The simple fact is every company is "doing GRC". They may call it ERM, or they may not even have a name for it, but all companies have some approach to governance, risk management and compliance.
So says Michael Rasmussen, chief GRC pundit at GRC 20/20 Research. Rasmussen will highlight the importance of looking at what GRC is and how organisations should approach it, during his international keynote at ITWeb Governance, Risk and Compliance 2015. The event will take place on 24 and 25 February at The Forum, in Bryanston.
"An organisation could be doing risk management well, but failing at compliance. Even within organisations, there are often many governance, risk, and compliance functions going in different directions, producing a lot of redundancy and unawareness of gaps," says Rasmussen. "All this comes at a cost to the business of inefficiency, ineffectiveness and lack of agility. Every organisation does GRC in some form. The question is: how mature is the organisation's GRC processes and strategy and how can they be improved?"
Rasmussen will examine the importance of the drivers and trends for GRC impacting organisations. "While every organisation is different, there is much we can learn from each other," he says. "Monitoring the drivers and trends provides us with a barometer of what other organisations are concerned about and doing in the context of GRC. In monitoring GRC drivers and trends, organisations can understand if others share the same challenges and directions as they do, and when they do not, it opens their minds to considering things they might not have thought about, and should be."
Joining Rasmussen at the GRC event is Leishen Pillay, senior associate at Hogan Lovells. During his presentation on IT contracts as a tool of governance with third parties, Pillay will discuss the importance of ensuring consistency in service delivery through the use of governance mechanisms.
"IT contracts often encapsulate complex products, services and projects delivered over a period of time. In order to ensure sustainability and success, it is important to monitor service delivery on a regular basis so as to ensure the parties' expectations are met," he says.
"One component of monitoring is the provision of reports. Depending on their regularity and content, reports can provide a detailed and accurate snapshot of the status of services delivered. If reporting is combined with regular meetings, an opportunity is created to raise, record, ventilate and resolve issues on a regularised basis." In the event that problems cannot be resolved, the problem can be escalated to a person at the appropriate level, with the correct visibility and overall accountability for that service, he says.
"Consistent, problem-free service delivery leads to stable operations," Pillay concludes.
Click here to find out more and register your interest in attending.
Share