Chapter 16. Top Ten GRC Strategies
Are you eager to get started with GRC? This chapter details the strategies used in the most successful GRC projects.
Evaluate Which of the Most Prevalent GRC Issues Apply to You
The most prevalent GRC issues facing companies include audit compliance, segregation of duties, and internal productivity and resource availability.
For audit compliance, you should
Establish an approach and process to manage risks.
Pinpoint sources of deficiencies and data sources to identify preventative measures.
Eliminate conflicting testing methods and reconciliations.
For segregation of duties, you'll want to
Identify business functions that produce risks when executed by one person.
Gain risk visibility on 100 percent of user population.
Perform risk analysis before committing and approving changes to access controls.
To improve internal productivity and resource availability
Focus on prevention. It's better to prevent bad things from happening in the first place than to simply detect them after the fact.
Document test results and violations by business process and organization. Doing so will give you a scorecard of what's happening in various business processes and units.
Select controls and tolerances concurrent with organization policies, procedures, and regulations. In other words, you don't want alarms going off all the time — just when something warrants further investigation.
Adopt Best Practices
The 2006 SAP GRC Benchmarking Survey identified seven best practices for GRC: ...