The business community spends a lot of time worrying over the hidden costs of compliance and risk management programs--but what about the hidden returns?

Business Executives are looking to find ways to gain far more value beyond risk mitigation or regulatory conformance from the monitoring and policy enforcement technology and procedures they put in place to support compliance program. They just need to know where to look. According to governance, risk and compliance experts, there are a multitude of likely places where enterprises can uncover added value from the compliance investments they've already made.

Let us take the example of IT Security and Compliance. The following benefits add value to a business.

Asset and License Management - Jason Creech, director of policy compliance for Qualys. says he worked with one enterprise that saved close to $2 million simply by eliminating systems that their audit tools had shown had not been logged into in over a year.

"IT GRC programs with precise knowledge of exactly what version software is running on each end-point can give very accurate estimates when planning or justifying an enterprise-wide software upgrades," says Tim "TK" Keanini, chief research officer for nCircle. "This data also helps govern commercial license agreements and effectively monitors open source software deployed on the network."

In this age of stiff penalties and lawsuits meted out by the Business Software Alliance (BSA), the added value that an audit tool that can double as a tool for enumerating not just licensed applications being used, but also unlicensed can pay big dividends in avoiding more than malware risk, Creech says.

"I am sure any organization would want to know how prevalent unlicensed app usage is in their environment before the BSA knocks on their door," he says.

Automated IT Controls - Many organizations today are deploying automated firewall management solutions to comply with requirements set out by mandates like PCI DSS According to Caroline Leies, managing director at MorganFranklin, she once worked with a client that was able to reduce the cost of IT controls by 10 percent as a result of unexpected dividends from compliance-related monitoring.

Network Intelligence and Troubleshooting - Monitoring utilities and Automated Vulnerability Tools like security information and event management (SIEM) tools are great for correlating security incidents, but they're also quite useful as troubleshooting tools during network-wide deployment projects.

Keeping Outsourced Vendors Compliant - With increase in outsourcing and deployment of IT processes to global supply of IT vendors, compliance is a critical factor that is on the mind of the CIO and business leaders. Automated Audit tools and a GRC platform is key to proactively managing risk.

Business Intelligence and Process Improvement - Perhaps the most impactful hidden benefit of compliance programs to the overall bottom line of the business are the analytics that can offer actionable data to improve business processes.


(Adapted from a news on http://www.darkreading.com/compliance/)

Votes: 0
E-mail me when people leave their comments –

You need to be a member of Global Risk Community to add comments!

Join Global Risk Community

    About Us

    The GlobalRisk Community is a thriving community of risk managers and associated service providers. Our purpose is to foster business, networking and educational explorations among members. Our goal is to be the worlds premier Risk forum and contribute to better understanding of the complex world of risk.

    Business Partners

    For companies wanting to create a greater visibility for their products and services among their prospects in the Risk market: Send your business partnership request by filling in the form here!

lead