PREVIEW: Getting started with GRC eBook
Chapter 1: Where to Start
This chapter explores the two main activities required to start the journey of implementing a GRC solution: Understanding the current state, and describing the desired future state. These are two deceptively simple statements that have the potential to become large and runaway activities.
Chapter 2: Aligning to a vision
This chapter discusses some methods to develop a clear view of what the future state of a GRC program might look like. It explores options to align your organization around a vision and start to take action in achieving it.
Chapter 4: What first?
The foundations of GRC are similar to a building’s foundations: you can’t build the roof until the basement and walls are constructed. This chapter is about identifying the tactical priorities required to achieve your objectives.
Chapter 5: Measuring value
Although value can be defined many ways, for a GRC solution value is generally defined as either improving the state of maturity of a program or having a positive impact. This chapter looks at different ways to measure value.
Chapter 6: Quick wins
This article is really a guide for the next time you hear that magic phrase in a meeting, and how to arm yourself with better questions to clarify what “quick wins” really mean, and how to know when or if you’ve won. Focusing on the right wins, and achieving them, is an effective way to build buy-in and momentum for your GRC program.
Chapter 7: Executive sponsorship
If you've ever run or have been involved in a large project, you'll appreciate how critical it is to have the right executive sponsor. Your executive sponsor keeps the spotlight on the program, and at the right times, sets the stage for the organization to leverage the new solution in daily operations. At the very minimum, the executive sponsor must use the program in most discussion they have to highlight its importance in achieving corporate objectives.
Chapter 8: Essential components
A mature Risk Intelligence program is not about just one thing in isolation. Instead, it is a collection of people, processes and technology, with the right mix based on an organization’s level of maturity. It is also about culture and adoption, sponsorship and support. These are the essential components of a GRC program and this chapter will focus on each of them.