Dos and don'ts for IT GRC success

Become An Insider

Sign up now and get FREE access to hundreds of Insider articles, guides, reviews, interviews, blogs, and other premium content. Learn more.

DO agree on an IT-GRC implementation strategy. Moving disjointed, manual processes into an automated, centralized tool is an enormous undertaking. While a giant boa constrictor can unhinge its jaw and swallow a large mammal whole, that strategy is not advisable for your enterprise.

Choose a high-priority area for your initial implementation, preferably one that will produce a quick ROI. This will give you a record of success to build on and give you and the users a working knowledge of how to use the software, assess its value and share their knowledge with others. Take a top-down approach that will serve as a model as you expand, rather than a controls-centric tactic that won't scale well.

This first deployment should be initiated in the context of a larger plan for rolling out the IT GRC across the enterprise. After all, the goal is a centralized, automated, standards-based enterprisewide deployment.

To continue reading this article register now