Enabling Digital Transformation With Funding

Enabling Digital Transformation With Funding

IF IT’S IMPORTANT, BUDGET FOR IT When leadership issues a corporate mandate, employees are expected to execute on it. But what happens when a mandate is clear, but workers are not given the resources to do the work? During the 2018 Enaxis Leadership Forum, surveyed participants
David

De-Archiving: What Is It and Who’s Doing It?

De-Archiving I first heard the term “De-Archiving” a few months ago on a visit to a few studios in Hollywood. On that trip, I learned that approximately 500,000 feature length films exist in the world. As of 2016, Netflix had just 4,335 movies online, plus
Vidya Phalke

Three Tips To Simplify Governance, Risk and Compliance

Governance, Risk and Compliance

Businesses are under pressure to deliver against a backdrop of evolving regulations and security threats. In the face of such challenges they strive to perform better, be leaner, cut costs and be more efficient. Effective governance, risk and compliance (GRC) can help preserve the business’ corporate integrity and protect the brand, but in an ever-changing technology landscape and with complex, inter-related business operations to manage, implementing GRC can seem like a complex undertaking.

Many businesses still manage operations departmentally, with activities separated by business silos. This can make implementing policies and processes with pan-business reach seem difficult. GRC falls into this category – it has to span all business departments – but it doesn’t have to be such a headache.

Businesses can simplify GRC with these three tips:

1. Don’t boil the ocean

GRC covers a lot of ground – operational risk, compliance, cybersecurity, third party management, auditing and so on – and incorporates hundreds of rules and regulations, dozens of policies and scores of risk management activities.

The trick to simplification is to take it one step at a time; to not try and do everything at once. Anyone attempting to deploy an integrated solution for all GRC activities in one go is courting failure.

Instead, take on two or three activities to be prioritized within an integrated GRC program. A few simple questions about your business processes – how they work, how they can be more effective, and how they can be audited and monitored – will reveal where the priorities lie for efficient GRC.

Many companies start with internal auditing and Sarbanes-Oxley (SOX) compliance for financial reporting. Others with enterprise risk management or operational risk management; still others with IT compliance and policy management.

Developing common frameworks and taxonomies – which is a critical foundation for effective GRC – is simpler begun with two or three key activities. Over time, additional activities can be brought into an integrated GRC program.

2. Develop common frameworks and taxonomies

A valuable benefit of an integrated GRC solution is that different activities – risk management, compliance, auditing and so on – can share information. For this to work effectively, they need to conform to common taxonomies. As well as enabling collaboration, common taxonomies can help identify redundancies so that rationalization can take place. This keeps the system up to date and helps reduce the cost of control testing and risk assessments.

Policies and rules held within common frameworks give companies the control they need for rapid change when it comes about. It’s one thing to embed automation within systems so that, for example, payments over a certain authorization level get the required sign-off before they’re authorized, but what happens after a merger or acquisition? If all those rules are hardwired into individual systems, there’s a whole bunch of work to do to achieve consistency across merged companies. When the rules sit outside individual workflows they can trigger action inside. The set of these rules ‘libraries’ is qualified in the GRC system.

3. Use pre-packaged cloud-based applications

Most vendors offer both on premise and cloud-based application – Going with the cloud relieves the business’ IT infrastructure from supporting the GRC solution. GRC in the cloud helps consign manual processes to the past. Furthermore, future upgrades are simpler with pre-packaged solutions that haven’t been customized.

The cloud approach also ensures that you are set up for real-time Content Integration such as Regulatory Change Management. This is important because GRC is not only about systems and tools but it is also about staying abreast and ahead of the regulatory landscape that is constantly evolving.

Risk and regulation is always evolving. The way businesses manage it cannot stand still either. The future of GRC lies in automation, integrated reporting and a culture of compliance. By heeding the three tips for simpler GRC, businesses can help mitigate risk, minimize compliance firefighting and smoothly manage change wherever it may come from to drive better business performance.

By Vidya Phalke

Vidya Phalke

Vidya Phalke is responsible for MetricStream's technical architecture and strategy. Prior to being promoted to the CTO position, Vidya served as Vice President of Product Management and Engineering where he was responsible for MetricStream's Software Products and Platform Delivery. Starting with MetricStream in 2003, Vidya has been instrumental in developing an industry-leading GRC software platform. Before joining the software industry, Vidya earned a PhD in Computer Science from Rutgers University, where he won two Small Business Innovation Research grants for his research on databases and network optimization.

TOP ARCHIVES

The Digital Economy: Embracing The Latest Technological Advancements

The Digital Economy: Embracing The Latest Technological Advancements

The Digital Economy As you would expect, for any business to achieve successful growth and meet its objectives, it must ...
Cloud Access Management

Identity and Access Management: Advancing to Meet the Changing Needs of Passwords and Governance

Identity and Access Management The identity and access management market continues to grow in a wide variety of industries of ...
How Blockchain Has Unexpectedly Improved Big Data Integrity

How Blockchain Has Unexpectedly Improved Big Data Integrity

Big Data Integrity Blockchain technology was developed to improve the integrity of bitcoin. However, as bitcoin became more popular, its ...
Survey results reveal the biggest Artificial Intelligence challenges

Survey results reveal the biggest Artificial Intelligence challenges

Biggest Artificial Intelligence Challenges We’ve been told countless times over the past few years what an impact Artificial Intelligence (AI) ...
How the Oil Industry Can Benefit from IoT Technology

How the Oil Industry Can Benefit from IoT Technology

Oil Industry Can Benefit from IoT In 2010, the Deepwater Horizon oil tragedy struck and took the nation’s attention for ...

PARNTER LEARNING

$1,499.00Enroll Now

Cyber Security Expert Master's Program

Cyber Security Expert Master’s Program

The course will teach you: Advanced hacking concepts that can help you manage information security better. Architectures of frame cloud data storage and security strategies. You will learn how to use them to find and analyze risks. How to install, ...

$2,899.00Enroll Now

CEH (v10) – Certified Ethical Hacker Training Course

CEH (v10) – Certified Ethical Hacker Training Course

The course will help you: To understand the tactics and methodologies that hackers use to attack and penetrate any network. Understand honeypots, wireless hacking, firewall, and IDS. Become an expert in the hacking concepts, including smartphone hacking, writing virus codes, ...