Justin Greis, CISA, CISM, CGEIT, CRISC, CISSP, CIPP, PMP, ITIL, GIAC/GSEC
Justin Greis is a senior manager in the advisory practice of Ernst & Young. He specializes in IT risk and assurance by helping his clients manage risk and improve business performance from their IT investments. Greis has more than 10 years of executive and entrepreneurial leadership experience in IT. He currently also serves as professor of information systems at Indiana University’s Kelley School of Business (USA). In 2010, he was selected as one of nine global winners of the Ernst & Young Chairman’s Values Award, the firm’s highest honor, for his outstanding commitment to the firm’s values and its people.
Prior to Ernst & Young, Greis worked as a consultant for Protiviti in Paris and led the technology development of the Eppley Institute for Parks and Public Lands, a nonprofit consulting organization. He was also the founder of an IT consulting and web solutions company, BrainOrbit, which specialized in implementing web-based interactive and training technologies. Greis served as chief executive officer of this organization for four years, before joining the Ernst & Young team.
Greis and his wife, Katharine, founded the “Ernst & Young, James E. Buckman Memorial Fellowship” in memory of Katharine’s father. The fellowship is focused on providing post-graduate technology educational opportunities to students in the Kelley School of Business MSIS program at Indiana University. He currently sits on the board of Panna Dolce and resides in Chicago, Illinois, USA.
When not serving his clients, he enjoys playing drums, photography and cooking. He can be reached at email@example.com.
What do you see as the importance and role of values in business?
Values are the very core of who we are.
Without shared values, a business will never be able to articulate its beliefs and demonstrate what makes it different from the next company. We have been witness to countless examples of fraud and inappropriate behavior by business leaders because the ideals for which their companies stood were not truly ingrained into the culture. However, values are just words on a page without the actions to demonstrate that we live what we believe; it is the action and behaviors that strengthen the values for which we stand.
In professional services, much of what we do can be copied or replicated by our competition. We manufacture with our minds, and in the age of information mobility, intellectual capital can leave your company with every employee. So, what makes us as individuals and businesses unique? What differentiates one company from the next? Simply said: It is our values. They create a common bond between our employees and keep our client relationships strong. I believe that the values we instill in our people give us a tangible competitive advantage in the market and make our companies feel like families.
What do you see as the biggest risks being addressed by IT governance and risk professionals? How can businesses protect themselves?
I believe the biggest risk we encounter today has to do with information proliferation and accountability. The features and functionality we build into our advanced information systems to promote integration and interoperability can be turned against us and can introduce risk that must be managed. At E&Y, we call this “the challenge of building trust through information security in a borderless world.” Perhaps the most important lesson to keep in mind is that there is no silver bullet, no one tool to manage and control all the IT risks that borderless technologies such as mobile computing, social networking and cloud computing cause. The connectivity and complexity we have built into our systems must be mirrored in the effectiveness of the controls that we design for them. Information security professionals have preached “defense in-depth” for years; it is this concept that should be applied in a company’s layered control environment.
But technical controls and automated processes are just one part of the solution; accountability is critical to any controlled environment. It is not sufficient to implement a solution for data protection, application portfolio management or change control, and hope that it works. Functional owners must be empowered to perform their duties, be trained to carry them out and report performance to management, and have the ability to verify the operating effectiveness. Only by creating an environment of accountability can we hope to build a corporate culture that understands the importance and value of doing the right thing. One of the leading indicators that accountability may not exist in a company is the lack of consistent policies, standards and controls. Attempting to instill accountability without such a framework is a tremendous challenge and one many companies struggle with today.
How do you see the role of governance of enterprise IT (GEIT) changing in the next five years?
There are a few areas I see as key to the ever-changing role of GEIT. One of the biggest challenges I have seen has been reporting the right information at the right time to the right executives. Companies have built complex manual processes to generate custom reports so decisions can be made and strategy can be set by executives. Unfortunately, there are many layers of obfuscation that stand between executives and the critical information they need to make wise, well-informed decisions. Think about the game of telephone we used to play as children, and how the message was altered with every person in the link. By the time information reaches executives, it is either incorrect, too late or no longer useful. I have had the good fortune to be a part of programs that streamline the quality and efficiency of the data that get to the right person at the right time. Governance, risk and compliance (GRC) tools, configuration/asset management databases, and project and application portfolio management suites are a step toward elimination of the manual layers that delay bold and decisive action in the governance of IT.
Another key area in which I believe GEIT will change is the concept of IT as a strategic enabler. In some organizations, IT plays more of a support role; it “keeps the lights on” and supports basic business functions. In other organizations, IT is viewed and utilized as a strategic enabler to generate profit or cost savings. The most successful companies I have worked with have embraced technology’s role as an enabler rather than the traditional utility model.
Finally, reliance on third parties, vendors and cloud-based models continues to be a major area of focus for IT governance processionals. As the role of the CIO changes from a service provider to a business enabler, we become more reliant on external service providers to introduce new capabilities. Not only are there operational considerations, there is also a whole new world of technology risk and legal considerations introduced by parties that exist outside of our span of influence and sphere of control. Robust vendor management processes can help companies understand the risk, manage the value and optimize the costs associated with outsourced relationships.
How did you transition from an entrepreneur to a senior manager in a Big Four firm? Did you find the transition difficult?
The wonderful part about Ernst & Young is that I never had to transition from being an entrepreneur. We are a company of innovators; the spirit of entrepreneurship exists in every problem we solve and each engagement we execute. When I started BrainOrbit, I built it from scratch and created a place where I would want to work every day. We do the same thing at Ernst & Young; whether at our clients or internally, people with great ideas are a currency valued above all.
When I started at Ernst & Young, I was worried that the energy and passion I had for new ideas and opportunities would not be valued. But, as I came to know and understand the culture, I found that we are an organization that promotes passion and creativity—and, above all, we reward innovation.
What has been your biggest workplace challenge, and how did you face it?
The biggest challenge for me has been balancing the demands of life on the road with my clients, time in the classroom with my students and my personal life.
I have always loved solving puzzles and figuring out answers to problems; that is why I became a business advisor. My job involves piecing together a jigsaw puzzle and, then, teaching others how to do it all over again. I love spending time with my clients and sharing my experience and knowledge with them. I also spend much of my time on campus at Indiana University teaching in the masters program. But between my two full-time jobs, finding personal time is a challenge. I have an amazingly supportive and inspiring wife and family who are my coaches and mentors. I could not do it without them. However, work-life balance does not just happen; it is planned and must be prioritized as a goal.
Enjoying this article? To read the most current ISACA Journal articles, become a member or subscribe to the Journal.
The ISACA Journal is published by ISACA. Membership in the association, a voluntary organization serving IT governance professionals, entitles one to receive an annual subscription to the ISACA Journal.
Opinions expressed in the ISACA Journal represent the views of the authors and advertisers. They may differ from policies and official statements of ISACA and/or the IT Governance Institute® and their committees, and from opinions endorsed by authors’ employers, or the editors of this Journal. ISACA Journal does not attest to the originality of authors’ content.
© 2011 ISACA. All rights reserved.
Instructors are permitted to photocopy isolated articles for noncommercial classroom use without fee. For other copying, reprint or republication, permission must be obtained in writing from the association. Where necessary, permission is granted by the copyright owners for those registered with the Copyright Clearance Center (CCC), 27 Congress St., Salem, MA 01970, to photocopy articles owned by ISACA, for a flat fee of US $2.50 per article plus 25¢ per page. Send payment to the CCC stating the ISSN (1526-7407), date, volume, and first and last page number of each article. Copying for other than personal use or internal reference, or of articles or columns not owned by the association without express permission of the association or the copyright owner is expressly prohibited.