Loading Events

« All Events

  • This event has passed.

Enterprise GRC Management by Design – London

2021-10-14 @ 9:00 am 5:00 pm London/BST

Blueprint for an Effective, Efficient & Agile Enterprise GRC Program

Governance, risk management & compliance (GRC) is something an organization does and not something an organization buys. GRC, done properly, is what is achieved throughout the business and its operations. By definition, GRC is “a capability to reliably achieve objectives [governance] while addressing uncertainty [risk management] and acting with integrity [compliance].” This requires that GRC needs to be understood in the context of enterprise strategy, objectives, architecture, and processes.

Designing mature GRC processes that align with the organization requires an understanding of what the organization is about, how it operates, how it should be monitored and controlled. This is done by defining the right GRC process, information, and technology architecture. GRC by Design requires an enterprise/organization architecture approach to the organization and how it operates.

This workshop aims to provide a blueprint for attendees on effective enterprise GRC strategies in a dynamic business, regulatory, and risk environment. Attendees will learn enterprise GRC strategies and techniques that can be applied across the organization. Learning is done through lectures, collaboration with peers, and workshop tasks.

Objectives of workshop:

Attendees will take back to their organization approaches to address:

  • Enterprise GRC Strategy. Understand GRC in the context of organization performance, strategy, objectives, obligations, risks, as well as its culture and values.
  • Enterprise GRC Processes. Flowing from strategy are the enterprise GRC processes integrated into the organization and how it operates. Enterprise GRC, done correctly, is part of the rhythm and cadence of the organization.
  • Enterprise GRC Information Architecture. Defining an information architecture that enables enterprise GRC strategy and processes by providing 360° situational awareness of GRC in context of the organization strategy and operations.
  • Enterprise GRC Technology Architecture. The necessary technology components needed to bring together diverse and distributed GRC departments and functions into an integrated information and technology architecture aligned with the strategy and operations of the organization.

Benefits to attendees:

  • Understand a top-down as well as a bottom-up approach to enterprise GRC
  • Implement enterprise GRC in the context of business strategy, process, and operations
  • Explore different enterprise GRC strategy and architecture models and how they apply to your organization
  • Discover various enterprise GRC best practices and how they apply to your business
  • Develop an enterprise GRC information architecture that aligns with business operations and processes
  • Effectively communicate GRC related information across your organizations

Who should attend?

  • GRC managers and architects responsible for leading and integrating GRC strategy across different groups
  • Business managers whose job responsibilities include GRC responsibilities
  • Executives and governance personnel who have to oversee GRC
  • Audit personnel that provide assurance on the organization’s GRC practices
  • Risk management, compliance, legal, ethics, security, health and safety, project management, IT, and other personnel who are involved in enterprise GRC strategies


Part 1: What is GRC?

Understanding GRC in the Context of the Organization

  • Different views of GRC throughout the organization
  • Who owns GRC?
  • Understanding GRC and its role in business strategy, objectives, performances, and operations

Part 2: Federated Enterprise GRC

Blueprint for Enterprise GRC Collaboration and Strategy

  • Developing a GRC committee (or herding cats), bringing together the range of GRC roles in the organization
  • Defining a GRC charter
  • Developing a collaborative and enterprise view of GRC

Part 3: GRC Capability Model

Integrated GRC Processes that Align & Support the Organization

  • LEARN: Learn about the organizational context, culture and key stakeholders to inform objectives, strategy and actions.
  • ALIGN: Align strategy with objectives, and actions with strategy, by using an effective decision-making approach that addresses values, opportunities, threats, and requirements.
  • PERFORM: Perform actions that promote and reward things that are desirable, prevent and remediate things that are undesirable, and detect when something happens as soon as possible.
  • REVIEW: Review the design and operating effectiveness of the strategy and actions, as well as the ongoing appropriateness of objectives to improve the organization.

Part 4: GRC Information & Technology Architecture

Providing an Integrated View of GRC to the Enterprise Without Losing Value to the Department

  • Understanding the interrelationship of GRC information
  • Developing a GRC ontology and taxonomy
  • How technology enables a GRC strategy and processes
  • GRC platform or GRC architecture?

GRC 20/20 Workshop Instructor

Michael Rasmussen, GRC pundit
Michael Rasmussen

GRC 20/20 ResearchMichael Rasmussen – The GRC Pundit @ GRC 20/20 Research, Michael Rasmussen is an internationally recognized pundit on governance, risk management, and compliance (GRC) – with specific expertise on the topics of GRC strategy, process, information, and technology architectures and solutions. With 28+ years of experience, Michael helps organizations improve GRC processes, design and implement GRC architectures and select solutions that are effective, efficient, and agile. He is a sought-after keynote speaker, author, and advisor and is noted as the “Father of GRC” – being the first to define and model the GRC market in February 2002 while at Forrester Research, Inc.

Workshop Host

Riskonnect is a global integrated risk management solution provider that enables organizations to anticipate and manage strategic and operational risks across the extended enterprise. Their approach to integrated risk serves more than 900 companies across 6 continents. Riskonnect has operations in the Americas, Europe and Asia, employing more than 500 risk management experts. 

Leave a reply

Your email address will not be published.