What is a SEP and what has GRC to do with it?
ARIS User Day 2009: The presentation proceeding today's Hand-On Session on our ARIS Solution for GRC started with a humorous analogy. It was claimed that the appliance of a SEP-field is common practice in the GRC community.
A SEP field was first decribed in „The Hitchhikers Guide through the galaxy“ a trilogy of five books written by famous writer Douglas Adams. He introduced a physical SEP field to hide something in plain sight - e.g. a starship on a crowded corner in London. This works on the experience that the human brain simply ignores anything threatening in general but not directly affecting oneself - it's somebody else's problem (SEP)
Actually this is a recognized behaviour more serious sources describe: Somebody Else's Problem (also known as Someone else's problem or SEP) is an effect that causes people to ignore matters which are generally important to a group but may not seem specifically important to the individual. Douglas Adams's description of the effect has helped to make it a generally recognized phenomenon.
In a GRC context one can often note this phenomenon: The individual employee successfully ignores a risk or compliance topic as it is felt that this is something affecting the company but not the employee himself. A process owner is a good example taking care of everything inside his or her process but being unwilling to implement controls asked for by corporate functions as this decreases performance and efficiency of the process. But different to the novel those things do not really disappear even if they are noted as somebody else's problem.
After this almost philosophical digression the participants had the hands-on experience learning how to work with the enhanced survey management functionalities of the latest release of the ARIS Risk & Compliance Manager. The session was completely booked and those sitting on additional chairs had to share screens. After the experience the participants left with several new ideas how to use Survey Management in the GRC context