We are living in a complex and rapidly changing world in which there is a vast growth of opportunities and the innovations are broadly accepted and at the same time we are inviting risks and threats for the organisation. This causes a situation of dilemma of whether to increase the amount of data or not but with the global expansion of the firms the overshoot of the data is inevitable. To overcome this daunting risk it becomes salient to have compliance obligations which can provide well framed policies to be implemented.

A GRC approach is a well disciplined, organised and a structured way to co-ordinate the information and the activities of a firm. It is very important to monitor the data on a regular basis which can be scheduled by GRC by enforcing certain rules and procedures. GRC merely involves the installation that harmonize the data in multiple departments including IT control self assessment and evaluation, IT asset repository, finance and auditing, Enterprise risk management, IT compliances as well as in the legal domain. The tools provided by GRC become increasingly important for the company to manage the risk. The Gartner’s approach to GRC have defined 6 cases and they are-

IT risk management : It mainly consider the data security issues, the processes of data security and its implementation.

Operational risk management : This area deals with the operational risk in the organisation, the capital allocation, time and expense management, predictive analytics all comes under this GRC vendor.

Audit Management : The audit team maintains an audit cycle such as audit planning, audit risk management, audit repository, evidence management etc

Vendor risk management : It uses the VRM tools for measuring the management and considers the third party related risk.

Business continuity management : facilitating the services after any major disruption takes place. The protection of the data when any disaster happens is controlled by GRC tools.

Corporate compliance and oversight : The corporate ethics, code of conduct, the governance codes and the standards and policies that affect the overall efficiency of the firm.

Despite of the well organised structure there are certain issues which act as a barrier in achieving the GRC goals and they are:
1. Lack of collaboration and the co-operation
2. Lack of clear leadership
3. The organisational changes which are not very easily acceptable at each level
4. Difficulty in hiring those people who are skilled in GRC implemented field only.
5. Inadequacy of that particular technology.
6. The imbalance created in the other departments.

The main stumbling block for GRC is that it can be applied to any specific domain or we can say to an individual area at a time which causes various other problems. This flaw is very well routed by Integrated Governance, Risk and Compliances (iGRC). There are basically four components of GRC and they are strategy, people, technology and processes. The subjects, components and the rules of GRC are merged to make an integrated GRC. The impact of iGRC can be seen when we understand the benefits it can have over other compliances. The benefits of Having IGRC are given below.

Integrity of Critical controls : The critical infrastructure of the firms are required to be controlled at an early stage which can be substantially handled by iGRC software and tools.

Management system with network security : The GRC technology is being configured with the network sensors and thus providing high security by recognising the threats at a significant level. The data leakage and e-mail spamming can be easily detected if network security is being provided with GRC.

Vulnerability detection : The main cause of risks are that the vulnerabilities in the system are not detected by the system makers themselves which causes a loophole in the system.

Keeping the Users login data : The entries of the new users as well as the existing ones can be maintained which can easily detect the attackers. Maintaining the record of all the end points so that any new entity can be easily observed.

Firewalls and other network security essentials : Data entering and leaving the system is to be re-checked and recorded. It can provide with the network intrusion detection and preventions and the router management system.

Elevated automation : The automation of control checks at each level, the change in threat levels and taking the measures to avoid it.

Archita Srivastava
MBA-IT
IIIT Allahabad