GRC isn't one-size-fits-all
Not only does a governance, risk and compliance (GRC) strategy help an organisation manage its overall governance, it's also a vehicle for aligning IT with business objectives.
A comprehensive GRC strategy comes with many benefits, including improved decision-making, elimination of silos, greater unity among divisions, as well as optimisation of IT investments.
However, a GRC strategy isn't a one-size-fits-all.
Gary Hardy, MD of ITWinners & Associates, says choosing a governance framework depends on the organisation's current governance approach and the maturity of its current practice. Frameworks provide suggested guidance, but always need to be adapted for application in an organisation.
"The organisation needs to consider what is driving the need to improve, and where value could best be gained, as well as what would be most acceptable to stakeholders and easiest to apply."
According to Hardy, good governance is about achieving three key outcomes by doing the right things:
- Firstly, to achieve the organisation's performance objectives and create value for stakeholders;
- To avoid significant risks and not destroy value for stakeholders;
- To comply with regulations and contractual obligations.
Hardy will be facilitating a workshop on 'Governance frameworks and implementation', at ITWeb's Governance, Risk and Compliance 2019 conference, to be held on 20 and 21 February at The Forum in Bryanston.
Delegates attending his workshop will gain an appreciation of the available frameworks, as well as real-world tips on how best to apply available guidance to enhance their specific governance approach.