Tech Bytes

GRC for IT Architects
Governance Risk and Compliance (GRC) as most of you might know, is more than a catchy acronym used by IT and security professionals and in fact it is an approach or framework that an organization adopts to ensure proper management and control.

The broader term Governance calls for a better way of managing the business, which includes protection of the assets of the organization (includes information as an asset), sustainability of the organization irrespective of the business or economic climate. Risks are the unforeseen events or forces which could potentially result in severe impact on the overall performance of the organization. Better Governance cannot be achieved without a good risk management program in place. The risk appetite of an organization should be known to the stakeholders who should manage or control the risks, so that the risk exposure is well within the risk appetite. The term Compliance denotes the organization’s approach to being compliant with various legislative requirements of different countries in which it operates and also to comply with social commitments.

GRC exists at different levels, for instance Governance could exist at the corporate level, project level or at sub organization level. While the goals of the GRC at various levels will be the same, the means or techniques used to achieve it vary.

As one could observe these three terms have inter-relations amongst each other and it’s for that reason, there is a need to have a 360 degree view of all these three together. GRC aligns various components of the enterprise (processes, employees, systems and partners) to be more efficient and more manageable leading to better business performance.

An organization is primarily comprised of People, Processes and Technology. The technology domain in turn is made up of Data, Applications and Infrastructure. The Corporate GRC goals can be met when these components are aligned to meet the respective goals.

Much of the risks that today’s organization is battling with are around Data and Applications used within and outside the organization. The IT Architects in turn play important role in designing the solutions involving data, applications and the infrastructure. Thus it is important for the IT Architect that the solution design process is aligned to the GRC framework of the organization.

Visit my personal blog for the full article

Posted on 6/16/2012 at 10:09 PM Permalink | Share This Post | Comments (2) | Leave a Comment

Blog Tags: Architecture, GRC

Community Tags: Governance of Enterprise IT, IT Compliance, IT Value Delivery
You must sign in to rate content.
(Unrated)

Comments

RE: GRC for IT Architects

I don't see GRC as being about technology, or about management of technology within the organization. Rather, it is about ensuring that all the functions, processes, organizations, and systems involved in optimizing corporate performance, considering risk, and remaining in compliance, work together. It is about addressing silos and fragmentation in those functions, etc.

I prefer the OCEG definition and suggest that an IT-only perspective, while useful, is just a small part of GRC and what it means.
Norman Marks at 6/21/2012 4:46 PM
You must sign in to rate content.
(Unrated)

RE: GRC for IT Architects

Thanks Norman for your inputs. But, may be if I say Enteprise Architects than IT Architects, then probably you would agree that applying GRC principles would help optimizing or addressing the silos. Thanks for the pointer to the OCEG definitions and I will look through that.
Kannan at 6/22/2012 2:21 AM
You must sign in to rate content.
(Unrated)

RE: GRC for IT Architects

Thanks Norman for your inputs. But, may be if I say Enteprise Architects than IT Architects, then probably you would agree that applying GRC principles would help optimizing or addressing the silos. Thanks for the pointer to the OCEG definitions and I will look through that.
Kannan at 6/22/2012 2:21 AM
You must sign in to rate content.
(Unrated)

RE: GRC for IT Architects

I don't see GRC as being about technology, or about management of technology within the organization. Rather, it is about ensuring that all the functions, processes, organizations, and systems involved in optimizing corporate performance, considering risk, and remaining in compliance, work together. It is about addressing silos and fragmentation in those functions, etc.

I prefer the OCEG definition and suggest that an IT-only perspective, while useful, is just a small part of GRC and what it means.
Norman Marks at 6/21/2012 4:46 PM
You must sign in to rate content.
(Unrated)

RE: GRC for IT Architects

I don't see GRC as being about technology, or about management of technology within the organization. Rather, it is about ensuring that all the functions, processes, organizations, and systems involved in optimizing corporate performance, considering risk, and remaining in compliance, work together. It is about addressing silos and fragmentation in those functions, etc.

I prefer the OCEG definition and suggest that an IT-only perspective, while useful, is just a small part of GRC and what it means.
Norman Marks at 6/21/2012 4:46 PM
You must sign in to rate content.
(Unrated)

RE: GRC for IT Architects

Thanks Norman for your inputs. But, may be if I say Enteprise Architects than IT Architects, then probably you would agree that applying GRC principles would help optimizing or addressing the silos. Thanks for the pointer to the OCEG definitions and I will look through that.
Kannan at 6/22/2012 2:21 AM
You must sign in to rate content.
(Unrated)

Leave a Comment

You must be logged in to post a comment.