Governance, risk management & compliance (GRC) is something an organization does and not something an organization buys. GRC, done properly, is what is achieved throughout the business and its operations. By definition, GRC is “a capability to reliably achieve objectives [governance] while addressing uncertainty [risk management] and acting with integrity [compliance].” This requires that GRC needs to be understood in the context of enterprise strategy, objectives, architecture, and processes.
Designing mature GRC processes that align with the organization requires an understanding of what the organization is about, how it operates, how it should be monitored and controlled. This is done by defining the right GRC process, information, and technology architecture. GRC by Design requires an enterprise/organization architecture approach to the organization and how it operates.
This workshop aims to provide a blueprint for attendees on effective enterprise GRC strategies in a dynamic business, regulatory, and risk environment. Attendees will learn enterprise GRC strategies and techniques that can be applied across the organization. Learning is done through lectures, collaboration with peers, and workshop tasks.
Objectives of workshop:
Attendees will take back to their organization approaches to address:
Enterprise GRC Strategy. Understand GRC in the context of organization performance, strategy, objectives, obligations, risks, as well as its culture and values.
Enterprise GRC Processes. Flowing from strategy are the enterprise GRC processes integrated into the organization and how it operates. Enterprise GRC, done correctly, is part of the rhythm and cadence of the organization.
Enterprise GRC Information Architecture. Defining an information architecture that enables enterprise GRC strategy and processes by providing 360° situational awareness of GRC in context of the organization strategy and operations.
Enterprise GRC Technology Architecture. The necessary technology components needed to bring together diverse and distributed GRC departments and functions into an integrated information and technology architecture aligned with the strategy and operations of the organization.
Benefits to attendees:
Understand a top-down as well as a bottom-up approach to enterprise GRC
Implement enterprise GRC in the context of business strategy, process, and operations
Explore different enterprise GRC strategy and architecture models and how they apply to your organization
Discover various enterprise GRC best practices and how they apply to your business
Develop an enterprise GRC information architecture that aligns with business operations and processes
Effectively communicate GRC related information across your organizations
Who should attend?
GRC managers and architects responsible for leading and integrating GRC strategy across different groups
Business managers whose job responsibilities include GRC responsibilities
Executives and governance personnel who have to oversee GRC
Audit personnel that provide assurance on the organization’s GRC practices
Risk management, compliance, legal, ethics, security, health and safety, project management, IT, and other personnel who are involved in enterprise GRC strategies
Part 1: What is GRC?
Understanding GRC in the Context of the Organization
Different views of GRC throughout the organization
Who owns GRC?
Understanding GRC and its role in business strategy, objectives, performances, and operations
Part 2: Federated Enterprise GRC
Blueprint for Enterprise GRC Collaboration and Strategy
Developing a GRC committee (or herding cats), bringing together the range of GRC roles in the organization
Defining a GRC charter
Developing a collaborative and enterprise view of GRC
Part 3: GRC Capability Model
Integrated GRC Processes that Align & Support the Organization
LEARN: Learn about the organizational context, culture and key stakeholders to inform objectives, strategy and actions.
ALIGN: Align strategy with objectives, and actions with strategy, by using an effective decision-making approach that addresses values, opportunities, threats, and requirements.
PERFORM: Perform actions that promote and reward things that are desirable, prevent and remediate things that are undesirable, and detect when something happens as soon as possible.
REVIEW: Review the design and operating effectiveness of the strategy and actions, as well as the ongoing appropriateness of objectives to improve the organization.
Part 4: GRC Information & Technology Architecture
Providing an Integrated View of GRC to the Enterprise Without Losing Value to the Department
Understanding the interrelationship of GRC information
Developing a GRC ontology and taxonomy
How technology enables a GRC strategy and processes
GRC platform or GRC architecture?
GRC 20/20 Workshop Instructor
GRC 20/20 ResearchMichael Rasmussen – The GRC Pundit @ GRC 20/20 Research, Michael Rasmussen is an internationally recognized pundit on governance, risk management, and compliance (GRC) – with specific expertise on the topics of GRC strategy, process, information, and technology architectures and solutions. With 28+ years of experience, Michael helps organizations improve GRC processes, design and implement GRC architectures and select solutions that are effective, efficient, and agile. He is a sought-after keynote speaker, author, and advisor and is noted as the “Father of GRC” – being the first to define and model the GRC market in February 2002 while at Forrester Research, Inc.
Riskonnect is a global integrated risk management solution provider that enables organizations to anticipate and manage strategic and operational risks across the extended enterprise. Their approach to integrated risk serves more than 900 companies across 6 continents. Riskonnect has operations in the Americas, Europe, and Asia, employing more than 500 risk management experts.