A GRC program can be instituted to focus on any individual area within the enterprise. However, the three most common areas would be Financial GRC, IT GRC, and Legal GRC. Financial GRC relates to the activities that are intended to ensure the correct operation of all financial processes, as well as compliance with any finance-related mandates. IT GRC relates to the activities intended to ensure that the IT (Information Technology) organization supports the current and future needs of the business, and complies with all IT-related mandates. Legal GRC focuses on tying together all three components via an organization's legal department and Chief Compliance Officer.
Analysts disagree on how these aspects of GRC are defined as market categories. Gartner has stated that the broad GRC market includes the following areas:
- Finance and Audit GRC
- IT GRC Management
- Enterprise Risk Management.
They further divide the IT GRC Management market into these key capabilities. Although this list relates to IT GRC, a similar list of capabilities would be suitable for other areas of GRC.
- Controls and policy library
- Policy distribution and response
- IT Controls self-assessment and measurement
- IT Asset repository
- Automated general computer control (GCC) collection
- Remediation and exception management reporting
- Advanced IT risk evaluation and compliance dashboards
The Burton Group offers a similar market taxonomy , which includes the following segments:
- Financial GRC
- Operational risk management
- General compliance and audit management
- IT GRC
- Enterprise risk management
IT GRC 2008 Annual Survey Report
IT governance, risk and compliance (IT GRC) is about striking an appropriate balance between business reward and risk. The maturity of IT GRC practices for managing reward and risk has a direct impact on the organization. IT GRC encompasses the practices for delivering:
a. Greater business value from IT strategy, investment and alignment,
b. Significantly reduced business and financial risk from the use of IT, and
c. Conformance with policies of the organization and its external legal and regulatory compliance mandates.
While some of these practices involve continuous improvement to quality, others involve practices and capabilities that are known to be effective, along with objectives for what the organization wants to achieve. IT GRC energizes the entire organization to imagine what it can achieve, establishes methods for achieving their objectives, and demonstrates the practices that are proven to work for minimizing business and financial risk.
Fundamentally, IT GRC is about striking an appropriate balance between business reward and risk, enabling an organization to more effectively anticipate and manage business risk while more effectively delivering value for the organization.
IT Governance, Risk and Compliance (IT GRC) 2008 Annual Research Report, assembled from benchmark research conducted with more than 2,600 organizations around the World, reveals the IT GRC maturity profiles, business outcomes, capabilities and practices that are most responsible for influencing and impacting business rewards and risks.****
Analysts disagree on how these aspects of GRC are defined as market categories. Gartner has stated that the broad GRC market includes the following areas:
- Finance and Audit GRC
- IT GRC Management
- Enterprise Risk Management.
They further divide the IT GRC Management market into these key capabilities. Although this list relates to IT GRC, a similar list of capabilities would be suitable for other areas of GRC.
- Controls and policy library
- Policy distribution and response
- IT Controls self-assessment and measurement
- IT Asset repository
- Automated general computer control (GCC) collection
- Remediation and exception management reporting
- Advanced IT risk evaluation and compliance dashboards
The Burton Group offers a similar market taxonomy , which includes the following segments:
- Financial GRC
- Operational risk management
- General compliance and audit management
- IT GRC
- Enterprise risk management
IT GRC 2008 Annual Survey Report
IT governance, risk and compliance (IT GRC) is about striking an appropriate balance between business reward and risk. The maturity of IT GRC practices for managing reward and risk has a direct impact on the organization. IT GRC encompasses the practices for delivering:
a. Greater business value from IT strategy, investment and alignment,
b. Significantly reduced business and financial risk from the use of IT, and
c. Conformance with policies of the organization and its external legal and regulatory compliance mandates.
While some of these practices involve continuous improvement to quality, others involve practices and capabilities that are known to be effective, along with objectives for what the organization wants to achieve. IT GRC energizes the entire organization to imagine what it can achieve, establishes methods for achieving their objectives, and demonstrates the practices that are proven to work for minimizing business and financial risk.
Fundamentally, IT GRC is about striking an appropriate balance between business reward and risk, enabling an organization to more effectively anticipate and manage business risk while more effectively delivering value for the organization.
IT Governance, Risk and Compliance (IT GRC) 2008 Annual Research Report, assembled from benchmark research conducted with more than 2,600 organizations around the World, reveals the IT GRC maturity profiles, business outcomes, capabilities and practices that are most responsible for influencing and impacting business rewards and risks.****
No comments:
Post a Comment