Edinburgh, United Kingdom (PressExposure) March 10, 2011 -- GRC is a recent acronym that has quickly spread among the senior management community around the world. Initially this was sparked by the fallout from a number of major corporate governance scandals, including those affecting Enron, Tyco and WorldCom; all of which led to the enactment of the US Sarbanes-Oxley Act and the concept of a more holistic view of Governance, Risk and Compliance. Interest has also grown rapidly in the UK as legislation and compliance requirements have increased.
Traditionally, most organisations ensure compliance with legislation, regulations and standards by instructing each department to determine the requirements for compliance and specify actions and controls to achieve this. Organisations will therefore have a number of organisational departments for business continuity (possibly aligning with BS25999), for IT security (in many cases aligning with ISO27001), for quality management, etc.
They will certainly have risk management carried out by these various departments, all identifying risks and controls and also individually reporting on these. Managing all of this and pulling it all together into a coherent picture upon which business decisions can be made and priorities can be based in an efficient and effective way is a complex challenge.
commissum's Principal Assurance Consultant André Coner noted that as the number of legislation, regulatory and compliance requirements increases, the number of departments involved also increases, each defining their own controls and measures. This silo approach causes each department to "re-invent the Wheel", wasting valuable time and increasing costs while introducing duplication, redundancy and confusion.
commissum's approach to Unified Governance, Risk management and Compliance creates a common source of information. It creates a common model of the organisation; a unified methodology for managing risk, controlling deficiencies and measurement.
Commissum provides a truly unified approach to this challenge. This approach, using our unique GRC tool suite is the foundation for comprehensive Governance, Risk and Compliance Management in organizations of all sizes in any industry. Our GRC tool suite centrally maps all relevant information from supported GRC disciplines, consistently and without redundancies. The solution is modular, providing different departments with targeted support in complying with their individual GRC processes while still providing a unified GRC approach for the business as a whole.
Our GRC tool suite currently includes the following modules:
Information Security Management
IT Service Management
Business Continuity Management
With 20 years of experience, commissum is adept at offering practical advice and recommending cost-effective solutions, to deliver a joined-up, coherent approach to protecting an organisation's information assets through unified GRC.