Scribd Logo
Upload

Welcome to Scribd!

  • 6 views

    Importance of GRC Governance

    Uploaded by

    Salsa Ardila

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    Importance of GRC Governance

    Uploaded by

    Salsa Ardila
    6 views3 pages

    Original Title

    Importance of Grc Governance

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    6 views3 pages

    Importance of GRC Governance

    Uploaded by

    Salsa Ardila

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 3

    IMPORTANCE OF GRC GOVERNANCE

    IMPORTANCE OF GRC GOVERNANCE


    The three GRC principles that support IT governance should be thought of in terms of one
    continuous and interconnecting flow of concepts, with neither G, nor R, nor C any more important
    than the others. Corporate or enterprise governance is a term that refers broadly to the rules,
    processes, or laws by which businesses are operated, regulated, and controlled. The term can refer
    to internal factors defined by the officers, stockholders, or constitution of a corporation, as well as to
    external forces such as consumer groups, clients, and government regulations.

    Exhibit 3.2 shows enterprise governance concepts with an executive group in the center and their
    interlocking and related responsibilities for establishing controls, a strategic framework, performance,
    and accountability. The exhibit shows some of the key concepts within each of these responsibility
    areas. For example, for the strategic framework, there are the elements of corporate planning and
    business activities, risk management, business continuity, IT and network, and internal audit.

    RISK MANAGEMENT COMPONENT OF GRC

    A strong set of enterprise-wide GRC principles and components is necessary, and an effective risk
    management program is a key component of enterprise GRC principles. Risk management must be
    part of the overall corporate culture, starting from the board of directors, all senior officers, to the staff
    that cover the entire organizational structure from the top to the bottom.

    There are four interconnected steps in effective enterprise risk management GRC processes, as
    shown in Exhibit 3.3 and as follows:
    1. Risk assessment and planning

    2. Risk identification and analysis


    3. Exploiting and developing risk response strategies
    4. Risk monitoring
    Risk management should create value and be an integral part of organizational processes. It
    should be part of the decision-making processes and be tailored in a systematic and structured
    manner to explicitly address the uncertainties an enterprise faces based on the best available
    information. In addition, risk management processes should be dynamic, iterative, and responsive to
    change with the capabilities of continual improvements and enhancements.

    GRC AND ENTERPRISE COMPLIANCE


    Compliance is the process of adhering to the guidelines or rules established by government
    agencies, standards groups, or internal corporate policies.

    Adhering to these compliance-related requirements is a challenge for an enterprise and its related
    stakeholders because:
    • New regulations are frequently introduced
    • Vaguely written regulations often require interpretation
    • There is no consensus on best practices for compliance
    • Multiple regulations often overlap
    • Regulations are constantly changing

    Exhibit 3.4 illustrates some issues an enterprise should consider as it attempts to establish its
    scope and approach to GRC compliance.

    A consistent approach on the use of compliance-driven capabilities and supporting technologies


    across an enterprise can provide an enterprise with these potential benefits:
    • Flexibility
    • Reduced total cost of compliance ownership
    • Competitive advantage
    Effective GRC compliance processes help an enterprise to transform its business operations and
    gain deeper insight and predictability from its business information as it addresses regulatory-driven
    requirements. Key business drivers here may include the ability to better manage information assets,
    demonstrate compliance with regulatory and legal obligations, reduce the risk of litigation, reduce cost
    of storage and discovery, and demonstrate corporate accountability.

    IMPORTANCE OF EFFECTIVE GRC PRACTICES AND PRINCIPLES


    An enterprise needs to adopt strong governance, risk, and compliance processes, with the
    objective of establishing an effective GRC program. Strong IT governance programs are very
    important to an enterprise, they should be supported by GRC programs of governance, risk
    management, and overall compliance as well. An enterprise should focus many of its activities
    strongly on these GRC principles.

    You might also like