The basic concept of GRC (governance, risk and compliance) is simple – (1) say what you need to do and make sure everyone knows about it, (2) make sure you proactively look at risks, and put controls in place to mitigate the risks, and (3) monitor the controls you put in place to make sure they are working. In other words, put objectives and policies in place to reflect your strategy and regulatory commitments; periodically review the related risks; ensure that controls are in place, and audit the controls.
Say you work for 'The Wide World of Bananas, Inc.' growing and shipping bananas. Now, when everyone in your company knows why they are peeling bananas, which bananas they should peel, where the fallen peels are, and then consistently walks around them (or picks them up and tosses them into the trash bin) … then you have a company that is shipping a lot of high-grade bananas without falling down too often. Better GRC means better business. Easy.
Of course, growing and shipping bananas is not really that simple. You probably have your own banana plantations, and source some other bananas from third parties. You probably have a facility where you wash and shine all those bananas. You most likely ship those bananas to other countries. There is the IT department, for any self-respecting banana shipper needs 'Big Data' and iPads … and let's not forget the bean counters who really are counting bananas in this case.
In reality, any business looks somewhat like the banana business - with suppliers, suppliers' suppliers, facilities, manufacturing, R&D, quality, IT, finance, HR … and lots of people. And let's not forget all the regulations! Financial reporting regulations, export regulations, data privacy regulations, health and safety regulations … there's probably a good reason behind each and every one of them. Clearly the business of doing business is not simple, and if we are to achieve any measure of success by applying GRC across the board, we need technology. Here's how technology can enable and support GRC, as identified by Vasant Balasubramanian, MetricStream's vice president of product management.
While an EHR is supposed to automate and streamline the clinician's workflow, most systems are not living up to the promise. ... More >>
Project management offices (PMOs) must operate in such a way that they demonstrate that they can support and add to the wider organization and its strategic goals. ... More >>
Six common challenges health care executives experience when it comes to data governance and how they can overcome them. ... More >>