• Press Release

    July 17, 2012

    Top Executives Say GRC Programs Must Better Align to Strategic Priorities to Meet Board Needs

    RSA Convenes Top Corporate Leaders in Governance, Risk Management, Security and Compliance at Inaugural RSA Archer GRC Executive Forum; Results Affirm Carnegie Mellon CyLab 2012 Governance Report

    BEDFORD, Mass - July 17, 2012 -

    RSA, The Security Division of EMC (NYSE: EMC) released key findings from the RSA Archer GRC Executive Forum it hosted recently, where governance, risk and compliance (GRC) leaders from 34 leading corporations discussed enterprise risk management strategies and best practices. A dominant theme from the forum's executive participants was that corporate boards of directors are taking note of GRC demands and are now looking for greater visibility into the risks that could negatively impact their organizations. Corporate boards are also looking for assurances they're basing risk decisions on trusted information—risk assessments validated by multiple sources within their organizations. To provide corporate directors the visibility and trust assurances they're looking for, forum participants said GRC programs must mature from compartmentalized risk efforts, demarcated by function, geography or business unit, to a unified view that facilitates enterprise-wide risk management and compliance.

    RSA released a key findings document from the executive forum. The findings affirm the results of the recently released Carnegie Mellon 2012 CyLab Governance Report, which also found rising interest in GRC among corporate boards of directors, as well as increased pressure to gain enterprise-wide views of organizational risk.

    Key findings and recommendations from the RSA Archer GRC Executive Forum include:

    • Risk Management Rises to a Board-level Concern – Mounting regulatory and other compliance obligations compel corporate leaders to push for heightened visibility into risks facing their organizations. As a result, GRC program executives represented at the forum report they're spending more time reporting to the board on these topics. Further, corporate directors are concerned about the accuracy and integrity of GRC information and seek assurance that the organization is making sound risk management decisions based on trusted, reliable, representative information.
    • Aligning GRC Goals to Business Priorities Is a Top Priority – Forum participants observed that business executives view GRC more as a comprehensive risk management program than a specific discipline. Successful GRC program owners are adopting the strategic priorities of their stakeholders, and the associated vocabulary, in describing how their GRC program efforts reinforce successful risk management in their enterprises. One participant noted, "Our executive team understands the issues and challenges when we talk about operational risks, not GRC."
    • GRC Programs Must Get a Big-picture View of Risks – GRC program owners at the forum reported risk in their enterprises today is still largely managed in silos. This compartmentalized view makes it hard to make enterprise-wide risk assessments and prioritize mitigation efforts. Many GRC program owners are growing the maturity of their risk programs from a siloed, to a unified approach—a critical stage that one expert characterized as a "make or break" moment for maturing enterprise GRC initiatives.
    • Invest in Unifying GRC Processes and Frameworks – Forum participants agreed that time and energy spent aligning organizational stakeholders to a shared framework for describing and assessing risks is a worthwhile investment. When done right, these shared frameworks provide the freedom for individual stakeholders to meet their own risk management needs, serve as a unifying force to take collective action, and enable the rolled-up views demanded by executive leadership.
    • Measuring GRC Benefits – GRC program owners said they were under pressure to demonstrate to corporate executives and directors the ROI for their GRC programs. While convinced of the return on their investments, members struggle to quantify the value when the benefits are dispersed across a wide range of stakeholders (in efficiency and improved risk-based decision making) but the costs are centralized and visible.

    "As regulatory requirements grow and business risks continue to multiply, GRC becomes more and more challenging, yet more critical to complex enterprises," said Martin Goulet, director, GRC solutions, RSA. "The RSA Archer community is made up of a diverse and dedicated group of GRC professionals who often collaborate to tackle these challenges. This executive forum brought a cross-section of that community together to address pressing GRC issues, as well as share best practices based on real-world situations. This level of sharing is invaluable to both RSA and its customers, and we look forward to continuing this very successful event."

    About Forum Participants

    RSA Archer GRC Executive Forum participants represented a wide variety of industries, including healthcare, finance, telecommunications, media, and insurance. They come from functions as diverse as corporate compliance, audit, and IT security. Most have at least five years of GRC program executive experience, and several have led multiple enterprise-wide GRC program efforts.

    Additional Resources:

    About Dell

    Dell EMC, a part of Dell Technologies, enables organizations to modernize, automate and transform their data center using industry-leading converged infrastructure, servers, storage and data protection technologies. This provides a trusted foundation for businesses to transform IT, through the creation of a hybrid cloud, and transform their business through the creation of cloud-native applications and big data solutions. Dell EMC services customers across 180 countries – including 98 percent of the Fortune 500 – with the industry’s most comprehensive and innovative portfolio from edge to core to cloud.

    Copyright © 2017 Dell Inc. or its subsidiaries. All Rights Reserved. Dell, EMC and other trademarks are trademarks of Dell Inc. or its subsidiaries. Other trademarks may be trademarks of their respective owners.

  • Press Release

    July 18, 2012

    Top Executives Say GRC Programs Must Better Align to Strategic Priorities to Meet Board Needs

    RSA Convenes Top Corporate Leaders in Governance, Risk Management, Security and Compliance at Inaugural RSA Archer GRC Executive Forum; Results Affirm Carnegie Mellon CyLab 2012 Governance Report

    JOHANNESBURG - July 18, 2012 -

    RSA, The Security Division of EMC (NYSE: EMC) released key findings from the RSA Archer GRC Executive Forum it hosted recently, where governance, risk and compliance (GRC) leaders from 34 leading corporations discussed enterprise risk management strategies and best practices. A dominant theme from the forum's executive participants was that corporate boards of directors are taking note of GRC demands and are now looking for greater visibility into the risks that could negatively impact their organizations. Corporate boards are also looking for assurances they're basing risk decisions on trusted information—risk assessments validated by multiple sources within their organizations. To provide corporate directors the visibility and trust assurances they're looking for, forum participants said GRC programs must mature from compartmentalized risk efforts, demarcated by function, geography or business unit, to a unified view that facilitates enterprise-wide risk management and compliance.

    RSA released a key findings document from the executive forum. The findings affirm the results of the recently released Carnegie Mellon 2012 CyLab Governance Report, which also found rising interest in GRC among corporate boards of directors, as well as increased pressure to gain enterprise-wide views of organizational risk.

    Key findings and recommendations from the RSA Archer GRC Executive Forum include:

    • Risk Management Rises to a Board-level Concern – Mounting regulatory and other compliance obligations compel corporate leaders to push for heightened visibility into risks facing their organizations. As a result, GRC program executives represented at the forum report they're spending more time reporting to the board on these topics. Further, corporate directors are concerned about the accuracy and integrity of GRC information and seek assurance that the organization is making sound risk management decisions based on trusted, reliable, representative information.
    • Aligning GRC Goals to Business Priorities Is a Top Priority – Forum participants observed that business executives view GRC more as a comprehensive risk management program than a specific discipline. Successful GRC program owners are adopting the strategic priorities of their stakeholders, and the associated vocabulary, in describing how their GRC program efforts reinforce successful risk management in their enterprises. One participant noted, "Our executive team understands the issues and challenges when we talk about operational risks, not GRC."
    • GRC Programs Must Get a Big-picture View of Risks – GRC program owners at the forum reported risk in their enterprises today is still largely managed in silos. This compartmentalized view makes it hard to make enterprise-wide risk assessments and prioritize mitigation efforts. Many GRC program owners are growing the maturity of their risk programs from a siloed, to a unified approach—a critical stage that one expert characterized as a "make or break" moment for maturing enterprise GRC initiatives.
    • Invest in Unifying GRC Processes and Frameworks – Forum participants agreed that time and energy spent aligning organizational stakeholders to a shared framework for describing and assessing risks is a worthwhile investment. When done right, these shared frameworks provide the freedom for individual stakeholders to meet their own risk management needs, serve as a unifying force to take collective action, and enable the rolled-up views demanded by executive leadership.
    • Measuring GRC Benefits – GRC program owners said they were under pressure to demonstrate to corporate executives and directors the ROI for their GRC programs. While convinced of the return on their investments, members struggle to quantify the value when the benefits are dispersed across a wide range of stakeholders (in efficiency and improved risk-based decision making) but the costs are centralized and visible.

    "As regulatory requirements grow and business risks continue to multiply, GRC becomes more and more challenging, yet more critical to complex enterprises," said Martin Goulet, director, GRC solutions, RSA. "The RSA Archer community is made up of a diverse and dedicated group of GRC professionals who often collaborate to tackle these challenges. This executive forum brought a cross-section of that community together to address pressing GRC issues, as well as share best practices based on real-world situations. This level of sharing is invaluable to both RSA and its customers, and we look forward to continuing this very successful event."

    About Forum Participants

    RSA Archer GRC Executive Forum participants represented a wide variety of industries, including healthcare, finance, telecommunications, media, and insurance. They come from functions as diverse as corporate compliance, audit, and IT security. Most have at least five years of GRC program executive experience, and several have led multiple enterprise-wide GRC program efforts.

    Additional Resources:

    About RSA

    RSA, The Security Division of EMC, is the premier provider of security, risk and compliance management solutions for business acceleration. RSA helps the world’s leading organisations solve their most complex and sensitive security challenges. These challenges include managing organisational risk, safeguarding mobile access and collaboration, proving compliance, and securing virtual and cloud environments.

    Combining business-critical controls in identity assurance, encryption & key management, SIEM, Data Loss Prevention, Continuous Network Monitoring, and Fraud Protection with industry-leading eGRC capabilities and robust consulting services, RSA brings visibility and trust to millions of user identities, the transactions that they perform and the data that is generated. For more information, please visit www.RSA.com and www.EMC.com.

    About Dell

    Dell EMC, a part of Dell Technologies, enables organizations to modernize, automate and transform their data center using industry-leading converged infrastructure, servers, storage and data protection technologies. This provides a trusted foundation for businesses to transform IT, through the creation of a hybrid cloud, and transform their business through the creation of cloud-native applications and big data solutions. Dell EMC services customers across 180 countries – including 98 percent of the Fortune 500 – with the industry’s most comprehensive and innovative portfolio from edge to core to cloud.

    Copyright © 2017 Dell Inc. or its subsidiaries. All Rights Reserved. Dell, EMC and other trademarks are trademarks of Dell Inc. or its subsidiaries. Other trademarks may be trademarks of their respective owners.