What's Changing in the Approach to IT GRC?

Increasing cyber-hazards have been accompanied by another trend; Governance, Risk Management, and Compliance (GRC) focused on IT (referred to as IT GRC) is changing. More and more organizations have been turning to a risk-based approach.

Traditionally, IT is comprised of a variety of underlying functions. These functions include:

  • IT Asset Management, commonly used to inventory servers, computers, and other technology hardware;
  • IT Risk Management, including vulnerability and threat identification and assessment;
  • IT Application Management, used to monitor updates, complete performance reviews, and maintain security; and
  • Compliance, which allows organizations to follow applicable standards, requirements, and risks related to IT.
What’s wrong with IT GRC?

The problem with a “silo’d” IT GRC approach, where each component receives an independent allocation of resources, is that it often causes a communication breakdown. When departments aren’t fully in touch, they risk ineffectiveness and redundancy.

For this reason, there has been a shift in the market. Organizations looking to increase both effectiveness and efficiency are beginning to see risk as the common denominator. Thinking about IT GRC through a “risk-based lens,” a lens that ERM software provides, allows risk managers to adopt a uniform process with standardized language, requirements, and scales.

A risk-based approach to IT Governance, Risk, and Compliance allows organizations to prioritize across technology functions to determine areas in need of greater assurance. The reflex for most organizations in our current IT environment is to increase spending on monitoring tools, but that strategy has created more gaps than it’s closed, and studies confirm that this inefficient method of allocating resources is losing the risk-reward tradeoff and dampening revenue.

Such an approach can help determine where to effectively spend money on IT security tools, and cuts down on interdepartmental overlap by centralizing the monitoring and testing functions. Most components of IT GRC have common or related elements, meaning certain resources and information are relevant to more than one stakeholder. Fostering communication of that risk-related information enables a single IT governance and security process that is easier to monitor, costs less to maintain, and reduces liability due to human error.

To read more about the risk-based process, take a look at our IT Risk Management page or download the datasheet on LogicManager’s risk-based IT GRC solution.

Views: 100


You need to be a member of GlobalRisk community to add comments!

Join GlobalRisk community

Our Sponsors

Would you like to reach over 90,000 + Risk Professionals? 



Current Partners Include:





Join GRC Inner Circle - Get Top Risk Resources, Member Support PLUS become our patron

Business Exchange

If your organization delivers products and services that bring value to our members, you are welcome to join our partnership program.

Companies are welcome to setup a business profile page in our Multimedia Business Directory. You will get full control of the page and can include cutting edge possibilities – videos, adverts, presentations, white papers, job offers, Press Releases, product information, company blog, news feeds and more.


Our Knowledge Partners

Request our MEDIA KIT

Our Twitter feed

© 2020   Created by Boris Agranovich.   Powered by

Badges  |  Report an Issue  |  Terms of Service