Because of all the changes we are living through - the velocity of regulatory changes, a global pandemic, and no end in sight of cyber events - there’s a heightened awareness for the need for GRC.
Organizations are beginning to realize that it’s no longer sufficient to have a few policies on a napkin and maybe a risk register in a spreadsheet. This realization has led to more and more companies maturing and building out comprehensive GRC programs.
While we loooove to see it, it’s important to ensure your GRC program is aligned with both your short and long-term goals.
Organizations can tackle right sizing in several ways, some of which include:
Even an immature company likely has work that has already started but that work is often overlooked. As such, it’s important that a practitioner take a comprehensive assessment of their organization prior to laying the foundation of the program.
Make it a point to understand what data and controls are already being managed and identify gaps. This can be completed in doses using the selective framework and control set approach previously outlined.
Also, don’t bite off more than you can chew. Rome wasn’t built in a day.
A phased approach to right-sizing = more manageable and affords greater success.
Organizations whose GRC program britches are a little too tight can suffer major consequences. The greatest, and most obvious, implication is the cost of realizing a risk - which could have been avoided if their program was right-sized.
Recent research shows that 61% of survey respondents had experienced at least one compliance violation in the past 3 years, which cost anywhere from $100k - $20M for a single incident.
Read that again.
Up to $20M for a violation that could have been avoided. Prevention is the best GRC medicine. The cost of a realized risk is far greater than the cost of a right sized GRC program.
Aside from the possible implications previously discussed, organizations can reap many benefits of maintaining the right size, including:
Don’t be afraid to ask for outside help. There are so many consultants, advisors, and Managed Service Providers who have a wealth of right sizing knowledge with proven techniques across hundreds of clients. Their job is to help organizations find efficiencies and avoid landmines. Use ‘em!
Leverage your first mover advantage with a renewed approach towards governance, risk, and compliance. Download this free eBook that explains the Paradigm Shift in Modern Governance, Risk & Compliance.
Need help right-sizing your GRC program or don’t know where to begin? We got your back!
How about a whistle-stop tour with one of our 6clicks maestros? Easy, just click the button below and let the good times roll.
All we want to do, every day, is make the world of GRC easier to manage. We can't do that without you, so we hope to hear from you real soon!
Fast, clear, smart, agile. #NoSpreadsheets 🚫