and ensure profitability against its budget? In this example, you can see the
need to tie in CPM (for planning, profitability, and actuals against budgets)
with GRC (for measuring risk and monitoring regulations).
Although this argument is theoretically compelling to most people, in practice,
CPM and GRC are frequently not integrated.
Understanding obstacles to integration..........................................
The convergence of CPM and GRC faces a variety of obstacles. First of all,
both CPM and GRC are in their early stage of definition and acceptance. Just
a short time ago, CPM and GRC were only addressed by point solutions that
handled a single area, such as managing Sarbanes-Oxley compliance. Now,
point solutions compete with integrated suites that address the whole prob-
lem. The notion of an integrated suite of solutions that addresses both CPM
and GRC is only just starting to appear on the horizon. Many analysts predict
that this convergence will happen quickly and CPM and GRC will soon be
thought of together, but this idea is still in its infancy.
Another obstacle is that the integrated approach may run into organizational
and political barriers. If a department is in charge of GRC, it may not want to
become part of the CPM department, or vice versa. If someone is in control of
a niche function, she may not want to see it integrated into another depart-
ment. This sort of barrier is common to many efforts at improving business
processes.
The tendency to think of GRC, and to a lesser extent CPM, as pass/fail activi-
ties also reduces the appetite for pursuing an integrated approach. The “tone
at the top,” meaning the attitude management expresses about the impor-
tance of an activity, is an important element of a successful program. When
the goal is to focus only on compliance at the lowest possible cost, opportu-
nities for integration are hard to pursue.
Competition for resources can also slow any progress toward pursuing an
integrated approach. CPM and GRC are often seen only to produce enterprise-
wide benefits, which means that it may sometimes be hard to find advocates
for improving these processes. Although high-quality information is of benefit
to every level of a company, unless a specific champion for it emerges at
some level, an integrated approach will not be pursued.
Past efforts at creating dashboards for executives can also be a barrier. Some
of these efforts failed to live up to expectations and left senior executives
with a lasting sense of disappointment. Even though service-oriented archi-
tecture (with its ability to refresh data frequently across the network) and
improved enterprise software makes information more accessible, some
executives are reluctant to pursue such projects because of past failures.