LeanGRC® Information Management

Part of LeanGRC® eBook Series

Apply time-tested principles of "lean" to GRC using this helpful series of 6 eBooks. The four basic principles of lean thinking are relevant to GRC: (1) add nothing but value and eliminate waste; (2) center on people who add value; (3) flow value from demand; and (4) optimize across organizations.

Part of LeanGRC® eBook Series

Apply time-tested principles of "lean" to GRC using this helpful series of 6 eBooks. The four basic principles of lean thinking are relevant to GRC: (1) add nothing but value and eliminate waste; (2) center on people who add value; (3) flow value from demand; and (4) optimize across organizations.

LeanGRC® Information Management
eBook filed in Free , Integrated GRC , LeanGRC

Connect and break down silos with lean information management that streamlines governance, risk and compliance processes

LeanGRC® is a new way of approaching your governance, risk and compliance challenges. At the core of this approach is Lean Information Management – centralizing and simplifying the information that is relevant to success in these efforts. With increased access to consistent information, resources are saved and risks are reduced.

One of the biggest challenges in meeting compliance requirements today is the existence of the familiar “silos”. The meaning of this term is obvious – separately managed areas of concern (e.g. SOX, PCI, environmental regulation, employment requirements, etc.) and separate operation of organizational functions (e.g., production, sales, legal, risk management, information management, etc.). The siloed approach goes beyond the creation of separate responsibility and programs, however. It creates completely disconnected pockets of risk and compliance information spread around the organization that contain either similar, or in some cases, identical data relating to risk management and compliance activities. And, of course, when the same information is stored in multiple places, the opportunity for inconsistency is persistent.

The reason why this is such a pernicious problem is that the existence of these information silos is often invisible to the people who need to know where information is kept. Failure to know can lead to increased risk and waste of resources. A simple and common example is that of a SOX program team that conducts a test of SOX controls, some of which are failing to operate effectively. The SOX team may initiate a project to remediate the controls as they use them, but these controls also are used for PCI compliance and that program team is not aware of the control failures. The result is continuing higher risk for PCI compliance that is invisible to upper management.

Share