Understanding RiskBy Samuel Greengard | Posted 2009-08-04 Email Print
In today’s data-centric world, organizations are striving to do a better job of recognizing and containing risks.
Enterprise risk management can touch all corners of an enterprise. However, governance, risk and compliance (GRC) typically addresses four primary challenges:
1 Business Risk: This consists of actual threats to the organization, including its products, services, intellectual property and records. Business leaders must communicate to IT leaders what issues exist and where data might reside.
2 Technology Risk: It’s important to understand what pieces of information need to be protected in what way, so that an organization can build the right IT infrastructure, says Karl Kispert, director of the Corporate Governance Advisory Practice at Huron Consulting Group. System security is also at the core of successful GRC.
3 Legal/Regulatory Risk: An organization must establish processes and systems that match legal requirements, whether that involves an e-discovery system that must comply with an e-mail retention rule or storage and encryption standards for managing credit card data.
4 External Risk: IT must address all external threats related to data storage and retention, as well as information life-cycle management. IT needs to play a central role in protecting and disposing of data properly.