Real-World GRC Convergence: Platform Considerations

Email     |     Share  
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11
Next Next

Information Technology (IT) Governance Requirements

IT governance platforms enable companies to align IT strategy with business needs via IT-centric risk and compliance processes. IT Governance platforms should help organizations:

  • Inventory the IT landscape, including assets, processes, services, applications and infrastructure elements.
  • Prioritize and manage IT projects based on balancing strategic objectives with compliance requirements.
  • Develop, maintain, communicate and monitor adherence to IT policies.
  • Implement standard frameworks, including ITIL, COBIT, ISO27002, PCI, GLBA and HIPAA.
  • Highlight the results of IT risk assessments, incidents and threshold breaches in the context of related business products, services and processes.
  • Develop business continuity plans, including checklists, workflow templates, questionnaires, assessments and planning guidance.
  • Test general computing controls and assess the impact of these controls on key business processes.
  • Remediate issues and risks through action plans and tasks generated through automatic email notifications and workflows.
  • Integrate with third-party IT monitoring tools to identify potential IT vulnerabilities that require remediation.

Integration of multiple governance, risk and compliance (GRC) disciplines on a single platform is a laudable goal, and the effort to achieve it by both vendors and their customer organizations is increasing. Notably, within the enterprise GRC (eGRC) space, integration occurs most often among the internal audit, financial controls and enterprise risk assurance functions. Conversely, the compliance function has been less inclined to integrate, due in part to the specific subject-matter expertise required for each of the compliance functions, which makes the broader risk and control sets documented by other groups less relevant to compliance teams.

Still, the Institute of Internal Auditors' (The IIA) position paper, "The Three Lines of Defense In Effective Risk Management and Control" (January 2013), offers valuable insight into why it makes sense to bring these functions together, at least on an aggregated level, even if subsets of information are contained in other source systems. According to the paper, convergence will enable the three lines (operational/business-line managers, risk and compliance functions, and internal audit) to coordinate activities, map assurance functions and perform independent validation.

But significant barriers to the comprehensive and successful integration of GRC technology across numerous groups remain. For example, many organizations continue to depend on multiple GRC technologies to fulfill different and specific departmental needs, and most organizations use different platforms for IT GRC and eGRC. Other obstacles include the lack of a unified GRC framework or a common language, the complexity of existing technologies, the lack of effective change management, and a lack of demonstrable return on investment (ROI).

Achieving convergence in the face of these obstacles requires technology capable of unifying an organization's policies, processes and infrastructure. In this slideshow, Protiviti has identified the key elements of a technology platform capable of doing so.

 

Related Topics : A Big Market for Big Data Jobs, Midmarket CIO, IT Management Automation, SharePoint, Technology Markets

 
More Slideshows

IT_Man85-290x195 Business in the Front, Balance All Around: Working with Gen Z

In order to attract Gen Z talent, employers will need to take into account that this group of the workforce may expect a different set of benefits. ...  More >>

KavaliroITSkills0x 5 Essential Skills for the IT Leader

Successful IT leaders have to have very specific skills, but still know how to run a team, meaning they must master the so-called soft skills that are not taught formally. ...  More >>

ITCareers47-290x195.jpg Finding the Right Employer: 6 Interview Questions

Like Goldilocks, finding a job that's just right can be a challenge. Here are six questions you need to bring to your next interview. ...  More >>

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.