Shadows haunt the organization. Today’s organization is encumbered by things like shadow processes and shadow IT. These are rogue processes and technology that get implemented in the depths of the organization without thought or conformity to a top-down integrated strategy.
The components of GRC – governance, risk management, and compliance – are in every organization. My position is that every organization does GRC. It may be ad hoc, fly-by-the-seat-of-our-pants approaches. The reality is that we have shadow GRC processes that spring up all over the organization in the bowels of operations that lack an enterprise top-down coordination and strategy.
Too often, GRC is like the Winchester Mystery House in . . .
[THE REST OF THIS ARTICLE CAN BE FOUND ON THE DILIGENT BLOG WHERE GRC 20/20’S MICHAEL RASMUSSEN IS A GUEST AUTHOR]