Large organizations, in particular, struggle with a complex burden of IT policies and controls that can directly affect corporate risk. Almost all enterprises are subject to multiple sets of regulations--upwards of 20 in some cases--that require implementing and managing policies and their supporting controls, , and remediating risks. Regulations may apply across the enterprise or to specific business units.

Partners and business customers, in turn, may require regulatory compliance or adherence to standards such as Cobit or ISO 27001 as a condition of doing business. For your part, vendor management requires you to ensure that suppliers, service providers and so on are adhering to your standards.

Maintaining a strong security and risk posture is problematic. It's difficult to enforce strong change control, identify and remediate gaps in IT controls, manage the audit process and assess threats to your business. Mature companies have some sort of enterprisewide and, in some cases, centralized GRC programs, but are hamstrung by manual, redundant processes.

[CSO Insider registration required]