Last June, a group of 10 vendors formed The Compliance Consortium. Its mission: To publish governance, risk and compliance (GRC) best practices and reference architectures; to influence and contribute to GRC-related industry and computing standards; and to establish conferences and other professional events focused on governance, risk and compliance topics.The companies-Approva, Axentis, Hyland Software, Hyperion, Intuition, Jefferson Wells International, Navigant Consulting, The Network, Corpedia and Staffware-formed the consortium because their customers, flooded with marketing hype, were asking them for guidance on what technologies they needed to develop a best practices compliance program.
"Many of us knew each other and had done business together," says Ted Frank, chairman of the consortium and president of Axentis LLC, a Warrensville Heights, Ohio-based enterprise compliance management software firm. "So we all sat around a table one day and said, 'This market desperately needs a standard-a reference architecture. And, while none of us alone provides the complete architecture, we certainly have enough knowledge to put together a good solid approach to managing enterprise risk and compliance.'"
The framework, which the Consortium was developing at press time, will be based on the United States Sentencing Commission guidelines, he says. These include several basic elements: consistent communication; auditing, monitoring and reporting; and uniform enforcement.
These three pieces to the puzzle provide a consistent operational approach, according to Frank. "Then, a company can establish a technical architecture that provides the same consistent use of its tools." For example, if a company uses one technology to distribute its code of conduct, it makes sense to use that same tool to distribute the company's internal control policy.
At press time, Frank expected the consortium to announce new member organizations and publish its operational framework around April. For more information, visit the group's Web site at www.thecomplianceconsortium.org.
