What's Changing in the Approach to IT GRC?

Increasing cyber-hazards have been accompanied by another trend; Governance, Risk Management, and Compliance (GRC) focused on IT (referred to as IT GRC) is changing. More and more organizations have been turning to a risk-based approach.

Traditionally, IT is comprised of a variety of underlying functions. These functions include:

  • IT Asset Management, commonly used to inventory servers, computers, and other technology hardware;
  • IT Risk Management, including vulnerability and threat identification and assessment;
  • IT Application Management, used to monitor updates, complete performance reviews, and maintain security; and
  • Compliance, which allows organizations to follow applicable standards, requirements, and risks related to IT.
risk-based-approach-500x349.jpg?width=300What’s wrong with IT GRC?

The problem with a “silo’d” IT GRC approach, where each component receives an independent allocation of resources, is that it often causes a communication breakdown. When departments aren’t fully in touch, they risk ineffectiveness and redundancy.

For this reason, there has been a shift in the market. Organizations looking to increase both effectiveness and efficiency are beginning to see risk as the common denominator. Thinking about IT GRC through a “risk-based lens,” a lens that ERM software provides, allows risk managers to adopt a uniform process with standardized language, requirements, and scales.

A risk-based approach to IT Governance, Risk, and Compliance allows organizations to prioritize across technology functions to determine areas in need of greater assurance. The reflex for most organizations in our current IT environment is to increase spending on monitoring tools, but that strategy has created more gaps than it’s closed, and studies confirm that this inefficient method of allocating resources is losing the risk-reward tradeoff and dampening revenue.

Such an approach can help determine where to effectively spend money on IT security tools, and cuts down on interdepartmental overlap by centralizing the monitoring and testing functions. Most components of IT GRC have common or related elements, meaning certain resources and information are relevant to more than one stakeholder. Fostering communication of that risk-related information enables a single IT governance and security process that is easier to monitor, costs less to maintain, and reduces liability due to human error.

To read more about the risk-based process, take a look at our IT Risk Management page or download the datasheet on LogicManager’s risk-based IT GRC solution.

Votes: 0
E-mail me when people leave their comments –

Steven Minsky, CEO and Founder of LogicManager, is a recognized thought leader in risk management. Steven is well known for his precinct abilities to guide organizations through future risk events. Steven is a frequent speaker in the Energy, Financial Services and Cyber industries. While the first wave of COVID-19 caught many organizations by surprise, Steven predicted the pandemic impacts in January of 2020 and swiftly published action plans to help organizations prepare.

You need to be a member of Global Risk Community to add comments!

Join Global Risk Community

    About Us

    The GlobalRisk Community is a thriving community of risk managers and associated service providers. Our purpose is to foster business, networking and educational explorations among members. Our goal is to be the worlds premier Risk forum and contribute to better understanding of the complex world of risk.

    Business Partners

    For companies wanting to create a greater visibility for their products and services among their prospects in the Risk market: Send your business partnership request by filling in the form here!