I have a friend in IT at a Fortune 20 company. He did system upgrade testing (black box, white box, walk around). One day a new version of a subsystem was launched with no testing. How could that be? He called the development manager - "What, no testing?" His answer, "We used stealth testing on this one."
He explained that stealth testing saved a lot of money, a lot of time. They were short on time so they launched first and let help-desk tickets replace pre-launch testing. That was brave but who could test better than users?
So here's another stealth process many of us can benefit from. If you're a small-medium business and can't budget a full-blown G.R.C. product, just buy the "C". If it's a complete compliance system with quality procedures and training, along with the complaint database, reports, etc. YOU WILL RECEIVE GOVERNANCE BENEFITS and RISK MANAGEMENT BENEFITS, DELIVERED BY A STEALTH PROCESS. In other words, it just happens.
If a business implements their first compliance program with a populated CMS containing the procedures and training needed to comply with consumer protection laws and regs (and a complaint database) - and uses all this effectively, that business will evolve organically to develop governance elements and risk management practices into its structure and culture. If you build it these will come. These attributes will be part of your business to a greater extent than before, when you had no Compliance Management System. It's logical, it's one of the best parts of buying and installing your CMS. Does that make you happy? Compliance Umbrella is one company that specializes in the C part of GRC - the only part required by federal law of pretty much everybody that sells anything or transacts business with consumers . . . or is a vendor to these companies.