Overview of Technology for GRC
What’s at the core of GRC technology? According to Joe DeVita, Partner & GRC Technology Leader, PwC, successful GRC technology must align, automate and integrate business processes. In this Tech Talk video interview “Overview of Technology for GRC,” Joe provides background and insights into GRC technology. He offers tips on how to get started. And if you’re looking for GRC technology benefits he offers a healthy list with many examples.
The importance of GRC and Principled Performance in creating effective business processes.
How risk and compliance initiatives, such as audit and tax, evolve over time.
Keeping up with technology when automating and integrating risk and compliance initiatives into business process cycles.
The disconnect between risk/compliance initiatives and business processes, and the importance of overcoming it.
The importance of reaching a level of automation in which the business process is not impeded by the compliance initiative.
Importance of ensuring the entire enterprise is taken care of from a risk and compliance initiative.
How GRC overlays enterprise risk management and the broader compliance initiatives.
The importance of involving the Chief Information Officer and getting feedback from stakeholders when purchasing compliance tools.
Choosing what compliance information should be kept secured within the organization and what information can be kept in the Cloud.
Role of data analytics in detecting issues that can then be resolved.
Ensuring data is protected when using personal mobile devices.
Understanding the risk and implications of using personal devices opposed to corporate devices.
How tools are expected to evolve, but not necessarily reach a 'one-tool-future.'
History of complications rising through past attempts at automation with the 'big bang' approach and benefits of utilizing a 'controlled burn' approach instead.
The evolution and consolidation of GRC technologies in the future.
Choosing a starting point based on risk or the easiest place to begin to automate and integrate.
Costs of GRC implementation through the 'controlled burn' approach.
Looking at the benefits of automation from an ROI perspective.
How different organizations have a different 'best case' and how that means there will never be a 'one-size-fits-all' in the GRC world.
Organizations rethinking how to consolidate expense and integrate the initiatives.
Benefits of attaining success and showing the value of initiatives to get people on board rather than putting pressure on others to integrate.
Getting people involved by reaching out to the executives and keeping them informed about the initiatives.
The importance of asking the right questions early on to best prevent and manage crises.
The importance of status reports and the role of tools in the informed perspective for making decisions.
The governance model and the role of the executives and governance committee.
The importance of setting up the governance model correctly in order to sustain the GRC platform.
What is seen at the board level in the evolution of the audit committee.
Questions to ask the Chief Audit Executive and the importance of their role as the first, second, and third line of defense.
How to strengthen the Chief Audit Executive's role as the third line of defense.
How the Chief Audit Executive is working, what they are going to be testing against, and how this is unique from organization to organization.
The role of the Chief Financial Officer and the importance of the their involvement.
The Chief Financial Officer and how they align compliance and risk with the budgeting process.
The role of the Chief Risk Officer and how it varies by industry.
The role of the Chief Compliance Officer and the factors that influence it.
The role of assessing vendor risk and compliance information in managing compliance costs.
The importance of aligning business processes with risk and compliance initiatives in order to ensure greater effectiveness of the compliance process and evolution of business cycles.
What is seen from the Office of the General Counsel regarding a technology and how it is used.
The role of the Chief Information Officer and their involvement in integration and automation of initiatives.
Things to consider before using open source technologies.