The basic concept of GRC (governance, risk and compliance) is simple – (1) say what you need to do and make sure everyone knows about it, (2) make sure you proactively look at risks, and put controls in place to mitigate the risks, and (3) monitor the controls you put in place to make sure they are working. In other words, put objectives and policies in place to reflect your strategy and regulatory commitments; periodically review the related risks; ensure that controls are in place, and audit the controls.
Say you work for 'The Wide World of Bananas, Inc.' growing and shipping bananas. Now, when everyone in your company knows why they are peeling bananas, which bananas they should peel, where the fallen peels are, and then consistently walks around them (or picks them up and tosses them into the trash bin) … then you have a company that is shipping a lot of high-grade bananas without falling down too often. Better GRC means better business. Easy.
Of course, growing and shipping bananas is not really that simple. You probably have your own banana plantations, and source some other bananas from third parties. You probably have a facility where you wash and shine all those bananas. You most likely ship those bananas to other countries. There is the IT department, for any self-respecting banana shipper needs 'Big Data' and iPads … and let's not forget the bean counters who really are counting bananas in this case.
In reality, any business looks somewhat like the banana business - with suppliers, suppliers' suppliers, facilities, manufacturing, R&D, quality, IT, finance, HR … and lots of people. And let's not forget all the regulations! Financial reporting regulations, export regulations, data privacy regulations, health and safety regulations … there's probably a good reason behind each and every one of them. Clearly the business of doing business is not simple, and if we are to achieve any measure of success by applying GRC across the board, we need technology. Here's how technology can enable and support GRC, as identified by Vasant Balasubramanian, MetricStream's vice president of product management.
With today's modern solutions, enterprises should be able to transform backup and recovery from a low-level legacy IT function to a modern function delivering continuity and value to the entire business. ... More >>
To mitigate the risks of shadow IT, organizations must demonstrate the necessary agility and high quality of complex service assurance that users are looking for. ... More >>
In order to attract Gen Z talent, employers will need to take into account that this group of the workforce may expect a different set of benefits. ... More >>