Governance, Risk and Compliance (GRC) is by no means a new concept to organizations in the healthcare, financial or legal industries, or for the Fortune 1000 and publicly traded companies. For better or for worse, organizations must abide by a myriad of regulations.

In today's economy, however, GRC is taking on a new level of importance in sectors that may not have thought it applied to them before. Strategy Analytics' own research shows that organizations consider 45 percent of their workforce to be mobile--away from their home base more than 25 percent of the time --making GRC, literally, a moving target.

Before I talk about those issues, I thought it might help to provide a general definition of GRC. At the highest level, Governance, Risk and Compliance is a domain where organizations must ensure they operate in accordance with industry regulations, while balancing any internal or external "risks," and ensure that they can govern themselves according to regulatory compliance, while better grasping "the unknown." Let's break down the three pieces:

• Governance: Do you have policies and procedures in place to most efficiently and effectively understand how your business is run? Can you map your business processes, the supply chain, the dependencies and the bottle necks to understand who the key constituents (both in and out of your company) are? How do you go about documenting these processes to make sure you can prove your word to any one or any group who may challenge your business practices?
• Risk: It can take on so many different meanings. There's risk of trade secrets coming out as well as the risk of litigation from partners, competitors, trade organizations and government bodies. There's also the risk of trade disputes, labor disputes, product quality control--never mind disaster recovery and/or business continuity. The key thing to remember here is that risk is omnipresent and that there is almost nothing at this point, in the business world that is "risk free."
• Compliance: HIPAA, Sarbanes-Oxley, OSHA, FDA and JCAHO, the list of acronyms goes on and on. This creates a potential nightmare for companies, or a wonderful business opportunity for the myriad consultants out there who work every day to ensure that your organization abides by industry/government regulations.

From the very basic bullets above, it's easy to see how GRC practices and experts already have a formidable challenge before them, in terms of managing and securing information. However, the challenges above have historically been addressed in the context of immobile information. In the past, data and important files (for the most) part stayed in the four walls of the company's office. There was no Internet. There were no laptops and no remote, home/office workers. There was no mobile professional. In other words, this isn't your father's GRC.

Enterprise mobility is a boon for that increasingly mobile workforce. Today's knowledge worker can conveniently access his email, as well as other applications and information that reside behind a company firewall. With the growing interest in cloud-based solutions, that data need not be behind a company's firewall. Regardless of where the information resides, a knowledge worker is already accustomed to accessing that data via his wireless laptop connection, and is increasingly expecting similar levels of convenience and functionality on his smartphone.

Speaking of smartphones, choices abound. While the BlackBerry remains a popular choice for consumers, new and recent market entrants such as the iPhone, Android and Palm's webOS are providing an increasing number of consumer-friendly choices for people who are looking for one device to meet their personal and professional needs. This consumerization of enterprise mobility, particularly in the context of people expecting to have the ability to bring their individually-liable device into their work setting adds an order of magnitude to the complexities a CIO must wrestle with on a daily basis.

Chaos is the new order. While CIOs have historically been able to leverage the BlackBerry Enterprise Server to implement IT policies for their BlackBerry users, that is simply no longer enough because so few organizations today have a policy that allows only one mobile platform.

Historically, CIOs have decided that if an employee is to have a mobile device, it would be corporate liable and hence controlled by the organization. The consumerization of enterprise mobility, combined with the trend toward individually liable devices has changed the enterprise mobility landscape. CIOs must find the right balance for their organization that ensures that corporate data remains safe and secure at all times, while providing the workforce mobile tools that are not just flexible and convenient, but also meet their personal preferences, needs and persona. Unfortunately, there is no black or white answer. A complete lock down by the IT department will restrict user choice and flexibility. Conversely, allowing employees to do as they please will create chaos. Every organization must find its own shade of gray.

How is your organization managing this conundrum?