One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 1563287 |
| Date de publication | 2020-02-24 13:00:00 (vue: 2020-02-24 14:01:02) |
| Titre | Dawn of a new decade: Leaping from GRC to IRM - A building block approach |
| Texte |
This blog was co-authored by Carisa Brockman, GRC Practice Lead.
First things first: It is crucial to understand the difference between Governance, Risk and Compliance (GRC) and Integrated Risk Management (IRM) because this sets the stage for long term strategic risk management and breaks down the siloed approach to risk that exists in many organizations today. It is because GRC is sometimes implemented from a compliance-driven strategy rather than a risk driven initiative. Instead of delving into the name itself, let’s define the approach and get started with the key items to consider while making the transition from GRC to IRM, so that it feels less like a leap.
GRC can be defined as a set of tools for managing compliance and remains valuable for that specific challenge, but it aligns less precisely with today’s evolving definitions of risk and risk management. The answer is not to abandon GRC completely, but to evolve into an approach that is better suited to today’s multifaceted challenges, which is IRM.
What does it mean to adopt an integrated approach?
It involves managing risk at an enterprise level with risk-aware people, integrated processes working across business entities, and a centralized and enabling technology platform.
As organizations embark on this journey of implementing IRM, some of the everyday wish list items we hear about from our customers primarily include:
Unifying all of your risks across the organization
Adding automation to improve accuracy and consistency
Linking incidents, claims, risks, and controls to action plans
Providing the right metrics to assist with enterprise actionable decision making
Removing silos and building the link amongst ERM, Internal Audit, Legal, IT, Cybersecurity and overall business
Connecting the dots: It is our business to help protect your business.
Many organizations across industries are adopting an integrated approach to risk management across their business units and extended vendor network. This cohesive approach enables stakeholders to effectively coordinate and unify risk management activities across all business functions, simultaneously aligning their assurance programs gaining comprehensive visibility into both risk exposure and relationships.
Here are some building blocks to consider as you embark on this journey of identifying the IRM platform that will best fit your organization.
What is in a name?
Moving beyond acronyms: As you are putting together the building blocks of IRM and moving beyond GRC, some of the key considerations should be around the outcomes of the IRM initiative. Is this going to help build a risk-aware culture within your organization? A cyber strategy is closely linked to business strategy and risk-aware culture gets your cybersecurity initiatives a step closer to the business objective.
That brings about the need for a formalized risk strategy within your organization. It is not about listing out of all the potential risks but being able to tie it to business outcomes and more importantly, to see it through to risk mitigation. Today, we see many point solutions within organizations and the data generated from many sources never make it to the overall risk posture and do not feed into the actionable decision-making process.
With increased attention being paid to risk management as a critical driver for business success, more companies are thinking about the potential of an integrated risk management approach, and we hope this triggers an initial action plan that can be applied in that process.
|
| Envoyé | Oui |
| Condensat | abandon able about accuracy acronyms: across action actionable activities adding adopt adopting aligning aligns all amongst answer applied approach are around assist assurance attention audit authored automation aware because being best better between beyond block blocks blog both breaks brings brockman build building business but can carisa centralized challenge challenges claims closely closer cohesive companies completely compliance comprehensive connecting consider considerations consistency controls coordinate critical crucial culture customers cyber cybersecurity data dawn decade: decision define defined definitions delving difference does dots: down driven driver effectively embark enables enabling enterprise entities erm everyday evolve evolving exists exposure extended feed feels first first: fit formalized from functions gaining generated get gets going governance grc hear help here hope identifying implemented implementing importantly improve incidents include: increased industries initial initiative initiatives instead integrated internal involves irm items itself journey key lead leap leaping legal less let’s level like link linked linking list listing long make making management managing many mean metrics mitigation more moving multifaceted name need network never new not objective organization organizations out outcomes overall paid people plan plans platform point posture potential practice precisely primarily process processes programs protect providing putting rather relationships remains removing right risk risks see set sets should siloed silos simultaneously solutions some sometimes sources specific stage stakeholders started step strategic strategy success suited technology term than things thinking through tie today today’s together tools transition triggers understand unify unifying units valuable vendor visibility what which will wish within working your |
| Tags | Guideline |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.