Case study: What's the business case for GRC?

Governance, risk and compliance (GRC) can be a dauntingly complex undertaking. But for Fiserv, the alternative was even more complicated.

1 2 Page 2
Page 2 of 2

"An effective risk-management program is part of an organization's quest for self-awareness," Walton says. "To begin with technology rather than process is to risk letting the tool define the program rather than support it. Before you can decide which tool meets your needs, you need an overarching process that helps assess your business and its assets, vulnerabilities and risk appetite."

Only when a company understands these baseline concepts can it really know how a GRC software solution will fit into its risk-management program.

Lessons Learned

  • The more decentralized the enterprise, the more complex the GRC implementation will be. Do not underestimate basics such as technical project management and behind-the-scenes network readiness.
  • Your existing risk-management team might fear that adopting GRC software will eliminate their jobs, or change their job functions in ways that take them outside their comfort zones or skill sets. Work with your GRC software provider and its user community to help your team understand the opportunities for professional growth the new system will provide and other potential benefits of the change.
  • Don't try to use every bell and whistle available in your GRC solution on day one. Start small, simple and focused, with a clear idea of the outcome you want. Grow into your system.
  • Think of your GRC system as a flashlight, shining into the dark cupboards of your organization. You will be surprised how much better your risk and compliance fact base and reporting capabilities are immediately after you get your new system up and running. You will also be surprised by how hard it is to determine how to most effectively use the increased insight to improve risk management in your organization.

Copyright © 2012 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
21 best free security tools to make your job easier