EMA Addresses Roaring Buzz Around IT GRC Processes and Technologies

Vendors must be more clear, concise and realistic about IT GRC solutions

BOULDER, Colo., June 19 /PRNewswire/ -- Enterprise Management Associates
(EMA), has released a new EMA Advisory Note, IT GRC - Real or Not?, that helps
clarify recent buzz, mounting frustration and rampant confusion that threatens
to undermine the growing need to manage IT risk at a strategic level. Based on
findings from his recent research into real-world IT governance, risk
management and compliance, EMA research director Scott Crawford describes how
a new wave of contrarian naysayers are now challenging GRC itself, and IT GRC
in particular.
    "As compliance mandates continue to proliferate with no end in sight and
IT risks and threats continue to flourish, the terms GRC and IT GRC have
prospered. The result is that these terms have now reached their maximum buzz
level," says Crawford. "With hype at an all-time high, we're now seeing the
inevitable backlash arising from the abuse of these well-meaning concepts."
    Primarily, the new EMA Advisory Note illustrates how IT governance and the
management of risk and compliance in and by IT is, in fact, not a tool or
technology alone. When EMA asked real-world practitioners to offer their
definition of IT GRC, their answers often centered on "people and process"
more than anything else. "Turning process into a strategic asset" was one of
the most arresting definitions offered. In other words, IT GRC as understood
by practicing professionals resembles effective IT Service Management (ITSM)
in support of proactive risk control.
    For those vendors who have placed their bets on calling their technology
"GRC management" or "IT GRC management," the GRC backlash means a showdown.
"These must become clearer -- and more realistic -- about the value they
deliver, and what it is they actually do," say Crawford.
    In most cases, Crawford and his team see "compliance automation" as the
outcome. He says seeing tools in this light makes them more recognizable as
part of a larger trend toward IT process automation. However, in order to
maintain relevance, these tools must now clearly articulate their value and
adapt to changing perceptions, or face the reality that an acronym does not
necessarily make a market.
    Does the GRC backlash mean that GRC or IT GRC are going away? "Not at
all," says Crawford. "At least not the realities of governance, risk
management or compliance, corporately as well as in IT. These trends would not
have emerged at all had the business itself been more proactive in managing a
wide range of risks -- still a major concern in a declining economy, where
some businesses may increase their risk appetite even more just to survive."
    What seems likely is that vendors leveraging the buzz of GRC will be
forced to clarify exactly what they deliver. The role of established
technologies and processes will be called out -- as EMA research shows -- with
emerging technologies either fading from prominence or becoming better defined
as they mature. In the mean time, a progression that began some years ago
seems likely to continue: compliance became what security was; risk management
became what compliance was. "In the last year, GRC became all of these to some
extent. 'Compliance automation' may well be next," says Crawford.
    NOTE TO EDITORS
    For more information or to speak with Scott Crawford please contact Guy
Murrel at gmurrel@catapultpr-ir.com or at 303-581-7760, ext.17.
    About Enterprise Management Associates
    Founded in 1996, Enterprise Management Associates (EMA) is a leading
industry analyst and consulting firm dedicated to the IT management market.
The firm provides IT vendors and enterprise IT professionals with objective
insight into the real-world business value of long-established and emerging
technologies, ranging from security, storage and IT Service Management (ITSM)
to the Configuration Management Database (CMDB), virtualization and
service-oriented architecture (SOA). Even with its rapid growth, EMA has never
lost sight of the client, and continues to offer personalized support and
convenient access to its analysts. For more information on the firm's
extensive library of IT management research, free online IT Management
Solutions Center and IT consulting offerings, visit
http://www.enterprisemanagement.com.
SOURCE  Enterprise Management Associates

Guy Murrel, +1-303-581-7760, ext. 17, gmurrel@catapultpr-ir.com, for
Enterprise Management Associates