GRC Programs: Building the Business Case for Value

Email     |     Share  
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12
Next GRC Programs: Building the Business Case for Value-10 Next

Building a Roadmap

There are many considerations that come into play when developing a GRC program roadmap that has multiple tracks that may span several years, each of which will yield a different stream of benefits. Each initiative will have its own project dependencies, charters and critical milestones. When planning, consider the following:

  • Build initiatives and apps that will provide the fastest ”time to value”
  • Understand dependencies and prerequisites and think about how shared GRC information will expand with each project initiative.
  • Leverage new information available across dashboards and metrics to realize more value and wider adoption.
  • Consider new apps and leave room for innovation.
  • Understand the organization's information technology roadmap and build new features or data that may be integrated with upgrades from source systems.
  • Leverage new information and best practice content that can be used as a reference as it becomes available.
  • Remember to build in time to take in new risk platform and app features.
  • Create both a 12-month action plan and a multi-year view to match to the planning horizon (two to three years), including project dependencies, charters and critical milestones.
  • Plan for onboarding new stakeholders into governance and working groups with each new initiative.

Governance, risk and compliance (GRC) management is becoming increasingly integrated across a wide and expanding set of use cases — moving beyond traditional risk management and into regulatory compliance, audit, third-party management, ethics and compliance, privacy, quality management, environmental health and safety, cybersecurity, business resilience and more. In OCEGs' 2015 GRC Maturity Survey, over 50 percent of organizations surveyed stated they are executing on an integrated GRC vision and over 80 percent claim that benefits realized have met or exceeded their expectations.

The core promise of a GRC program that integrates needs across all stakeholders is better business performance – a prerequisite for survival in today's highly competitive world. As a result, leaders across the enterprise are asking for help in setting the vision, plotting the course and implementing integrated programs that deliver real value to all organizational units. While many organizations have seen benefits from their GRC investments, building the case for business value is fundamental in getting commitment to put a high-value, sustainable GRC program in place.

Experience shows us that those organizations that manage GRC as an integrated program — involving people, processes and technologies — are more successful in delivering value to their organizations than those that simply focus on deploying technology or processes alone. An effective GRC program helps to accelerate organizational readiness and improve business performance by focusing equally on people, processes and technology. Successful programs effectively address the core elements of strategy, design and implementation — often running key initiatives concurrently in multiple work streams, each at different stages of completion.

In this slideshow, Yo Delmar, MetricStream, provides practical advice that organizations can leverage, whether building a business case for integrated GRC or expanding an existing program into a new domain. The slideshow covers key benefits and considerations when launching a GRC program, conversations that you must have with stakeholders on their GRC needs, how to factor maturity and readiness of use cases into the overall business case, the importance of grounding a business case in a realistic roadmap and finally, putting it all together in a living benefits statement.

 

Related Topics : A Big Market for Big Data Jobs, Midmarket CIO, IT Management Automation, SharePoint, Technology Markets

 
More Slideshows

IT security skills 7 Top Skills for Security Pros

Executives at several top tech firms outline the skills they need now and in the near future, including IaaS and IoT security expertise. Other skills listed may surprise you. ...  More >>

142x105itbeusasecurity2.jpg 9 Predictions for Cybersecurity’s Role in Government and Politics in 2017

Experts predict how cybersecurity will affect and involve our government, policies and politics in 2017. ...  More >>

Five9RemoteEmployees0x 5 Best Practices to Enable Remote Workers

Recent years have seen a significant increase in the remote workforce as developments in technology have given employees the freedom to work anywhere, anytime. ...  More >>

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.