Assessment

The Compliance Consortium is a group of software and service vendors that intend to "promote effective and efficient enterprise governance, risk and compliance (GRC) management." The consortium aims to publish GRC materials, influence and contribute to GRC standards and establish GRC conferences and events.

There's no doubt that the wave of new regulatory controls to improve corporate governance and risk management and ensure more transparent financial reporting has thrown a curve ball at end-user businesses and technology vendors alike. The new compliance culture demands that management pay attention to the compliance dimension across a wide range of business management systems including transaction processing, content and records management and performance management.

The Compliance Consortium brings together a collection of niche vendors primarily in the emerging area of compliance management software and associated services. The heavyweight name in the consortium is Hyperion, but what is noticeable is the lack of any charter member from the enterprise-level ERP vendors. This is noteworthy because it is ERP systems that collect and manage many of the transactions and business processes that compliance activity depends on.

Market Impact

Ventana Research warns that these kind of vendor-led groups may have suspect agendas and often have minimal market impact. For example, who remembers the OLAP Council? And as with many such US-led ventures, they tend to ignore the European dimension. The consortium's initial press release makes no mention of compliance with IAS/IFRS, a significant issue for any publicly listed organization in the European Union, Australia and elsewhere. However anything that helps to cut through the compliance hype and clarify best practices has to be welcome, whatever its bias.

Recommendation

Ventana Research recommends that US organizations keep an eye on the activities and membership of the compliance consortium as it develops; particularly if more heavyweight industry players join it and it begins to show real signs of fulfilling its mission of "providing thought leadership, definitions of key components of a GRC framework and standards for integration." Non-US organizations should ignore the Consortium until it shows signs of recognizing that compliance is now a worldwide issue. (www.thecomplianceconsortium.org)