact and are industry specific: well-known examples include Sarbanes-Oxley (SOX) Act of 2002, Federal Rules of Civil Procedure (FRCP), Health Insurance Portability and Accountability (HIPAA) Act of 1996, and Gramm-Leach-Bliley Financial Services Modernization Act (GLBA) of 1999.
It's a regulatory jungle out there. When it comes to sorting them out, too often there is not enough cross-expertise among compliance, risk, governance, operations, technology, finance, accounting, and audit personnel. There are literally hundreds of thousands of regulations, and no single organization can keep track of all of them without strategic, integrated and thoughtfully planned Government, Risk, and Corporate compliance (GRC) programs that include automation. Combine all these factors with a traditional mentality of silo'd GRC procedures and manual support processes, and you get an alphabet soup of compliance that no one is comfortable with.
Every federal and public company in the world's industrialized nations face the same regulatory and compliance challenges: quality management, quality improvement, governance and risk management, information management, and project management. Organizations that are either beginning a GRC program or is tuning their existing one will experience a series of common pitfalls, and will need a plan for overcoming them.
Continue...