Governance, risk and compliance which conveniently contracts down to a Gartner compliant TLA - GRC - is one of the hottest topics in the enterprise world today. If the Enron, Tyco and other financial scandals were not enough, the popularity of all things ‘green’ has put GRC close to the top of agenda in many CXO offices. But as always with a new acronym, people want to know what it means.

GRC is not a product in the conventional sense of the word. Unlike ERP for instance, you can’t go down to your friendly software vendor and ask for a GRC package. Instead, you’re more than likely to be offered a bunch of consulting to figure out what GRC solutions can be shoehorned into your existing IT applications infrastructure. What you will find is that vendors are positioning products like business intelligence, SOX management and financial control software as part of the package of stuff they want you to buy. Sound surprised? You shouldn’t be.

One of the big issues companies experience comes from not having good compliance processes in place. Only last week, Dave Turner, marketing director at CODA came up with this ‘sex, lies and embezzlement‘ scandal out of Austria. If it wasn’t true you’d think you are reading a work of fiction:

…a former finance manager found himself at the centre of a sex, lies and embezzlement scandal when he was convicted of robbing a human rights group of $1.8m