Successfully driving GRC transformation
Wondering if or how you should migrate your legacy cybersecurity, risk, and compliance technology (also known as GRC)? You are not alone. I continue to hear several common themes from clients who are facing the challenge of modernizing their GRC program, processes, and technology and wanted to provide my perspective on how to approach it based on my experience supporting clients with this in recent years.
What can make GRC so uniquely challenging is that it is inherently cross-functional. GRC intersects multiple functions across the business which commonly include cybersecurity, legal, finance, digital/IT, audit, and often numerous product or engineering organizations—all of which are responsible for a variety of compliance obligations and for measuring and monitoring organizational risk. Bringing these domains together into a unified program, on a common technical platform such as ServiceNow, is not an easy undertaking—but can be of immense value to executives and the board if successful.
Here are a few common steps followed by organizations successfully driving GRC transformation:
1
2
3
4
Think about the migration as a technical product transformation to drive measurable business value. Treating it as a product shifts the mindset and culture around how its handled, enabling a more agile approach, quicker path-to-value, and more effective collaboration between stakeholder groups.
A GRC technology migration and overall program modernization can be the catalyst to spark engagement across the business and build a normalized and comprehensive view of your organization’s risk and compliance posture to executives and the board, enabling more effective decision making and empowering the business with invaluable intelligence.
- Joan A. Qafoku, Director Advisory, Cyber Security Services, KPMG LLP
It’s time for technology to help your GRC program reach it’s next stage of maturity.
Read more