Lines of businesses, legal entities, functions, people, business processes, risks, controls, products, projects, programs, strategic initiatives, servers, facilities, suppliers – the business of doing business is complicated. And if we are to create a well-governed and risk-aware organization that reaches for the sky on the shoulders of GRC, then we need a simple and consistent way to handle all this complexity. Furthermore, as with all foundations, creating it requires a solid understanding of what we're going to put on top of it. So, a comprehensive GRC foundation will need to be informed by GRC activities such as policy management, risk management, supply chain governance, IT risk, security, etc., so that it, in turn, can support all these activities with a common framework.
Before we get ahead of ourselves, if you're still wondering what 'GRC' is, then here's a quick introduction to the topic. OK, with that out of the way, let's move on and enlist the help of our friendly neighborhood banana company, 'The Wide World of Bananas, Inc.' to be our role model for the day. "Why 'bananas'" you say? Well, that's easy – because they are yellow, healthy and such a fun fruit! And, like the banana, the business of growing and delivering them to your friendly neighborhood grocer hides more complexity than the surface lets on.
In this slideshow, Vasant Balasubramanian, vice president of product management at MetricStream, takes a closer at building a strong foundation for GRC.
Much like mass-produced foods filled with ingredients no one can understand, "junk food" IT can make a company sick and sluggish. ... More >>
Five technology and operational trends that will help corporate IT organizations deliver better business outcomes via the optimal use of technology. ... More >>
One of the most common things holding back many people from reaching the success they deserve is the fear of failure. ... More >>