ISACA Journal
Volume 5, 2,015 

Book Reviews 

Governance, Risk Management and Compliance: It Can’t Happen to Us—Avoiding Corporate Disaster While Driving Success 

Richard M. Steinberg | Reviewed by Maria Patricia Prandini, CISA, CRISC 

Governance, Risk Management and Compliance: It Can’t Happen to Us—Avoiding Corporate Disaster While Driving Success invites readers to think about using governance to promote the business. Those who peruse this book can gain a clear understanding of how the establishment of the right processes, organization and technologies can guarantee the accomplishment of corporate governance goals.

Over the last 20 years, there has been an increase in the negative perception of once highly respected companies. In Governance, Risk Management and Compliance, author Richard M. Steinberg describes, in detail, the cases of several organizations that failed to develop a corporate culture based on integrity and ethical values and, in contrast, companies that built success through sound perspectives on these issues. Among the factors leading to success, the sound use of technology is considered central to the company’s achievement of corporate governance.

Organized in 18 chapters, the book starts with a very clear explanation of what the discipline of governance, risk management and compliance (GRC) is and why it matters. The author shows how these related, but somewhat disparate concepts have a positive impact on the achievement of corporate goals and can drive companies to success when properly implemented.

The following chapters present the key elements that drive GRC. Culture, cost-effective compliance programs, ethics, risk management and other issues are described in detail. The book also provides many examples of companies that suffered and companies that succeeded with GRC programs to help readers understand the best ways to implement the GRC efforts they need. Other important issues such as the role of the boards of directors (BoD) and chief executive officers (CEOs), performance measurement and reporting, and internal control are also explained in this book.

Finally, the concluding chapter discusses the future of GRC and presents new models for board governance, the components of a healthy governance environment and how risk management will evolve in coming years.

Although not IT-centered, this book will be of interest to any professional looking for a better understanding of the complex subject of GRC. In fact, those interested in IT governance and management will surely gain valuable insights into the role of GRC implementation in achieving corporate goals, avoiding corporate disaster and driving organizations to success.

Editor’s Note

Governance, Risk Management and Compliance: It Can’t Happen to Us—Avoiding Corporate Disaster While Driving Success is available from the ISACA Bookstore. For information, visit, email bookstore@ or telephone +1.847.660.5650.

Reviewed by Maria Patricia Prandini, CISA, CRISC, who has a long career as a public official in different positions related to information technology in the Argentine Government. Prandini was involved in the development of the National PKI and the foundation of ARCERT, the first governmental computer security incident response team (CSIRT) in Argentina. She is the immediate past president of the ISACA Buenos Aires (Argentina) Chapter.


Add Comments

Recent Comments

Opinions expressed in the ISACA Journal represent the views of the authors and advertisers. They may differ from policies and official statements of ISACA and from opinions endorsed by authors’ employers or the editors of the Journal. The ISACA Journal does not attest to the originality of authors’ content.