• Search

• Categories

  • Change Management
  • Company News
  • Industry Observations
  • Information Security
  • ITAM (Asset Management)
  • ITIL and Service Management
  • RFID
  • Software License Compliance

• Recently Written

  • Managing mobile assets – making it part of your ITAM program
  • Keep an Eye on the Hardware Lifecycle
  • Managing mobile assets – bills
  • Managing mobile devices – email addresses
  • Managing mobile assets - contracts
  • Managing mobile devices - applications
  • Managing mobile assets - SIM cards
  • Managing mobile assets – risks
  • Retiring software assets
  • Quick tips on keeping software licenses organized & updated

• Blogroll

  • Miro Consulting

• Subscription

  •  Blog Articles
  •  Subscribe by Email
  • 

• Archives

  • July 2010
  • June 2010
  • May 2009
  • April 2009
  • March 2009
  • February 2009
  • January 2009
  • December 2008
  • November 2008
  • October 2008
  • September 2008
  • August 2008
  • July 2008
  • June 2008
  • May 2008
  • April 2008
  • February 2008
  • January 2008
  • December 2007

• Members

  • Log in

We have talked briefly about implementing a governance risk and compliance (GRC) framework. Now, we need to address four important practices, or perspectives, that facilitate convergence when taking on any GRC activity.

1.       Get Senior level buy-in - the first step once you have a clearly defined plan is to get support from the senior staff. Once you have their support, and they are clear on the objectives, there will be fewer holdups in the project as they champion the effort.

2.       Don’t rely on the data presented - many organizations put too much focus on the results of GRC experts from audit, risk management, compliance or IT to assess and report on risk and control.  These often lack objectivity and shouldn’t be your focus. Audits and inspection are part of the process, but cannot be relied on as the basis of the framework.

3.       Standardize - although we have said that technology can and should be used to achieve GRC, try to avoid using multiple systems from multiple vendors. Get one solution that will meet all of your needs, it will avoid conflicts between systems.

4.       Keep your eye on the big picture - working in Silos can kill GRC efforts.  With so many different regulating bodies in existence, it is important to recognize synergies between them as you create your GRC framework. Try to avoid focusing on just one set of objectives.  We suggest implementing an internal competency center to create role clarity, eliminate redundant tasks, and enhance collaboration between the GRC leadership team and process owners.

Comments