Why Risk Management Platforms Fail at Scale, Death by Join in Legacy GRC!

You may have suffered ‘death by join’ and not even know it!

Most of us have done this, maybe even twice. You get into an organization, meet with your stakeholders, gather requirements, pick a risk management framework, and start to look for which platform you are going to use to manage your risk programs. You spend hours configuring, or worse, paying for custom coding to necessary requirements. All looks good to go and you start to use the platform. You begin launching assessments to the first line of defense and feed copious amounts of risk telemetry from your various platforms. You build complex cross-references that start to outline what the risk universe actually looks like. Then the record sets begin to grow, starting slow but growing exponentially, from 100’s of sets to 10’s of thousands or more.

Then it happens! The screen refreshes start to slow down, followed by the inevitable: an audit, a Board Report Out, or worse, a major incident and you have to start to leverage all of your efforts. You go to the reporting engine and start to build out your reports, many of which might require reporting on those cross-references (degrees of separation) three or more levels deep. Holding your breath, you click the run button and the refresh button spins….and spins….and spins. If you’re lucky and the function does not time out, you might actually get a result. If you’re not, you get to start over.

Welcome to what we call in the database world

Read more

Explore the site

More from the blog

Latest News