Blueprint for an Effective, Efficient & Agile Enterprise GRC Program
Governance, risk management & compliance (GRC) is something an organization does and not something an organization buys. GRC, done properly, is what is achieved throughout the business and its operations. By definition, GRC is “a capability to reliably achieve objectives [governance] while addressing uncertainty [risk management] and acting with integrity [compliance].” This requires that GRC needs to be understood in the context of enterprise strategy, objectives, architecture and processes.
Designing mature GRC processes that align with the organization requires an understanding of what the organization is about, how it operates, how it should be monitored and controlled. This is done through defining the right GRC process, information and technology architecture. GRC by Design requires an enterprise/organization architecture approach to the organization and how it operates.
This workshop aims to provide a blueprint for attendees on effective enterprise GRC strategies in a dynamic business, regulatory, and risk environment. Attendees will learn enterprise GRC strategies and techniques that can be applied across the organization. Learning is done through lectures, collaboration with peers, and workshop tasks.
Objectives of workshop:
Attendees will take back to their organization approaches to address:
- Enterprise GRC Strategy. Understand GRC in the context of organization performance, strategy, objectives, obligations, risks, as well as its culture and values.
- Enterprise GRC Processes. Flowing from strategy are the enterprise GRC processes integrated into the organization and how it operates. Enterprise GRC, done correctly, is part of the rhythm and cadence of the organization.
- Enterprise GRC Information Architecture. Defining an information architecture that enables enterprise GRC strategy and processes by providing 360° situational awareness of GRC in context of the organization strategy and operations.
- Enterprise GRC Technology Architecture. The necessary technology components needed to bring together diverse and distributed GRC departments and functions into an integrated information and technology architecture aligned with the strategy and operations of the organization.
Benefits to attendees:
- Understand a top-down as well as a bottom-up approach to enterprise GRC
- Implement enterprise GRC in the context of business strategy, process, and operations
- Explore different enterprise GRC strategy and architecture models and how they apply to your organization
- Discover various enterprise GRC best practices and how they apply to your business
- Develop an enterprise GRC information architecture that aligns with business operations and processes
- Effectively communicate GRC related information across your organizations
Who should attend?
- GRC managers and architects responsible for leading and integrating GRC strategy across different groups
- Business managers whose job responsibilities include GRC responsibilities
- Executives and governance personnel who have to oversee GRC
- Audit personnel that provide assurance on the organization’s GRC practices
- Risk management, compliance, legal, ethics, security, health and safety, project management, IT, and other personnel who are involved in enterprise GRC strategies
Part 1: What is GRC?
Understanding GRC in the Context of the Organization
- Different views of GRC throughout the organization
- Who owns GRC?
- Understanding GRC and its role in business strategy, objectives, performances, and operations
Part 2: Federated Enterprise GRC
Blueprint for Enterprise GRC Collaboration and Strategy
- Developing a GRC committee (or herding cats), bringing together the range of GRC roles in the organization
- Defining a GRC charter
- Developing a collaborative and enterprise view of GRC
Part 3: GRC Capability Model
Integrated GRC Processes that Align & Support the Organization
- LEARN: Learn about the organizational context, culture and key stakeholders to inform objectives, strategy and actions.
- ALIGN: Align strategy with objectives, and actions with strategy, by using an effective decision-making approach that addresses values, opportunities, threats, and requirements.
- PERFORM: Perform actions that promote and reward things that are desirable, prevent and remediate things that are undesirable, and detect when something happens as soon as possible.
- REVIEW: Review the design and operating effectiveness of the strategy and actions, as well as the ongoing appropriateness of objectives to improve the organization.
Part 4: GRC Information & Technology Architecture
Providing an Integrated View of GRC to the Enterprise Without Losing Value to the Department
- Understanding the interrelationship of GRC information
- Developing a GRC ontology and taxonomy
- How technology enables a GRC strategy and processes
- GRC platform or GRC architecture?
Michael Rasmussen – The GRC Pundit @ GRC 20/20 Research, Michael Rasmussen is an internationally recognized pundit on governance, risk management, and compliance (GRC) – with specific expertise on the topics of GRC strategy, process, information, and technology architectures and solutions. With 26+ years of experience, Michael helps organizations improve GRC processes, design and implement GRC architectures, and select solutions that are effective, efficient, and agile. He is a sought-after keynote speaker, author, and advisor and is noted as the “Father of GRC” — being the first to define and model the GRC market in February 2002 while at Forrester Research, Inc.
MetricStream is simplifying Governance, Risk, and Compliance (GRC) for modern and digital enterprises. Our market-leading enterprise and cloud Apps for GRC enable organizations to strengthen risk management, regulatory compliance, vendor governance, and quality management while driving business performance.
The MetricStream GRC Journey methodology integrates GRC technologies and programs across business, IT, and security functions as we enable organizations to realize the vision of Pervasive GRC. Rich content from GRCIntelligence.com and thriving communities like ComplianceOnline.com, as well as MetricStream Special Interest Groups (mSIGs) support the ongoing success of our customers through real-time content feeds and best practices embedded in our Apps.
Leading companies across industry verticals are benefiting from MetricStream’s simple and modular approach to GRC that is transforming risk management in a business environment that is increasingly mobile, social, global, and virtual. We have been consistently rated as a market leader by leading analysts, and have received several awards and recognitions for product innovation and customer success.
MetricStream is headquartered in Palo Alto, California, and has offices across the globe.