The Risk Ignored – Part 1, Chapter 2: The Risk That Created the Category

The Risk IgnoredThe Risk Ignored - Part 1Knowledge ManagementGRC
Written By John A. Wheeler

It didn't take long. The software market found its opportunity once the Sarbanes-Oxley Act was signed into law. Vendors who had once built their businesses on knowledge management—rooted in workflow automation, document control, and internal collaboration—suddenly had something they'd never had before: urgency.

SOX 404 didn't just create a mandate. It created a narrative.

By late 2003, PwC—a global audit and consulting firm—had appointed a Governance, Risk & Compliance (GRC) Practice Leader, becoming the first major firm to formalize GRC as a branded consulting offering. OpenPages, an enterprise software vendor specializing in compliance and risk management, issued a press release marketing its platform as a "GRC solution." Analysts took the bait. And seemingly overnight, what had been a faltering product category now had a fresh label, a growing audience, and a new group of buyers scrambling to meet audit requirements.

The acronym spread faster than the architecture.

And the risk, ironically, wasn't what these platforms were solving—it was what they were failing to acknowledge.

John A. Wheeler

John A. Wheeler is the founder and CEO of Wheelhouse Advisors, a global risk management strategy and technology advisory firm. A recognized thought leader in integrated risk management, he has advised Fortune 500 companies, technology vendors, and regulatory bodies on risk and compliance strategies.

https://www.linkedin.com/in/johnawheeler/
Sign up to read this post
Join Now
Previous

Operational Intelligence — How IRM Solves Connected Risk Failures
Next

Diligent’s Cyber Risk Report Brings Real-Time Threat Intelligence to the Boardroom