As 2011 draws toward its close, we've taken a look at predictions for next year in the areas of security and technology. We'll wrap things up for the year with a look at what the crystal ball proposes for governance, risk and compliance in 2012. Like their counterparts in the security field, GRC vendors predict a challenge-filled year ahead.

Varonis: Prognosticators at data management company Varonis see next year's governance challenges breaking down into four main areas. First, the decentralization of IT and further empowerment of end users will create governance problems much in the way those forces are expected to create security problems. Data owners will want greater control over access and will demand automation for data analysis.

The expansion of data analytics to include unstructured data residing in such places as servers and email systems will also intensify the need for automation, according to the Varonis crystal ball. To ensure effective data governance, metadata will have to be understood, and this requires intelligent automation.

The third area of governance challenges next year will be in auditing, Varonis predicts. Communications must be traced and if proper audit trails aren't visible, email access may be shut off. Next year may witness organizations shutting down servers if email access activity can't be traced. 

Finally, Varonis anticipates that internal threats will continue to plague the enterprise. Data will continue to be leaked via employees and contractors if access is not better controlled and audit trails aren't implemented. 

Protiviti: Regulatory changes will present some of the biggest compliance challenges, according to consulting firm Protiviti. The challenges will vary, of course, depending on the industry, but for financial services, managing regulatory change will be the top business challenge. For these firms and their audit committees, enterprise risk management will require greater attention in 2012 as risk profiles change and regulators become more demanding.

These firms will also face major challenges in data management and analytics as well as in navigating an increasingly complicated privacy and security arena. For companies outside the financial services industry, regulatory change will also be a Top Ten challenge, but not the first item as these companies will be preoccupied with achieving customer loyalty and managing supply chain risks and rising commodity costs. 

"The top item on a board's audit committee agenda should be to update the company's risk profile to reflect the changing conditions. A lot has happened over the last year--from supply chain disruptions to political and economic uncertainty in many countries," said Jim DeLoach, Protiviti's managing director. "As risk profiles change, companies need to take a fresh look at how well they are managing risks. It's crucial that audit committees are satisfied that action plans are in place to manage the most critical existing risks as well as those that could emerge in the near future."

Compliance 360: Reducing the odds of whistleblowing will become an important focus for corporations and their boards next year as regulators offer new incentives for identifying fraud and abuse, predicts Compliance 360. The Securities and Exchange Commission and the Consumer Financial Protection Bureau have formal bounty hunter programs that offer rewards to whistleblowers. "As these and similar programs begin to hit their strides, compliance officers and their boards of directors will face increasing threats to their internal compliance programs and, ultimately, their institutional brands," the vendor warns.

Governance, risk and compliance will be recognized by the CEO and board as a strategic element, to help preserve the brand and pave the way for smoother interaction with regulators. It will become more important for companies to present evidence that their compliance programs are effective, according to Compliance 360. More regulators will be looking for processes that "distill data." Companies should take proactive steps to share compliance programs with auditors and develop a good reputation, which can help minimize the impact of compliance shortcomings and whistleblowing.

As with the predictions reviewed for security and technology, these peeks into the compliance crystal ball should be taken with a grain of salt. While 2012 is sure to present ongoing challenges in all areas of IT, we have to ask whether they will be as dire as vendors and consultants envision. One thing is certain: IT is going to be more vital than ever in helping businesses solve their problems and embark on new ventures.

Best wishes to you all for a happy holiday season. - Caron