Insight | Fundamental Aspects of IT GRC Management
IT Governance Risk and Compliance (GRC) is a cyclical process. It requires an on-going effort involving all levels of the organization, from the highest level of management to the end users. Contego assisted a major metropolitan health centre who found success by first understanding that an IT governance plan must be established for any project or undertaking. They found that by first establishing a steering committee and an IT Governance Plan, they could better communicate management objectives to the IT organization along with expectations for behavior when pursuing these goals. Organization-wide governance establishes, among other things, positive outcome and growth expectations, and avenues to customer satisfaction, new products, and market development - all areas where IT can make a significant contribution when all governance efforts are coordinated.