Governance, risk and compliance (GRC) — the very words cause groans among employees and leadership alike. They conjure thoughts of expansive spreadsheets and endless meetings where acronyms like KRIs and KPIs are bandied about. Quite often, GRC exercises are seen as a waste of time or the purview of the CFO and internal audit.
But this is not the case. With regulatory obligations and penalties for non-compliance increasing, CIOs and IT leadership must push for effective risk management, compliance and governance within their organizations. These efforts involve areas are separate from IT (for example, legal and finance) but are nonetheless critical for a GRC program’s effectiveness.
Read More from This Article: Top 10 GRC mistakes — and how to avoid them