BOSTON, MA--(Marketwire - February 9, 2010) - The companies achieving top performance in
Enterprise Risk Management (ERM) and information technology Governance,
Risk Management and Compliance (IT GRC) have converged their previously
stove-piped risk management practices and reduced associated operating
costs by 6.4%, based on a new study on balancing enterprise risk and reward
published by Aberdeen Group, a Harte-Hanks Company (
Virtually all companies in the IT Security: Balancing Enterprise Risk and Reward study are adopting the strategy to establish an enterprise-wide risk management framework. The greatest differences between the top performers and all others are not in the existence of enterprise risk management initiatives or the length of time they have been in place, but in their execution. For example, the top performers are more likely to integrate the management of risk with the management of other key performance indicators. The research also shows that the majority of all risk management initiatives are still intensely manual: 3 out of 5 of even the Best-in-Class indicated that their overall approach was manually intensive, as did fully 90% of all others. Still, the top performers in the study are 4-times more likely than all others to have invested in centralized, automated systems for GRC.
"Aberdeen's research confirms that ERM and IT GRC frameworks and technologies are invaluable tools, which are being used to help businesses manage successfully in the face of uncertainty and risk," said Derek E. Brink, vice president and research fellow for IT Security, Aberdeen Group. "At the same time human experience, interpretation and judgment, i.e., governance, will always be required. The role of security and audit professionals must continue to evolve, beyond mere protection and even enablement to become true consultants to the business. A risk-based, policy-based approach to balancing enterprise risk and reward makes this possible."
A complimentary copy of this report is made available in part by the following underwriters: Modulo Security (Modulo Risk Manager), TruArx (TruComply) and RSA, The Security Division of EMC (Archer SmartSuite). To obtain a complimentary copy of the report, visit: http://www.aberdeen.com/link/sponsor.asp?cid=6030
For additional access to complimentary Information Technology research, please visit http://research.aberdeen.com/index.php/-information-technology To view complimentary 30-minute webcasts highlighting findings from this and other Aberdeen IT Security research, visit http://www.brighttalk.com/channels/1209/view.
About Aberdeen Group, a Harte-Hanks Company
Aberdeen provides fact-based research and market intelligence that delivers demonstrable results. Having queried more than 30,000 companies in the past two years, Aberdeen is positioned to educate users to action: driving market awareness, creating demand, enabling sales, and delivering meaningful return-on-investment analysis. As the trusted advisor to the global technology markets, corporations turn to Aberdeen for insights that drive decisions.
As a Harte-Hanks Company, Aberdeen plays a key role of putting content in context for the global direct and targeted marketing company. Aberdeen's analytical and independent view of the "customer optimization" process of Harte-Hanks (Information - Opportunity - Insight - Engagement - Interaction) extends the client value and accentuates the strategic role Harte-Hanks brings to the market. For additional information, visit Aberdeen or call (617) 854-5200, or to learn more about Harte-Hanks, call (800) 456-9748.
© 2010 Aberdeen Group, Inc., a Harte-Hanks Company 451 D Street, Suite 710 Boston, Massachusetts 02210-1928 Telephone: (617) 854-5200 Fax: (617) 723-7897 www.aberdeen.com