Chapter 3. Governance: GRC in Action

In the past few chapters, we examined the R (risk) and the C (compliance) of GRC. In a nutshell, risk not only deals with what could go wrong, but also where a sophisticated and enterprising company might be able to divine opportunities. Examining risk involves finding the lemons and maybe some water and sugar to make fresh lemonade. Compliance, on the other hand, is doing what you are supposed to do from a regulatory standpoint. Simply put, comply or pay the consequences.

On their own, the two legs of risk and compliance make something of a fairly wobbly stool. They are all talk and no action. They are a car with no engine. It's the third leg, governance, that allows the stool to stand, or the car to drive, depending on which analogy you favor.

In this chapter, we show you the benefits of good governance, how to create a blueprint for it, and how to make sure that you maintain a positive approach to governance over time. We also take a look at the importance of automation in executing your governance plan and examining the details of the SAP solution.

Getting to Know Governance

So, what is governance? Avoiding risk and trying to make lemonade out of lemons seem like pretty good ideas. So, too, is complying with relevant rules and regulations rather than paying fines, risking the company's brand and reputation, or worse.

However, without the governance component, compliance and risk are merely ideas floating around the boardroom. It's a classic stereotype: ...

Get SAP® GRC For Dummies® now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.