Governance, risk, and compliance (GRC)—just the term is enough to inspire an image of hapless employees caught in a thicket of bramble bushes. Nobody honestly loves the process of jumping through every hoop to abide by regulations, yet GRC is a critical component of good IT. In a post for Aberdeen Essentials, Corey Wilburn describes what can happen when the business does not comply.
Wilburn is aware of a financial corporation where lower-level managers did not like IT’s slow response times to business needs, so the managers and employees devised a workaround system of spreadsheets and standalone databases. An assortment of expectedly awful things resulted: compliance citations and security breaches, redundant data and efforts, and nobody even bothered documenting the self-created systems. Instead of the managers going up and across the chain of command to learn why IT was chained by its slow response cycles, they took a shortcut, and it cost them.
But managers alone were not at fault. Executives should have been more mindful of IT GRC and the state of their IT department in the first place. Likewise, executives need to get more vocal about the importance of compliance and the repercussions of not abiding by it. Mechanisms must be put in place to better track how data and software are accessed.
That being said, it is better to work with people rather than against them, if at all possible:
Of course, it’s better if companies can urge compliance in a positive way. Shop managers and salesmen may not be eager to give up the mobile devices that have helped increase their productivity. Buyers and risk managers may be accustomed to sharing data with third parties in the cloud. It’s much better if these favored business processes can be modified to comply or replaced with an alternative that is just as good or even better.
Substandard IT governance can risk a company’s reputation and even their ability to conduct business.
If your GRC is lax, consider this your wake-up call. The business should never have to face catastrophe before it realizes how important regulations actually are. You can view the original post here: http://www.aberdeenessentials.com/techpro-essentials/thorny-issue-governance-risk-compliance/