Many organizations are facing sort of a “GRC sprawl”. There are many disparate initiatives for GRC (Governance, Risk Management, Compliance) at various levels of the organization and in different divisions. On the other hand, it is all about enforcing governance, meeting regulatory compliance requirements, and managing and mitigating risks. Access Governance, for instance, is about Access Risk. The only reason to do Access Governance is that Access Risks might result in operational risks, reputational risks, and even strategic risks. Failure in managing access risks even might drive an organization out of business.
Thus, moving forward towards a more integrated view on GRC and cooperation and integration between the various levels and elements of GRC – such as Operational Risk Management, Business GRC, Continuous Controls Monitoring, IT GRC, Security Event Monitoring, or Access Governance – is a mandatory step. This is not about having only one team and solution in place, but it is about defining the interfaces between the various elements of GRC, both from an organizational and technical perspective. One approach on GRC, one approach on managing risk, etc.: Alignment is key to success in real Enterprise GRC.
The panelists will talk about their view on the need for such integration, the approaches to make progress on this, and their overall experience in mastering the challenge of moving forward from GRC sprawl to an enterprise-wide GRC concept.