Conference track sessions and talking heads may tout the importance of instituting technology-backed governance, risk and compliance (GRC) processes that integrate the 'G,' 'R,' and 'C' together. But the truth is that when the rubber meets the road, most organizations still only use GRC platforms for a single domain. In order to get the most out of their GRC technology and their risk management programs, organizations still have a lot of work to go in developing more comprehensive and harmonized risk measurable, and brining IT risk professionals together with enterprise risk stakeholders to ensure the whole team is on the same page. "I think people aren't getting the most bang for their GRC buck from their solutions because they still remain underutilized," says Scott Wisniewski, head of the GRC technology practice at consultancy Protiviti. "They're focusing more or less on a single domain--just for Sarbanes Oxley compliance or internal audit and so on--instead of bring in other di... Read full story on Dark Reading


Post a comment to the original version of this story on Dark Reading