IT governance, risk management and compliance (GRC) is becoming an increasingly important focus for businesses needing to comply with local and international regulations and best practice standards.
This is according to Mazwi Vezi, IT risk and compliance manager at Mutual & Federal.
He says GRC plays an integral part in achieving business strategic objectives. “IT GRC can provide visibility in the impact of IT (non) performance and compliance in business terms.” He adds that it helps to identify opportunities and manage risk accordingly.
Vezi will speak at ITWeb's IT Governance, Risk and Compliance conference, being held on 3 and 4 February at the Forum, in Bryanston. He will give a presentation defining the business value of IT governance.
According to Vezi, quantifying the financial benefits of implementing IT GRC is very difficult, especially if the role of IT GRC is not properly defined and placed within the organisation.
“Businesses would have to understand their operations well, especially how IT's non-performance impacts their business (financially) and in achieving their strategic objectives.” He adds that the financial benefits of IT GRC can be quantified through accepted ROI.
The business implications of poor or non-existent IT GRC structures and processes include losing business agility, bad relations between IT and business, loss of trust, non-delivery, and project overruns, Vezi points out.
The question of “what happens if we do not do anything” is more important than merely the financial picture of ROI, he argues. At Mutual & Federal, notes Vezi, the company see benefits coming from the governance programme that are not directly translated into a rand value, but are more valuable for the growth of the business.
“Group IT managed to increase business trust, and as an effect, received more cooperation from the business, allowing IT to do even better - a snowball effect that sells like pudding.”
Vezi advises strategically aligning IT to support business goals, and making IT play a proactive role in identifying opportunities and requirements. “Organisations ought to set up structures and a process of prioritising projects, communicating with department managers, and getting buy-in and ownership from senior managers.”
At the conference, attendees will hear first-hand from Professor Mervyn King the implications of King III for their businesses, as well as learn from the experiences of companies already implementing best practices in IT GRC, including Eskom, Edcon, Neotel, and Mutual & Federal.
Share