Content chaos is a hindrance to integrating governance, risk and compliance, but there are steps enterprises can take to better ensure they have a GRC framework, according to Jim Maguire, senior product manager at ASG Software Solutions.

Maguire, who spoke in a June 8 AIIM webinar, noted the scope of the problem: "The typical enterprise has a spaghetti mess...of content inside and outside the firewall." The tangle of content is complicated by a variety of formats--including transaction records, Internet postings and email--and storage locations. Throw in questions about who authored the content, who can access it and which version is correct, and the headache just compounds.

The best solution, said Maguire, is a single content repository that's scalable, searchable and adaptable to a variety of content types, but the ideal is out of reach for most firms. A Forrester study found that 43 percent of firms have at least five content repositories, and more than 25 percent have 15 or more repositories, said Maguire.

Instead of expecting to get all content into one repository, a consolidated view of content can help to unify repositories. Companies may be better served by "looking for the things that are exceptions or out of balance," rather than conducting extensive audits, said Maguire. When content is unified, software can tell if there is inconsistent data and ensure compliance, he added.

Reggie Pool, a legal technology expert and senior consultant with Contoural, also spoke in the webinar, urging enterprises to consider GRC a strategic framework, rather than an obstacle. Getting to that point requires executive buy in. An evaluation process can drive consensus among legal and IT departments about the importance of GRC, he suggested.

Pool stressed that GRC integration is not a single exercise. "It's not over once you've completed your initial analysis," he said. "Continuous monitoring and improvement" is vital.

For more:
- see the archived AIIM webinar

Related Articles:
EMC attempts to simplify, unify governance, risk, compliance
Come on baby, don't fear the content
Addressing IT governance, risk and compliance (GRC) to meet regulatory requirements and reduce operational risk