August 31, 2016

Three Tips To Simplify Governance, Risk and Compliance

By Vidya Phalke

Governance, Risk and Compliance Businesses are under pressure to deliver against a backdrop of evolving regulations and security threats. In the face of such challenges they strive to perform better, be leaner, cut costs and be more efficient. Effective governance, risk and compliance (GRC) can help preserve the business’ corporate integrity and protect the brand, […]

Governance, Risk and Compliance

Businesses are under pressure to deliver against a backdrop of evolving regulations and security threats. In the face of such challenges they strive to perform better, be leaner, cut costs and be more efficient. Effective governance, risk and compliance (GRC) can help preserve the business’ corporate integrity and protect the brand, but in an ever-changing technology landscape and with complex, inter-related business operations to manage, implementing GRC can seem like a complex undertaking.

Many businesses still manage operations departmentally, with activities separated by business silos. This can make implementing policies and processes with pan-business reach seem difficult. GRC falls into this category – it has to span all business departments – but it doesn’t have to be such a headache.

Businesses can simplify GRC with these three tips:

1. Don’t boil the ocean

GRC covers a lot of ground – operational risk, compliance, cybersecurity, third party management, auditing and so on – and incorporates hundreds of rules and regulations, dozens of policies and scores of risk management activities.

The trick to simplification is to take it one step at a time; to not try and do everything at once. Anyone attempting to deploy an integrated solution for all GRC activities in one go is courting failure.

Instead, take on two or three activities to be prioritized within an integrated GRC program. A few simple questions about your business processes – how they work, how they can be more effective, and how they can be audited and monitored – will reveal where the priorities lie for efficient GRC.

Many companies start with internal auditing and Sarbanes-Oxley (SOX) compliance for financial reporting. Others with enterprise risk management or operational risk management; still others with IT compliance and policy management.

Developing common frameworks and taxonomies – which is a critical foundation for effective GRC – is simpler begun with two or three key activities. Over time, additional activities can be brought into an integrated GRC program.

2. Develop common frameworks and taxonomies

A valuable benefit of an integrated GRC solution is that different activities – risk management, compliance, auditing and so on – can share information. For this to work effectively, they need to conform to common taxonomies. As well as enabling collaboration, common taxonomies can help identify redundancies so that rationalization can take place. This keeps the system up to date and helps reduce the cost of control testing and risk assessments.

Policies and rules held within common frameworks give companies the control they need for rapid change when it comes about. It’s one thing to embed automation within systems so that, for example, payments over a certain authorization level get the required sign-off before they’re authorized, but what happens after a merger or acquisition? If all those rules are hardwired into individual systems, there’s a whole bunch of work to do to achieve consistency across merged companies. When the rules sit outside individual workflows they can trigger action inside. The set of these rules ‘libraries’ is qualified in the GRC system.

3. Use pre-packaged cloud-based applications

Most vendors offer both on premise and cloud-based application – Going with the cloud relieves the business’ IT infrastructure from supporting the GRC solution. GRC in the cloud helps consign manual processes to the past. Furthermore, future upgrades are simpler with pre-packaged solutions that haven’t been customized.

The cloud approach also ensures that you are set up for real-time Content Integration such as Regulatory Change Management. This is important because GRC is not only about systems and tools but it is also about staying abreast and ahead of the regulatory landscape that is constantly evolving.

Risk and regulation is always evolving. The way businesses manage it cannot stand still either. The future of GRC lies in automation, integrated reporting and a culture of compliance. By heeding the three tips for simpler GRC, businesses can help mitigate risk, minimize compliance firefighting and smoothly manage change wherever it may come from to drive better business performance.

By Vidya Phalke

Vidya Phalke

Vidya Phalke is responsible for MetricStream's technical architecture and strategy. Prior to being promoted to the CTO position, Vidya served as Vice President of Product Management and Engineering where he was responsible for MetricStream's Software Products and Platform Delivery. Starting with MetricStream in 2003, Vidya has been instrumental in developing an industry-leading GRC software platform. Before joining the software industry, Vidya earned a PhD in Computer Science from Rutgers University, where he won two Small Business Innovation Research grants for his research on databases and network optimization.

5 Azure Cost Management Strategies

What Is Azure Cost Management? Azure cost management refers to the practices and processes that [...]
Read more
Steve Prentice

Episode 19: Why AWS Needs to Become Opinionated about FinOps

On today’s episode of the CloudTweaks podcast, Steve Prentice chats with Rahul Subramaniam, CEO at CloudFix [...]
Read more
Katrina Thompson

Why Zombie APIs are Such an Important Vulnerability

Zombie APIs APIs have a lifecycle, the same as anything else. They are born, they [...]
Read more

A.I. is Not All It’s Cracked Up to Be…At Least Not Yet!

Exploring AI’s Potential: The Gap Between Aspiration and Reality Recently Samsung releases its new Galaxy [...]
Read more

AI at the Gate: Navigating the Future of Cybersecurity with SonicWall’s Bobby Cornwell

Navigating the Future of Cybersecurity In the face of the digital age’s advancements, AI’s role [...]
Read more

Azure Free Tier vs. AWS Free Tier: Which Provides More Value?

Cloud computing has become a cornerstone for the digital transformation of businesses. From startups to [...]
Read more

SPONSORS

Interviews and Thought Leadership

Jeremy Smillie

Securing the Future: Insights from DevSecOps Expert, Jeremy Smillie

Welcome to another insightful discussion on CloudTweaks. Today, we have the privilege of delving into the dynamic intersection of DevOps, Security, and Tokenization with a seasoned expert in the field, [...]
Read more
Randy

Karen Buffo, CMO of MixMode, on the Rise of AI in Safeguarding Digital Assets

Welcome to our Q&A session with Karen Buffo, CMO of MixMode, hosted by CloudTweaks. Today, we’ll explore the profound impact of generative Artificial Intelligence (AI) on cybersecurity. As AI takes [...]
Read more

Embracing Governance to Navigate 2024’s Tech Trends

Mastering Governance Strategies for Success The start of a new year is a fitting time for goal-setting, and IT managers [...]
Read more

The Future of Cybersecurity: Insights from Cyber Upgrade’s Founders

AI and Cybersecurity: Innovations and Challenges In the rapidly evolving landscape of technology, where artificial intelligence and cybersecurity shape the [...]
Read more

Digital Solutions for Legal Matchmaking: The Role of AI in Connecting Clients with Lawyers

The Role of AI in Connecting Clients with Lawyers The legal industry is transforming significantly in today’s digital age, embracing [...]
Read more

SPONSOR PARTNER

Explore top-tier education with exclusive savings on online courses from MIT, Oxford, and Harvard through our e-learning sponsor. Elevate your career with world-class knowledge. Start now!
© 2024 CloudTweaks. All rights reserved.