In the past, I have blogged about implementing an enterprise-wide governance, risk and compliance (GRC) program. To follow-up, here’s a link to a new Axentis whitepaper, “Win As You Go: A Phased Approach to Implementing Enterprise GRC,” that offers information on the benefits and valuable insights for establishing an enterprise-wide governance, risk and compliance program. The paper should help you find your starting place – establish a working conceptual model of all GRC activities in your organization. This information can easily be organized in a grid, with one axis defined by the specific GRC domains the company must address and the second axis defined by the specific processes that must be implemented to meet the requirements of any GRC domain (see below). This grid approach helps the compliance officer assess the GRC challenges and prioritize them so they can be addressed accordingly. Moreover, this approach can routinely be used to address future GRC problems as they emerge and then extend best practices learned tackling those immediate issues to all other areas of the enterprise GRC map.
Enterprise GRC Assessment Grid:
Enterprise GRC Assessment Grid:
I encourage you to share lessons learned.
No comments:
Post a Comment