Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

12 Tips for Implementing GRC

joan Goodchild | July 23, 2012
Driven largely by compliance requirements for the Sarbanes-Oxley Act of 2002, many organisations in the U.S. are adopting GRC tools to help manage their activities in these three areas.

6. It takes a mature organisation with well-defined processes to deal with the workflow capability that a GRC tool provides. The workflow aspect of some solutions may require everyone in the organisation to understand how to use it. The workflow of the product we chose meant that everyone had to learn how to use it, like, for example an organisation's expense reporting tool. That didn't work for us since only a small number of privacy officers were the ones who had the expertise to accurately respond to the survey/questions.

7. Recognise that implementations can take much longer than expected. At the same time, don't be afraid to pull the plug if the implementation isn't going well. You just to make it work because we wanted it to be a success.

Tom Malta, Senior Technology Risk Executive in financial services, including Goldman Sachs, Morgan Stanley, and BNY Mellon:
8. Understand that this is a tool that requires care and feeding. A program around GRC must be in place with proper policies, procedures and workflow. If you don't have procedures and workflow around GRC, it can be easy to use what the tool has built-in.

9. Communicate extensively. Make everyone aware of the phased approach to using the toolset.

10. Getting a good GRC framework in place doesn't have to be all about new tooling -- there are some simple things you can introduce immediately to your program to help manage your risk and compliance initiatives, such as the addition of reporting dashboards tied to (functional or corporate) key risk or key performance indicators (KRI/KPI).

Jeff Bardin, veteran CISO from Investor's Bank & Trust, State Street Bank and Hanover Insurance Group:
11. Perform a proof of concept deploying all modules of the tool as part of the PoC. If the PoC is successful, then you should try to use the instance for your production. If at all possible, following this process helps you cut costs and develop a working toolset quicker.

12. Most GRC tools come with connectors that enable quick integration with other security technologies and data feeds. Use them to reduce time and costs.


Previous Page  1  2 

Sign up for CIO Asia eNewsletters.