Survival of the Most Informed: GRC Comes of Age�How to Envision, Strategize, and Lead to Achieve Enterprise Resilience
This paper shows how IT governance has expanded in scope as the needs of risk management and compliance have multiplied. Therefore, the subject now encompasses governance, risk and compliance. Each element is taken up in the discussion, how management fits in and how GRC encompasses IT programs currently underway or under consideration.
"To create an effective GRC program, organizations need a simple, yet disciplined approach -- a foundation of guiding principles based on leaderships GRC tenets accountability, responsibility, discipline, transparency, independence, integrity and communication. With an effective GRC plan, organizations can become more nimble because their leaders are able to react faster to marketplace conditions and strategic opportunities, armed with more timely business intelligence and insights." This paper provides guidance for organizations considering an IT Governance, Risk and Compliance (GRC) program. It explores how a GRC program can support board and management needs, such as providing them with key converged risk information to better understand the impact of opportunities on strategic decisions or proposed changes in the organization.