Comments
Top 10 Governance, Risk, Compliance Tech Spending Priorities
Newest First  |  Oldest First  |  Threaded View
Ashu001
50%
50%
Ashu001,
User Rank: Ninja
6/28/2014 | 4:00:33 PM
Thanks for taking up on my Suggestions!
Dear SusanN,

Thank you so much for taking up on my suggestion(To release an article on this Issue).

Really,really appreciate it and must say you have done a fine job!

It never ceases to amaze me how few Organizations do GRC effectively(if at all today).

Most just simply bolt some Modules onto their ERP system and think the Job is done.

Unfortunately,the real changes needed(at the Employee Level) almost never happen.

Regards

Ashish.

 

 
Ashu001
50%
50%
Ashu001,
User Rank: Ninja
6/28/2014 | 3:55:29 PM
Re: Those Pesky Stakeholders
Curt,

As someone who has dealt with precisely this situation previously,I have to say you have hit right in the head.

None of this stuff is easy to handle/wrap your hands around initially.

However,That does'nt mean one should ignore it entirely because that will be a sure-fire recipe for not just Chaos but also a total mess in the company at hand.

Regards

Ashish.
Ashu001
50%
50%
Ashu001,
User Rank: Ninja
6/28/2014 | 3:49:19 PM
Re: The role of the CIO
sferguson,

What typically tends to happen is that Compliance falls outside the Typical ambit of C-Level Execs.

The Department typically reports directly to the Board(or in rare cases to the CFO).

Compliance usually has all these complementary functions rolled into one Independent Unit for greater effectiveness.

The Key here is GRC-Governance,Risk and Compliance.

You have to put all that together in the name of Fraud Prevention(among other closely related functions).

Regards

Ashish.
Susan_Nunziata
50%
50%
Susan_Nunziata,
User Rank: Strategist
6/25/2014 | 3:47:10 PM
Re: Those Pesky Stakeholders
@Curt: Ah, yes, in an ideal world...

I"m sure you've nailed exactly why the CIO probably keeps his or her distance when it comes to helping make technology decisions that can improve GRC management in an organization. Thing is, GRC really extends to every corner of the organization, and at the moment most organizations handle it on a dept. by dept. basis. The CIO does have a role to play in helping to shape a more strategic, holistic approach, and would probably do well to start by convincing the CEO that this is needed, rather than trying to work the problem from the ground up.
Susan_Nunziata
50%
50%
Susan_Nunziata,
User Rank: Strategist
6/25/2014 | 3:44:20 PM
Re: The role of the CIO
@Scott: Figuring out where the CIO fits in is exactly the challenge here. As the survey results show, only 9% of respondents were CIOs, yet we're talking about technology decisions that could dramatically improve a company's GRC position. While the CIO alone cannot make these decisions, the CIO can and should, in my opinon, take a moer active role in helping guide GRC purchasing decisions and help figure out better ways to manage GRC needs. Letting GRC stakeholders rely on spreadsheets and word documents is downright dangerous and could be extremely costly for an organization.
sferguson10001
50%
50%
sferguson10001,
User Rank: Moderator
6/20/2014 | 11:08:03 AM
The role of the CIO
Susan: I read your article but I didn't see where someone like the CIO fits in? Should an issue like compliance be the responsibility of the CIO, is that the best use of his or her time? How much of the legal department should be involved? Or do you need a team of tech, legal, and other major stake holders to get this to work? Should you hire a consultant instead who has expertise in this field?
Curt Franklin
50%
50%
Curt Franklin,
User Rank: Strategist
6/20/2014 | 10:53:37 AM
Those Pesky Stakeholders
It seems to me that the hardest part of the suggested practice is figuring out precisely who "all the stakeholders" are. In an organization of any size, about the time you have your third meeting someone's going to pop up and say, "Wait -- I play a vital role in this process and what you're doing is all wrong!" I have to believe that some sort of formal notification and comment process should be internally published: If a stakeholder ignores the announcements about the process and doesn't deliver comments during the proper period, then they get to adapt what they're doing to the new process, regardless of their caterwauling.

Yeah, no politics wrapped up in that, at all.


The Business of Going Digital
The Business of Going Digital
Digital business isn't about changing code; it's about changing what legacy sales, distribution, customer service, and product groups do in the new digital age. It's about bringing big data analytics, mobile, social, marketing automation, cloud computing, and the app economy together to launch new products and services. We're seeing new titles in this digital revolution, new responsibilities, new business models, and major shifts in technology spending.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - July 22, 2014
Sophisticated attacks demand real-time risk management and continuous monitoring. Here's how federal agencies are meeting that challenge.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
A UBM Tech Radio episode on the changing economics of Flash storage used in data tiering -- sponsored by Dell.
Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.