“You cannot manage what you don’t monitor”. This is our motto and the essence of good Governance.  To effectively manage your company you must monitor activities which includes having benchmarks, KPI’s and governance frameworks.

With our recent challenges in reduced budgets, cost cutting and the tough economic outlook, many organizations controls have weakened.  Currently, security breaches continue at an alarming rate and corporate fraud has increased, all despite heavy investment in Sarbanes-Oxley control compliance and risk management programs. Unfortunately, our challenges are driving more than one-time failures, they are driving long-term systemic failures in Governance.

Good governance drives sustainable, repeatable processes for risk management and compliance. Unfortunately, recent organizational direction has been to reduce resources in key assurance functions of such as internal audit, risk management and compliance. The results are highly stressed change management processes, a lack in segregation of duties, and a reduction in both preventative and detective controls. Worst of all, the dashboards that monitor compliance are being ignored because many organizations feel they just don’t have the resources.  Therefore, conformance to contractual obligations, governance frameworks (such as ITIL, NIST 800-53, and CobiT), and internal policies, and procedures are reducing at an alarming rate and nobody knows about it!

Not knowing or managing your Governance, Risk and Compliance may seem acceptable, however, when an incident occurs and your organization’s governing boards (Board of Directors, Audit Committee, NCUA, PCI, HIPAA, etc.) asked the following questions, how would you answer?

  • What is your governance framework for IT?
  • Does the IT governance framework support the business processes or are they a deterrent?
  • How are you progressing towards maturity in your governance framework?
  • What is the organization’s state of compliance?
  • Does the organization have a sustainable, repeatable risk assessment methodology?
  • When was the last time the policies, procedures and risk assessment were reviewed and updated?

If you don’t know the answer, can’t answer or don’t like your answer to the above questions, GRC Consulting Services can assist your organization in understanding your current Governance processes, then map out a cost effective solutions that will mature your practices.