Most of the organization till date view the risk, governance and compliance in Silo resulting in miscommunication, inter-departmental tensions and lack of integrated approach which mostly results in inefficiencies. GRC approach addresses this concern and presents a holistic model which addresses the issues in the following manner:
Implementing the GRC may not be cakewalk for many of the organizations.
There are a few challenges that are required to be addressed by every organization before the implementation of GRC
1. Integrated Approach
Integration and cross-enterprise coordination is an essential part of successful implementation of GRC. It is important for an organization to have a comprehensive framework. There is a high possibility that each department may address their individual goals with consideration of organization as a whole. GRC will provide an integrated approach with data insight which will help organizations to make well-informed decisions.
2. Automation
Many of the organization use manual processes or semi-automatic processes. Use of the manual/semi–automatic processes are subjected to human errors and in many cases, may result in inefficiencies. It limits the organization’s capability of data collection and monitoring. Sometimes, it becomes difficult to locate the required documents.
3. Ethics and work culture
Work culture and the Ethics of the organization could be a barrier and many of the employees may to reluctant to share the data across the departments. Once the GRC is implemented in any organization, it is important to update and maintain the framework established. Mitigation of risk and ensuring the compliance demands the efforts of all stakeholders and it is an ongoing task. It is important for the management to ensure that the organization is committed and it understands and supports the GRC strategy.
4. Adopting changing technology
The way the technology is adopted, changes the method in which the work is done. Post pandemic, organizations are readily adopting the cloud computing resulting in major changes to the organization structures, networks, access control systems and securing the attack areas. Adopting GRC framework will require adaptability of new paradigm.
Steps to be taken by organizations for implementation of GRC
1. Establishing the requirements
This step includes creating roadmap for continual improvement and prioritizing the organization’s exposure to various risks and compliance issues. For establishing the requirements, it is important to consult the operating executive and management to gain an understanding for the GRC implementation. A comparison has to be done between the existing practices and the GRC objectives. This will allow the organization to establish long-term goals incorporating industry or regulatory requirements that applies.
2. Selection of Technology
The organization should identify which technologies can improve their existing business model. This process may involve time and it may be a costly affair. It is important to understand the tasks which can be automated and the security issues or the control gaps which need attention. In an ideal situation, there has to a single solution for all the company’s GRC requirements.
3. Integration of various existing software
Various software which may be working in silos needs to the integrated. This process would involve tracking the areas which result in duplication of processes. For the implementation of GRC, internal roles and responsibilities of employees has to be defined for the implementation of GRC.
CAclubindia
