BOSTON, MA--(Marketwire - February 9, 2010) - The companies achieving top performance in Enterprise Risk Management (ERM) and information technology Governance, Risk Management and Compliance (IT GRC) have converged their previously stove-piped risk management practices and reduced associated operating costs by 6.4%, based on a new study on balancing enterprise risk and reward published by Aberdeen Group, a Harte-Hanks Company (NYSE: HHS). The top performers eliminated 10% of redundant risk management processes and activities -- the equivalent of a half-day of additional productivity per week for every associated full-time equivalent resource -- and increased by that amount the resources available to work on the organization's strategic, "rewarded risk" initiatives.

Virtually all companies in the IT Security: Balancing Enterprise Risk and Reward study are adopting the strategy to establish an enterprise-wide risk management framework. The greatest differences between the top performers and all others are not in the existence of enterprise risk management initiatives or the length of time they have been in place, but in their execution. For example, the top performers are more likely to integrate the management of risk with the management of other key performance indicators. The research also shows that the majority of all risk management initiatives are still intensely manual: 3 out of 5 of even the Best-in-Class indicated that their overall approach was manually intensive, as did fully 90% of all others. Still, the top performers in the study are 4-times more likely than all others to have invested in centralized, automated systems for GRC.

"Aberdeen's research confirms that ERM and IT GRC frameworks and technologies are invaluable tools, which are being used to help businesses manage successfully in the face of uncertainty and risk," said Derek E. Brink, vice president and research fellow for IT Security, Aberdeen Group. "At the same time human experience, interpretation and judgment, i.e., governance, will always be required. The role of security and audit professionals must continue to evolve, beyond mere protection and even enablement to become true consultants to the business. A risk-based, policy-based approach to balancing enterprise risk and reward makes this possible."

A complimentary copy of this report is made available in part by the following underwriters: Modulo Security (Modulo Risk Manager), TruArx (TruComply) and RSA, The Security Division of EMC (Archer SmartSuite). To obtain a complimentary copy of the report, visit:

For additional access to complimentary Information Technology research, please visit To view complimentary 30-minute webcasts highlighting findings from this and other Aberdeen IT Security research, visit

About Aberdeen Group, a Harte-Hanks Company

Aberdeen provides fact-based research and market intelligence that delivers demonstrable results. Having queried more than 30,000 companies in the past two years, Aberdeen is positioned to educate users to action: driving market awareness, creating demand, enabling sales, and delivering meaningful return-on-investment analysis. As the trusted advisor to the global technology markets, corporations turn to Aberdeen for insights that drive decisions.

As a Harte-Hanks Company, Aberdeen plays a key role of putting content in context for the global direct and targeted marketing company. Aberdeen's analytical and independent view of the "customer optimization" process of Harte-Hanks (Information - Opportunity - Insight - Engagement - Interaction) extends the client value and accentuates the strategic role Harte-Hanks brings to the market. For additional information, visit Aberdeen or call (617) 854-5200, or to learn more about Harte-Hanks, call (800) 456-9748.

© 2010 Aberdeen Group, Inc., a Harte-Hanks Company
451 D Street, Suite 710
Boston, Massachusetts 02210-1928
Telephone: (617) 854-5200
Fax: (617) 723-7897