Building the Right Foundation for Governance, Risk, and Compliance (GRC)

Email     |     Share  
1 | 2 | 3 | 4 | 5 | 6 | 7
Next Building the Right Foundation for Governance, Risk, and Compliance (GRC)-4 Next

Laws, regulations, standards, and then … more regulations

One of the most quoted realities of our times is that we live in an increasingly regulated world. Regulations govern working conditions, pesticides and fertilizers, packaging, shipping, accounting, data - the list goes on. When building out the GRC foundation, it is not important to know all the regulations that your organization is ever going to be subject to. All you need to do at the outset is have a well-defined way of modeling regulations, frameworks, authority documents, standards and citations as well as their relationships to controls, policies, etc. Then, as you expand the scope of the GRC program as well as the extent of your business, it is relatively simple to bring new regulations into scope and do more of what you are already doing with one or two regulations.

In reality, if regulatory compliance is not one of the first cornerstones of your GRC journey, then you just need to be aware that you will put the cornerstone in place at some point in the future and link it to other aspects of your GRC program at that point in time.

Lines of businesses, legal entities, functions, people, business processes, risks, controls, products, projects, programs, strategic initiatives, servers, facilities, suppliers – the business of doing business is complicated. And if we are to create a well-governed and risk-aware organization that reaches for the sky on the shoulders of GRC, then we need a simple and consistent way to handle all this complexity. Furthermore, as with all foundations, creating it requires a solid understanding of what we're going to put on top of it. So, a comprehensive GRC foundation will need to be informed by GRC activities such as policy management, risk management, supply chain governance, IT risk, security, etc., so that it, in turn, can support all these activities with a common framework.

Before we get ahead of ourselves, if you're still wondering what 'GRC' is, then here's a quick introduction to the topic. OK, with that out of the way, let's move on and enlist the help of our friendly neighborhood banana company, 'The Wide World of Bananas, Inc.' to be our role model for the day. "Why 'bananas'" you say? Well, that's easy – because they are yellow, healthy and such a fun fruit! And, like the banana, the business of growing and delivering them to your friendly neighborhood grocer hides more complexity than the surface lets on.

In this slideshow, Vasant Balasubramanian, vice president of product management at MetricStream, takes a closer at building a strong foundation for GRC.

 

Related Topics : A Big Market for Big Data Jobs, Midmarket CIO, IT Management Automation, SharePoint, Technology Markets

 
More Slideshows

Five9RemoteEmployees0x 5 Best Practices to Enable Remote Workers

Recent years have seen a significant increase in the remote workforce as developments in technology have given employees the freedom to work anywhere, anytime. ...  More >>

DataM62-190x128 10 Steps for a Proper Data Governance Plan

Establishing a digital governance plan can be a challenge, but with the right education and tools, the job can be made a lot simpler. ...  More >>

PlexxiITRoles0x IT Roles: The New Faces of Network Infrastructure

The newfound emphasis on tools and service integration is shaping a new crop of industry professionals — the actual faces behind the IT infrastructure. ...  More >>

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.