DO agree on an IT-GRC implementation strategy. Moving disjointed, manual processes into an automated, centralized tool is an enormous undertaking. While a giant boa constrictor can unhinge its jaw and swallow a large mammal whole, that strategy is not advisable for your enterprise.
Choose a high-priority area for your initial implementation, preferably one that will produce a quick ROI. This will give you a record of success to build on and give you and the users a working knowledge of how to use the software, assess its value and share their knowledge with others. Take a top-down approach that will serve as a model as you expand, rather than a controls-centric tactic that won't scale well.
This first deployment should be initiated in the context of a larger plan for rolling out the IT GRC across the enterprise. After all, the goal is a centralized, automated, standards-based enterprisewide deployment.
You're viewing Insider content