eBook: Getting started with GRC
Getting Started with GRC is Iceberg’s new eBook series, helping organizations plan for a successful GRC program.
When you deploy a GRC solution, you have a chance to evolve your processes, and mature your organization’s culture and approach to risk management. Each chapter explores a concept that we’ve seen to be critical to the success of any GRC deployment, whether you already have a GRC tool in place or you’re starting from scratch. The series is written by Kirk Hogan, Iceberg’s senior GRC consultant. The first chapters are available below for download.
Chapter 1: Where to start
This chapter explores the two main activities required to start the journey of implementing a GRC solution: Understanding the current state, and describing the desired future state. These are two deceptively simple statements that have the potential to become large and runaway activities.
Chapter 2: Aligning to a vision
This chapter discusses some methods to develop a clear view of what the future state of a GRC program might look like. It explores options to align your organization around a vision and start to take action in achieving it.
Chapter 3: How to get there
With a vision established, there is a predictable sequence of events to be followed to build a workable prioritized plan.
Chapter 4: What first?
The foundations of GRC are similar to a building’s foundations: you can’t build the roof until the basement and walls are constructed. This chapter is about identifying the tactical priorities required to achieve your objectives.
Chapter 5: Measuring value
Although value can be defined many ways, for a GRC solution value is generally defined as either improving the state of maturity of a program or having a positive impact. This chapter looks at different ways to measure value.
Chapter 6: Quick wins
This article is really a guide for the next time you hear that magic phrase in a meeting, and how to arm yourself with better questions to clarify what “quick wins” really mean, and how to know when or if you’ve won. Focusing on the right wins, and achieving them, is an effective way to build buy-in and momentum for your GRC program.
Chapter 7: Executive sponsorship
If you’ve ever run or have been involved in a large project, you’ll appreciate how critical it is to have the right executive sponsor. Your executive sponsor keeps the spotlight on the program, and at the right times, sets the stage for the organization to leverage the new solution in daily operations. At the very minimum, the executive sponsor must use the program in most discussion they have to highlight its importance in achieving corporate objectives.
Chapter 8: Essential components
A mature Risk Intelligence program is not about just one thing in isolation. Instead, it is a collection of people, processes and technology, with the right mix based on an organization’s level of maturity. It is also about culture and adoption, sponsorship and support. These are the essential components of a GRC program and this chapter will focus on each of them.
Chapter 9: Top 3 GRC mistakes
Expectations are high for implementing a risk management platform and what it means for the organization. With those expectations comes the pressure to demonstrate value quickly, and this leads to some common mistakes. Chapter 9 examines the top three GRC mistakes we see on a regular basis, and offers strategies to help avoid them.