Why unify now?
Most pharmaceutical companies have plenty of other technology on their shopping lists. They need good reasons to invest the
time and resources required to create a foundation for enterprise-wide GRC. Here are just a few:
- A firm may have an initiative on its plate that could provide the first step. Considering current issues is key—it may not
be a corporate integrity agreement but it might be sales and marketing related to FCPA, or privacy, or IT governance.
- It's better to prevent fragmentation than to fix it. Companies that don't establish a firm foundation for unified GRC now
will wind up entrenched in fragmentation later.
- The sooner a firm starts, the sooner it begins to regain control. By bringing coherence to GRC efforts now, companies can
start to control costs and resources and lower risks.
- Delays in implementation increase exposure to risk. When individual GRC teams must build their programs from scratch, it takes
them time to create solutions. So companies that unify their GRC programs now will address their exposure more quickly and
- The need is urgent. C-level executives and board members should be willing to support initiatives that substantively reduce
their personal exposure to risk while simultaneously protecting the interests of the business and its stakeholders.
- It won't be that painful. With today's software-as-a-service solutions, enterprise GRC capabilities can be implemented without
huge capital investments in IT. These investments can be leveraged as a firm works down its priority list of GRC initiatives.
Governance, risk, and compliance management pressures are escalating, but companies only have limited resources with which
to respond. To properly allocate those limited resources, to maximize the results they achieve, and to achieve required results
as quickly as possible, it is essential to bring some semblance of order to GRC efforts across the enterprise. Pharmaceutical
companies that bring this kind of organization to GRC will reduce their risk with less effort and less cost than those that
don't, allowing them to devote more of their resources to innovation, opportunity, and bottom-line growth.
Brett Curran is vice-president of GRC and privacy practices at Axentis, Inc., Skylight Office Tower, 1660 West Second Street, Suite 250,
Cleveland, OH 44113, firstname.lastname@example.org
. A former chief compliance officer and technology professional, Curran is a frequent speaker at GRC industry conferences,
a contributor to the Open Compliance and Ethics Group as well as to IBM's Data Governance Council, and a blogger for "Compliance