Today's top stories

Top 10 GRC mistakes — and how to avoid them

A sound governance, risk and compliance (GRC) strategy is more valuable — and harder to hone — than you might think. Here’s how to avoid looming disaster.

Top 10 GRC mistakes — and how to avoid them
Thinkstock

Become An Insider

Sign up now and get FREE access to hundreds of Insider articles, guides, reviews, interviews, blogs, and other premium content. Learn more.

Governance, risk and compliance (GRC) — the very words cause groans among employees and leadership alike. They conjure thoughts of expansive spreadsheets and endless meetings where acronyms like KRIs and KPIs are bandied about. Quite often, GRC exercises are seen as a waste of time or the purview of the CFO and internal audit.

But this is not the case. With regulatory obligations and penalties for non-compliance increasing, CIOs and IT leadership must push for effective risk management, compliance and governance within their organizations. These efforts involve areas are separate from IT (for example, legal and finance) but are nonetheless critical for a GRC program’s effectiveness.

The days of separate or non-existent GRC programs are over. IT and business GRC must be incorporated into a whole. To do otherwise adds tremendous risk and needless uncertainty. Between unforgiving regulatory environments at home (HIPAA, PCI, FERPA) and abroad (GDPR), customer data privacy expectations, as-a-service platform risks, cybersecurity threats and the ever-changing global marketplace, an established and effective GRC program is a primary means of not only demonstrating operational due care, but also reducing costs, increasing profitability and avoiding running afoul of regulatory regimes across international markets.

“The top two GRC shortcomings I see are organizations not being aligned on their strategy and placing a much stronger focus on compliance versus effective risk management," says David McKeough, vice president of CrowdStrike.

To continue reading this article register now

SUBSCRIBE! Get the best of CIO delivered to your email inbox.