EMA's 2008 Survey of IT Governance, Risk and Compliance Management in the Real World

Over and over again, the recurring theme of all these aspects of IT GRC management is constant: the strategic value of process - not just empty processes conceived to fulfill some vague best practices ideal, but the processes enterprises actually rely on to define IT governance, assure a systematic approach to risk management across multiple domains, and attain regulatory compliance. The experience of high performers confirms not only the value of a strong approach to defining IT governance and processes for risk control, but also the tools, technologies and techniques that make control real.