What GRC means to different users

by Scott Priest, Editorial Director

February 23, 2011

When people hear of the term "GRC," they usually respond in one of two ways: "What is it?" or "How does it apply to me?"

Most of us have at least heard the acronym at some point, and come to understand that GRC respresents the governance, risk management, and compliance elements that companies must face. 

The second part is the kicker: Most people seem to assume that they should merely comply with whatever regulations guide their industry, and use risk management strategies when necessary or fashionable (as it was in the aftermath of the financial crisis).

But establishing repeatable processes that cross areas can provide major gains for any organization, big or small. SAP vice president and GRC evangelist Norman Marks is presiding over a forum on Insider Learning Network this week helping to explain this very point, in conjunction with a Q&A he did with Project Expert's Laura Casasanto. 

Norman often espouses the views of OCEG, a leading GRC-focused non-profit, which considers GRC in a comprehensive way -- not focused on any one area. While IT folks might be concerned about data security and PCI compliance, document management users may be more focused on process and data governance across an organization. Higher-level managers in any area might me more forward-looking, focused on managing and mitigating risks going forward to optimize their processes, and profit. You could find specific examples that differ for users of all kinds of levels across all kinds of industries.

But it's the interplay of these that i s important. How do you establish GRC practices that ensure as many of these concerns are being addressed -- without breaking the bank?

For more on what GRC means to an organization, register to read “GRC Explained: A New Way of Looking at Risk,”  an exclusive Q&A with Norman Marks. Previously only available to Project Expert subscribers, this interview digs deep into the important steps every company must take to achieve a rock-solid GRC strategy. You are also invited to join Norman Marks in the Compliance forum the week of February 21 to ask your specific questions about your own challenges in creating a sound GRC strategy.  Register today. 

An email has been sent to:

More from SAPinsider


Please log in to post a comment.

No comments have been submitted on this article. Be the first to comment!