"Traditionally GRC practitioners were seen as black notebook tick-box specialists who were focused and interested in compliance only. Digitalisation has transformed the GRC domain by offering opportunities and challenges or risks to the GRC practitioners and other role players."
So says Moses Segaetsho,a secretary and board member of ISACA South Africa Chapter and senior manager for IT GRC and Vendor Relationship Management at the Auditor General South Africa.
"For example GRC technology provides many opportunities of automating traditionally manual controls, offering benefits in the form of cost and time efficiencies, transparency and knowledge sharing, audit logging and analytics, and many more. At the same time there are many challenges that digitalisation presents to the GRC practitioners and other role players," continued Segaetsho.
According to Segaetsho, technology innovations come at a faster rate than changes in laws and regulations and thus GRC practitioners are always forced to catch up and deal with this misalignment. "Secondly, the rapid pace in technology requires GRC practitioners to keep up with new skills and most important a mind-set change. Today with the release of COBIT5 and King IV among others, we are witnessing a move from focusing on control objectives to a focus on fit for purpose, measureable outcome based business practises," he said.
The role of GRC practitioners generally and more specifically IT governance practitioners has changed and continues to do so, he elaborates. "This role is evolving from a conformance or compliance role to that of business value creation while not exposing the organisation to undue risk, therefore balancing compliance with principled performance," Segaetsho explains. "Recent developments in GRC frameworks and corporate governance codes like the new COBIT5 and King IV respectively emphasise business value creation by focusing on stakeholder requirements that must be satisfied through principles, practices and achieving very specific outcomes for business," he adds.
"Although the role of IT GRC is not common and fully recognised by most businesses today, it plays a more critical role of trusted business partner and advisor than ever before," he says. "Technology has become a strategic business enabler and IT GRC professionals are taking the lead in guiding business to navigate the digitalised global market place where cyber risks prevail and great opportunities for growing the business abound. Emerging disruptive technologies like bitcoins, fintech, Internet of things and everything, drones, and many more, require GRC professionals who are skilled, knowledgeable and competent in these disruptive technologies and understand they impact business positively and or negatively," he concludes.
Share