« News on Sarbanes-Oxley Reform - Summary Recommendations from the Committee on Capital Market Regulation | Main | Sarbanes-Oxley Reform – Who is driving this debate ? »

December 06, 2006

GRC Thought Leaders Gather at OCEG IT Forum

I spent December 4 and 5th participating in the Open Compliance and Ethics Group IT Forum in San Francisco.  For those of you not familiar with OCEG, they are a nonprofit offering comprehensive guidance, standards, benchmarks and tools for integrating governance, risk and compliance (GRC) processes.  Companies participating in the event included SAP, Axentis, Deloitte, Paisley Consulting and Oracle among others.   There was a mix of attendees representing both compliance and information technology functions in leading organizations, consultants, and plenty of GRC vendors in the audience.                                                                                                                         

Some of the common themes discussed at the conference included:

  • There in no one single owner of GRC
  • There is a gap of understanding between IT professionals and those responsible for GRC including compliance, legal, risk managers, and internal audit. 
  • Internal Audit plays a significant role in effectively implementing GRC
  • GRC is the capability that assist the organization to drive to corporate objectives and to stay within boundaries
  • Challenges to effectively implenting GRC include the volume and complexity of regulations, demanding stakeholders, and organizational fragmentation and silos

I found the most interesting part of the conference to be those panel discussions that involved the analysts and actual governance, risk, and compliance practitioners. My personal favorites were the panel discussions that included the audit directors of both Microsoft and Hewlett-Packard.  They both participated on several panels and were very vocal on how their organizations are approaching governance, risk, and compliance.  It was very clear in listening to their comments as well as speaking to other conference attendees that internal auditors are playing a central and leading role in evangelizing the benefits of governance, risk, and compliance in their organizations.                                                                                                                           

Another benefit of the conference was listening to Scott Mitchell discuss some of OCEG's recent publications related to alignment of GRC initiatives and making a business case for integrated governance, risk, and compliance.  OCEG has become a regular contributor to Compliance Week and has positioned itself as a thought leader in the area of governance, risk, and compliance.                                                                                                              

Although a bit light on attendees, the OCEG IT Forum had some good content and was a good overall value from an attendee perspective.

Posted by Mike Rost on December 06, 2006 in GRC Basics |

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/t/trackback/1089906/7151585

Listed below are links to weblogs that reference GRC Thought Leaders Gather at OCEG IT Forum:

Comments

Post a comment

Comments are moderated, and will not appear on this weblog until the author has approved them.

If you have a TypeKey or TypePad account, please Sign In

Enter your email address:

Delivered by FeedBurner

August 2007

Sun Mon Tue Wed Thu Fri Sat
      1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29 30 31  

Categories

GRC Resources

Archives