Five Ways to Build a More Effective GRC StrategyBy Samuel Greengard | Posted 2011-09-30 Email Print
Re-Thinking HR: What Every CIO Needs to Know About Tomorrow's Workforce REGISTER >
You can’t navigate the maze of regulation and compliance without a detailed roadmap.
• Think information rather than systems. It’s important to manage structured and unstructured data, including chat and IM streams, Skype, social media, clouds, and mobile devices and data.
• Focus on authentication. Identity management is a key to success in the GRC arena. Multifactor authentication, device identification and transaction monitoring are all increasingly crucial to GRC.
• Automate key processes. The ability to automate regulatory and policy mapping goes a long way toward reducing risk. Experts say it’s important to build systems and processes that address the full spectrum of issues, including privacy.
• Make GRC a business proposition rather than an IT plan. The end goal is to measure and address risk. The best GRC applications cannot replace well-conceived processes and policies. What’s more, it’s critical to separate IT risks from business risks.
• Consolidate systems and efforts. There should be a single point of governance for GRC. Too often, organizations wind up with a tangle of initiatives managed by different managers. An organization might consider appointing a risk manager to oversee all IT and business initiatives and reduce costs.