IT GRC Turns Operational Risks into Returns
“The principals of good IT governance, risk management, and compliance are the principals of good management” according to Scott Crawford, research director at Enterprise Management Associates. Research by the IT Policy Group serves as corroboration: organizations with good IT GRC have 17 percent higher revenues, 14 percent higher profits, and 18 percent higher customer satisfaction rates. They also spend 50 percent less on regulatory compliance annually.
Three-legged stool
For “Turning Risks into Returns: How IT Governance, Risk Management, and Compliance Drive Business Results,” CIO Digest spoke with Scott Crawford, the research director at Enterprise Management Associates, who explains that ITIL’s three-legged stool—people, processes, and technology—form the basis for successful IT GRC.
Core elements of good IT GRC include standardization, centralization, and automation. CIO Digest interviewed three IT leaders—James Ng, VP of IT at Energy Market Company; Larry Whiteside, the CISO at Visiting Nurse Services; and Sri Bharadwaj, the Director of Infrastructure and Operations, Molina Healthcare—on their different approaches to IT GRC.
IT GRC best practice areas
Based on the three interviews, CIO Digest pinpointed areas of best practice. These include the following:
- Single sign-on access
- Centralized reporting
- Automation of endpoint security
- Centralization of endpoint security
- Controlling unstructured data
- Centralization and encryption of data backup
- Monitoring of compliance check points
For each of the above areas, CIO Digest covers the technology solution, implementation process, and results achieved by each IT leader.
About Security Community Blog
The Security Community Blog is the perfect place to share short, timely insights including product tips, news and other information relevant to the Security community. Any authenticated Connect member can contribute to this blog.