There is no doubt that a GRC team is critical and instrumental in bridging the gap between the business and IT (or any other department that takes on the implementation of GRC processes and automation). They are the messengers, not the managers of business processes. They are independent, and ideally span horizontally across many business functions, including IT.
As previously discussed, GRC, though normally referred to as just a platform, is much more in principle. It is a business enabler, and requires careful planning to ensure that it thrives across all business functions, not just IT.
Similar to IT, HR, and other departments, the GRC team is best suited to bridge executive leadership with each of the business functions to:
- Ensure Alignment of business functions with strategic directives
- Provide visibility to business stakeholders in terms of their unique perspectives (example: Compliance team wanting a report on adherence to PCI or HIPAA)
- Measure and report performance of each business function as it a
GRC typically does not belong, nor does it prosper when placed under the IT organization. For it to be truly effective as a shared service, it must understand each business function that it works with, and cater to their needs.
Ultimately, the implementation and customization of a GRC platform lies with the IT organization, but that is a very limited scope of GRC as a function.
About the Author:
Faisal Ansari is a senior executive, a keynote speaker, and most importantly, an experienced practitioner in the domains of Information Privacy, Enterprise Risk, Cybersecurity, and Compliance. Having served global clients across a wide spectrum of industries, Mr. Ansari has also contributed to authorship of several international standards and frameworks from ISO, ISACA, and NIST.
Your Thoughts and Comments:
Author of this Trusted Insight would love to hear from you, and welcomes your feedback, comments, and suggestions to improve this article for the greater good of the business community. You can reach the author at firstname.lastname@example.org.
Thanks for visiting this Trusted Insight. Check out our other articles on this topic, as well as relevant service offering pages displayed on the right side of this article for more information on how we can be a catalyst to the success of your business initiatives.