• Join our Communities!

  • Twitter Updates

    Error: Please make sure the Twitter account is public.

  • Disclaimer:

    The information in this weblog is provided "AS IS" with no warranties, and confers no rights. The opinions and interests expressed on this employee blog are the employees' own and don't necessarily represent EMC's positions, strategies or views. Inappropriate comments will be deleted at the authors discretion.

GRC: Another Benefit of A Good Legal/IT Partnership

Jim Shook, Director, E-Discovery and Compliance Practice EMC Corp

Jim Shook, Director, E-Discovery and Compliance Practice EMC Corp

Originally posted by James D. Shook on http://www.kazeon.com/blog

Want some additional job security?  How about a raise?  It seems like one easy way to gain

traction in your job is to learn a new language.  And no, I’m not talking about a foreign language  . . . well, at least not in the usual sense.  Getting legal to “speak IT” – and vice-versa –has another benefit beyond the eDiscovery world.

Governance, Risk and Compliance – or GRC – is a developing cross-functional discipline where companies establish an integrated framework to satisfy governance requirements, evaluate and monitor risk, and track compliance.  This typically requires work across four key domains: IT, operations, finance and legal.  If you haven’t heard of GRC, you may be falling behind – it’s emerging as a top C-suite priority.  But there’s still time – so far, only 20% of respondents in an EMC-sponsored survey by the Ponemon Institute have a clearly defined eGRC strategy.

Even though it’s new, eGRC is already an area where difficulties with cross-functional collaboration and communication creates issues.  In the survey, Dr. Larry Ponemon notes that “Without collaboration across functions – the business is at risk.”

For those of you tracking the eDiscovery space (itself a component of an integrated eGRC plan) – does the cross-functional difficulty sound familiar?  It’s likely that most of the key domains will be able to interact and communicate just fine, they just need to understand the enterprise’s common goals.  But when it comes to Legal and IT working together – I’m not as sure.

Legal and IT have a difficult time working together.  Is it something that can be learned or is it a DNA problem?  The legal department is used to working in very gray areas – very few things are right or wrong, on or off – it’s all about sliding scales like “reasonableness” and “due diligence”.  In contrast, IT deals with specifics – every bit is either backed up or it’s not, and that fifth “9” (99.999%) really matters.  Many lawyers also seem to have a very difficult time – or outright resent — learning enough about IT systems to make them more effective in today’s e-centric world.   In the eDiscovery space, it’s still a rarity to find legal and IT groups that work well together.

And yet there is a big payoff for groups that can meet this challenge.  EMC’s Jeff Bettencourt notes that  “Organizations that truly understand the critical dependencies across domains and can align policies, processes, and technologies, gain greater visibility and control to more effectively manage risk across the enterprise. This can be a key competitive advantage.”

In this new GRC space, challenges abound.  But getting legal and IT together early – just as in eDiscovery –is a strategy that can quickly pay off.

By the way – we’re here to help.  Our new Dummies Books — “EDiscovery For Technologists / EDiscovery For Lawyers” – can help legal, IT (and the business) to better understand the issues that are generally difficult for them.  You can get a free copy here.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: