IT Governance, Risk and Compliance (IT GRC)
- Does business understand how IT operates or what it can and cannot do within a certain time frame?
- Is the IT organisation faced with dramatic change following a merger/acquisition?
- Is there adequate view or control over IT spending, or are IT costs perceived to be too high?
- Is there good understanding of IT related risk? Are IT related risks properly managed?
IT GRC ensures that …
- Activities and functions of IT organisation(s) support objectives investments are maximised.
- IT delivers envisioned benefits against the strategy, costs are optimised, and relevant best practises incorporated.
- The optimal investments is made in IT and critical IT resources are responsibly, effectively and efficiently managed and used.
...for embedding IT GRC in the organisation
Some important issues:
- Organisations need to satisfy quality, fiduciary and security requirements for information as for all other assets
- Committee of Sponsoring Organisations of the Treadway Commission (COSO) defines widely accepted control framework for enterprise governance and risk management also requires a framework for control over IT
- Sarbanes-Oxley, Basel II
- Industry specific regulations
- General call for greater transparency
PwC’s IT GRC Capabilities
- Automation of risk monitoring
- Policy distribution and response
- IT Controls assessment and measurement
- IT Asset repository
- Automated General Computer Control (GCC) collection
- Remediation and exception management
- Advanced IT risk evaluation and compliance dashboards
- IT Governance
- Controls and policy library