Building the business case for governance, risk, and compliance programs is a bit harder than it was five years ago when Sarbanes-Oxley loomed and hulking fines were breaking news. These days, the fear factor alone won’t cut it, said compliance experts on a panel for building the GRC business case at Thursday’s Compliance Week 2007 conference.
Rather, justifications for adequate GRC program investment must push diverse buttons, including a more concrete, corporate-wide analysis of benefit, cooperation among different departments who stand to gain from the investment, and perhaps even the notion that doing the right thing is good for business.
