ICT governance, risk and compliance (GRC) momentum allows for consistent and small improvements that will increase adoption and limit resistance to change, says Werner Bornman, head of ICT GRC at Stanlib.
Bornman will elaborate on this during his case study presentation at the ITWeb Governance, Risk and Compliance (GRC) 2015 conference. The event takes place at The Forum, in Bryanston, on 24 and 25 February. Bornman will talk about fast-tracking ICT governance improvements - lessons from the trenches.
He will discuss the approach to defining GRC quick wins, and quantify the benefits of ICT GRC improvements. "ICT GRC should be defined, but it is more important to clearly articulate the approach in order to allow for quicker adoption, efficient roll-out and the reduction in ambiguity of control implementation," he says.
Joining Bornman at the event is Gary Hardy, owner of ITWinners. Hardy will present on the primary governance objective - delivering value. He will discuss the importance of looking at IT governance in the public and private sector context of SA: "Technology, and IT, in particular is one of the most important enablers of economic competitiveness and also public service delivery. However, if we are to use IT effectively and at a reasonable cost, there must be better oversight of investments and ownership by business managers of IT-enabled initiatives. IT governance is important because it focuses on these aspects and drives business and management engagement, and accountability for IT."
Hardy will provide insight into the importance of looking at risk and compliance in the context of delivering value to stakeholders. "Risk management should always be prioritised towards the protection or preservation of value, and stakeholders need to help define those value needs. The potential value or benefit of any recommended risk mitigation actions should also be articulated, so informed decisions can be made regarding investing in these controls.
"Unfortunately, the complexity of IT and the jargon used by technicians often creates a barrier for stakeholders to understand the nature of these risks. The result can be inadequate and expensive solutions and still risk exposure. I don't believe compliance drives value in itself, since it can be a grudge. Sustaining improved practices requires enforcement, a culture of doing things right, driven from the top. Compliance then is just business as usual. That's how the best organisations succeed. I believe when compliance has become the driving force, it is a sign of weak top management," he says.
Click here to find out more and register to attend.
Share