Optimize Your GRC Program For 2012 And Beyond

This report outlines Forrester's solution for security and risk (S&R) professionals looking to establish a formal risk and compliance management program. We designed this report to help S&R pros optimize their GRC strategy for 2012. Your governance, risk, and compliance (GRC) efforts set the parameters by which your organization achieves performance and meets objectives, so it's no surprise that putting together your GRC plan for the next 12 months can be as difficult as strategic planning for the organization. This process should include careful consideration not just of internal drivers but also the key trends affecting other businesses or agencies in your industry. As you put your plans together, expect the biggest trends in 2012 to include more of a platform approach to GRC product implementations, emphasis on programs for content aggregation and process standardization, continued struggles to include risk earlier in decision cycles, a slow but steady evolution of controls automation, and increasing scrutiny on programs rather than results. Stay on top of these trends by concentrating on GRC fundamentals and not pushing ahead too quickly on program maturity.