Getting tactical — Improving enterprise resiliency with GRC technology

Start adding items to your reading lists:
or
Save this item to:
This item has been saved to your reading list.

Managing enterprise resilience and recovery planning by using a collection of documents throughout shared directories is not efficient. Documentation of maintenance and interconnectivity with other risk management efforts makes business continuity program administration time-consuming and prone to errors. Implementing an integrated governance, risk and compliance (GRC) technology business continuity application module within your GRC framework can show where resiliency risks exist and how they can be managed. Additionally, an integrated module can help engage the organization in integrating resiliency and recoverability into critical processes.

Multiple business continuity management drivers are impacting the way many organizations are evolving their resiliency management efforts:

BCM drivers enterprise resiliency
BCM drivers enterprise resiliency

There are numerous enterprise resiliency management benefits gained by using GRC technology to enable business continuity management. Common GRC technology applications and their linkages to business continuity include:

Policy management

As policies and procedures change, configuring the GRC technology risk applications to automatically follow the new policy.

View more

Information technology (IT) security operations management

Enhancing the organization’s planned response to cybersecurity-related crises by linking the crisis management plans found within the business continuity module to the security organization’s incident response actions.

View more

Compliance management

Linking the resiliency compliance requirements often found in regulated industry sectors with business continuity program efforts where compliance evidence naturally occurs (e.g., artifacts and results of business continuity tests and exercises).

View more

Threat management/risk assessment

Helping detail and visualize the potential risk and impact balanced with the organization’s capabilities for response to changes in the enterprise’s risk exposure and risk appetite.

View more

Vendor management

Enhancing transparency into a vendor’s resiliency by linking to the key vendors found within the business continuity plans and the impact an impaired vendor might cause on the organization. As new key vendors are identified, ensuring the right focus is maintained on the need for their resiliency, service-level-agreement development, on-boarding and monitoring.

View more

Incident management

Capturing and facilitating the analysis of important incident-related artifacts about company assets and resources. This can include impact identification and quantification for the assets involved, as well as other attributes necessary for financial, regulatory, contractual, reputational post-incident analysis and follow-up.

 

View more

Contact us

Mike Maali

Mike Maali

Internal Audit, Compliance & Risk Management Solutions Leader, PwC US

Brian Schwartz

Brian Schwartz

Partner and Primary Author of the Global Risk Study, Risk Assurance, PwC US

Follow us