Business security

Governance, Risk, Compliance and Security: Together or Apart?

The interconnected nature of modern business necessitates a holistic approach to risk. When an organization's governance, risk, compliance (GRC) and security functions are siloed, it's difficult to deal effectively with the total scope and potentially cascading effects of that which can harm the company, its customers and partners. As the pace of business accelerates and operations become increasingly digital, more organizations are forming enterprise risk management (ERM) groups or committees. Not surprisingly, new platforms are helping to facilitate the shift.

"Digital transformation requires a very tightly knit coordination between all of these functions," said Forrester Research Analyst Alla Valente. "We're seeing the growth of an enterprise risk management function and they're taking on responsibility for operational risk, for financial risks, in many cases compliance, and business continuity as well."

Why the various risk functions are fragmented

Company structures tend to differ based on the industry in which they operate, their size and their organizational philosophy. Many businesses have expanded the C-suite over the past couple of decades to include some combination of chief security officer (CSO)/chief information security officer (CISO) chief privacy officer (CPO) and chief risk officer (CRO).