Your How-To on Successful GRC
- Joanna Schloss
- February 27, 2018
However, after all these decades and thousands of human hours, successful GRC continues to elude most organizations. What are the characteristics that power GRC initiatives and how are organizations successfully tackling GRC issues?
Why GRC Is Needed
Inventive criminals are always thinking up new and creative ways to attack the business. You might think that these hackers would serve as a forcing function for changing regulations and technology.
Typically, governments are slow to respond to technology threats; however, in this case the EU has already made two changes to their privacy laws in the last five years in response to cyber activities.
In contrast, companies have been slow to respond to these criminals, perhaps due to the complexity of the problem. Implementing IT and system changes can be challenging. Businesses sometimes want to take a “wait and see” approach with the evolving regulations. Also, business culture and process can be slow to adopt and adapt to changes. But businesses that have been agile and meet the needs of GRC preemptively are much better positioned to weather the ingenious attacks that criminals throw at them.
And with GDPR ratified last summer, how companies interact with EU citizens dramatically changes.
Requirements for Successful GRC
More than most business agendas, GRC truly spans all three dimensions of business — process, culture and technology. These three dimensions often evolve separately from each other. This creates complexity; addressing one dimension at a time creates the illusion of moving forward in tackling GRC requirements. However, the separate requirements often evolve faster than the business is able to address them.
Often the business will find itself exposed, vulnerable and constantly facing loss of every type — monetary, credibility and information. Businesses that must admit to loss of personally identifiable information (PII) data lose customer confidence and trust; a tarnished reputation costs more than money.
So how are successful organizations tackling GRC issues?
What Defines Successful GRC Projects
GRC projects span the entire organization and across all functional boundaries, just as data crosses all boundaries. Some companies have implemented enterprise-wide access control, audit and risk management systems. These projects are designed to both monitor and mitigate risk inside and outside the firewalls.
For example, access control systems allow businesses to see which and how often entities interact with their data systems. This monitoring and visibility of frequency of access empowers IT to take action and address areas of risk before breaches can occur.
The Roles of Transparency and Collaboration
Organizations need to create GRC projects that are transparent across the entire business, and share the discovered insights and risks with stakeholders. Successful GRC projects are also highly collaborative. Users need to address access control, audits or risks, while stakeholders need to share and understand why governance is required. Transparency and communication go hand in hand with collaboration and the need for the business to be able to access all data.
The Keys to Successful GRC Projects
Since all data is needed and all stakeholders are needed for a successful GRC program to thrive, software that allows the business to easily access data and communicate how that data is being used is an essential step to success.
Organizations that have invested in building a collaborative repository, as well as a communications-oriented culture of transparency and accountability have been rewarded with high marks for compliance. These businesses will continue to enjoy the benefits of a trusted relationship with their stakeholders.
Data systems continue to expand and the infrastructure required to build out needed analytics continues to expand. These factors make GRC projects an imperative for long-term success in all organizations. To learn more about applying GDPR compliance to your analytics, download your free white paper.