The basic concept of GRC (governance, risk and compliance) is simple – (1) say what you need to do and make sure everyone knows about it, (2) make sure you proactively look at risks, and put controls in place to mitigate the risks, and (3) monitor the controls you put in place to make sure they are working. In other words, put objectives and policies in place to reflect your strategy and regulatory commitments; periodically review the related risks; ensure that controls are in place, and audit the controls.
Say you work for 'The Wide World of Bananas, Inc.' growing and shipping bananas. Now, when everyone in your company knows why they are peeling bananas, which bananas they should peel, where the fallen peels are, and then consistently walks around them (or picks them up and tosses them into the trash bin) … then you have a company that is shipping a lot of high-grade bananas without falling down too often. Better GRC means better business. Easy.
Of course, growing and shipping bananas is not really that simple. You probably have your own banana plantations, and source some other bananas from third parties. You probably have a facility where you wash and shine all those bananas. You most likely ship those bananas to other countries. There is the IT department, for any self-respecting banana shipper needs 'Big Data' and iPads … and let's not forget the bean counters who really are counting bananas in this case.
In reality, any business looks somewhat like the banana business - with suppliers, suppliers' suppliers, facilities, manufacturing, R&D, quality, IT, finance, HR … and lots of people. And let's not forget all the regulations! Financial reporting regulations, export regulations, data privacy regulations, health and safety regulations … there's probably a good reason behind each and every one of them. Clearly the business of doing business is not simple, and if we are to achieve any measure of success by applying GRC across the board, we need technology. Here's how technology can enable and support GRC, as identified by Vasant Balasubramanian, MetricStream's vice president of product management.
Executives at several top tech firms outline the skills they need now and in the near future, including IaaS and IoT security expertise. Other skills listed may surprise you. ... More >>
Experts predict how cybersecurity will affect and involve our government, policies and politics in 2017. ... More >>
Recent years have seen a significant increase in the remote workforce as developments in technology have given employees the freedom to work anywhere, anytime. ... More >>