NEED EXTRA HELP?
Do you need extra expertise on an ad-hoc basis to assist with unexpected challenges and problems?
OPERATIONAL RESILIENCE HEALTH CHECK
When did you last check that your operational resilience processes are fit for purpose?
INSIGHT BLOG
Rethinking GRC
Rethinking GRC: need to take a much more business approach to GRC and not lead with a technology approach.
From Corporate Integrity – Michael Rasmussen:
2012 marks the 10th anniversary since I first modeled a market for technology, content, and professional services and labeled it GRC. It all started with a vendor briefing with a software firm in which they demonstrated an integrated view of controls, policies, and assessments. A light bulb flashed within my head that there is a strategic approach to business combined with services, content, and technology to service it – organizations could achieve an integrated view of information to assist with Governance, Risk Management, and Compliance (GRC). That was February of 2002 and the GRC market was born.
From the beginning I always stated that GRC was about the business first and technology was a foundation for the business to build upon. It was first and foremost about understanding the business – its strategy, risks, obligations, commitments, objectives – and helping the organization manage risk and compliance in the context of business.
Over the years, GRC has grown in conception and understanding. The best thing to happen to GRC was the development of the OCEG GRC Capability Model, and with that the OCEG definition of GRC:
GRC is a capability to reliably achieve objectives while addressing uncertainty and acting with integrity.
What has been a disappointment with GRC and needs us to cause some rethinking is our technology approach to GRC. It is impossible to define GRC as a package of software. There is not one vendor that can be your GRC band-aid and solve your problems. GRC is not a commodity that you buy from a technology vendor.
GRC is what is achieved in the business and its operations. To that point we need to rethink our understanding of GRC technology.
This means that we need to think of GRC in the context of business architecture. To achieve good GRC processes in our environment requires and understanding of what the business is about, how it operates, and how it should be monitored and controlled through information and technology.
More … http://www.corp-integrity.com/grc-fundamentals/rethinking-grc
Sep 20 2012
GRCCategory
- Business Continuity & Pandemic Planning (9)
- Business Transformation (102)
- Change Management (33)
- Compliance (24)
- Conduct Risk (8)
- GDPR (5)
- Governance (4)
- GRC (22)
- IRM GRC Special Interest Group (11)
- Mergers & Acquisitions (M&A) (13)
- News (3)
- Non-Executive Management (NEM) (1)
- Portfolio Management (8)
- Programme & Project Management (9)
- Risk Management (63)
- Solvency II (9)
- Strategy Implementation (34)
- Twitter (2)
- Uncategorized (2)