Loading Events

« All Events

  • This event has passed.

Enterprise GRC by Design

2016-02-18

Blueprint for an Effective, Efficient & Agile GRC Management Program

Learn More

In order to achieve GRC excellence, organisations must be able to fully understand the concepts of enterprise GRC. Governance, risk management & compliance (GRC) is something an organization does and not something an organization buys. GRC, done properly, is what is achieved throughout the business and its operations. By definition, GRC is “a capability to reliably achieve objectives [governance] while addressing uncertainty [risk management] and acting with integrity [compliance].” This requires that GRC be understood in the context of enterprise strategy, objectives, architecture and processes.

Designing mature GRC processes that align with the organisation requires an understanding of what the organisation is about, how it operates and how it should be monitored and controlled. This is done through defining the right GRC process, information and technology architecture. GRC by design requires an enterprise or organisation architecture approach to the organization and how it operates.

This workshop aims to provide a blueprint for attendees on effective enterprise GRC strategies in a dynamic business, regulatory, and risk environment. Attendees will learn enterprise GRC strategies and techniques that can be applied across the organization. Learning is done through lectures, collaboration with peers, and workshop tasks.

Attendees will take back to their organization approaches to address:

  • Enterprise GRC Strategy. Understand GRC in the context of organization performance, strategy, objectives, obligations, risks, as well as its culture and values.
  • Enterprise GRC Processes. Flowing from strategy are the enterprise GRC processes integrated into the organization and how it operates. Enterprise GRC, done correctly, is part of the rhythm and cadence of the organization.
  • Enterprise GRC Information Architecture. Defining an information architecture that enables enterprise GRC strategy and processes by providing 360° situational awareness of GRC in context of the organization strategy and operations.
  • Enterprise GRC Technology Architecture. The necessary technology components needed to bring together diverse and distributed GRC departments and functions into an integrated information and technology architecture aligned with the strategy and operations of the organization.

Part 1

Understanding GRC in the Context of the Organisation with Specific Focus on an Enterprise View

  • How is GRC viewed throughout the organisation?
  • Discovering responsibility towards GRC and taking ownership of this function
  • Exploring GRC and its role in driving business strategy, objectives, performances and operations
  • Workshop Project & Discussion

Morning Break

Part 2

Federated Enterprise GRC: Blueprint for Enterprise GRC Collaboration and Strategy

  • Developing a GRC committee (or herding cats), bringing together the range of GRC roles in the organisation
  • Defining a GRC charter to create a clearer picture of your organisation’s next steps
  • Developing a collaborative and enterprise view of GRC
  • Workshop Project & Discussion

Lunch Break

Part 3

GRC Capability Model: Integrated GRC Processes that Align and Support the Organisation

  • Learning about the organisational context, culture and key stakeholders to inform objectives, strategy and actions
  • Aligning strategies with objectives, and actions with strategy by using an effective decision-making approach that addresses values, opportunities, threats, and requirements
  • Performing actions that promote and reward things that are desirable, prevent and remediate things that are undesirable, and detect when something happens as soon as possible
  • Reviewing the design and operating effectiveness of the strategy and actions, as well as the ongoing appropriateness of objectives to improve the organization
  • Workshop Project & Discussion

Afternoon Break

Part 4

GRC Information and Technology Architecture: Providing an Integrated View of GRC to the Enterprise without Losing Value to the Department

  • Exploring the interrelationship of GRC information and utilising data to maximise results
  • What is GRC ontology and taxonomy? How can these approaches contribute to GRC excellence?
  • Leveraging on technology to further enable GRC strategies and processes
  • Which one works best for you: GRC platform or GRC architecture
  • Workshop Project & Discussion

Attendees will take back to their organization approaches to address:

  • Enterprise GRC Strategy. Understand GRC in the context of organization performance, strategy, objectives, obligations, risks, as well as its culture and values.
  • Enterprise GRC Processes. Flowing from strategy are the enterprise GRC processes integrated into the organization and how it operates. Enterprise GRC, done correctly, is part of the rhythm and cadence of the organization.
  • Enterprise GRC Information Architecture. Defining an information architecture that enables enterprise GRC strategy and processes by providing 360° situational awareness of GRC in context of the organization strategy and operations.
  • Enterprise GRC Technology Architecture. The necessary technology components needed to bring together diverse and distributed GRC departments and functions into an integrated information and technology architecture aligned with the strategy and operations of the organization.

Benefits to attendees:

  • Understand a top-down as well as a bottom-up approach to enterprise GRC
  • Implement enterprise GRC in the context of business strategy, process, and operations
  • Explore different enterprise GRC strategy and architecture models and how they apply to your organization
  • Discover various enterprise GRC best practices and how they apply to your business
  • Develop an enterprise GRC information architecture that aligns with business operations and processes
  • Effectively communicate GRC related information across your organizations

  • GRC managers and architects responsible for leading and integrating GRC strategy across different groups
  • Business managers whose job responsibilities include GRC responsibilities
  • Executives and governance personnel who have to oversee GRC
  • Audit personnel that provide assurance on the organization’s GRC practices
  • Risk management, compliance, legal, ethics, security, health and safety, project management, IT, and other personnel who are involved in enterprise GRC strategies


rasmussenMichael Rasmussen – The GRC Pundit @ GRC 20/20 Research, Michael Rasmussen is an internationally recognized pundit on governance, risk management, and compliance (GRC) – with specific expertise on the topics of GRC strategy, process, information, and technology architectures and solutions. With 23+ years of experience, Michael helps organizations improve GRC processes, design and implement GRC architectures, and select solutions that are effective, efficient, and agile. He is a sought-after keynote speaker, author, and advisor and is noted as the “Father of GRC” — being the first to define and model the GRC market in February 2002 while at Forrester Research, Inc.

104a3f8f6f-7a55-4966-969c-d15f496e852cThis workshop is sponsored by the ISACA Rhode Island Chapter and the Institute of Internal Auditors Ocean State Chapter.

Venue

Fidelity Investments
500 Salem Street
Smithfield, RI 02917 United States
+ Google Map
No comments yet.

Leave a Reply