IT Governance

Governance, Risk Management & Compliance (GRC)

IT Governance, Risk Management & Compliance

GRC is an overall label for companies to implement best practices in their business and IT process to protect consumers and financial markets to protect consumer data and financial information.

The ‘Corporate and Auditing Accountability and Responsibility Act of 2002, affectionately known as the Sarbanes-Oxley Act, or SOx, was enacted as a reaction to a number of major corporate and accounting scandals that impacted corporate reporting, stock market values and investor security.

Within SOx, Section 404 – Management Assessment of Internal Controls specifically deals with Infrastructure Technology within a company. And to some extent, Section 302 – Corporate Responsibility for Financial Reports explain the Information Technology role within that reporting process for a company.

Compliance with GRC is required for publicly held companies. But it’s also a good idea for any privately held company. It can save you money and provides a framework to oversee the processes within your business.

You can make it a lot easier on your company and on your self for ensuring your small business starts out and remains compliant from the beginning. You’ll have a lot less to change AND it will be much less expensive than if you wait till later on when you’re looking to sell your business or go public. That means starting your oversight with IT Governance, Risk Management and Compliance as soon as you can.

I’ve retired now. But even though technology changes, much of the follow is still applicable to ensuring governance and remaining compliant. Still, you may need to adjust some of the following based on new reporting requirements and security concerns. Just make sure your organization is adhering to an industry standard like COBIT, ISO and/or ITIL.

© 1997-2014 Springwolf, D.D., Ph.D., Springwolf's Kosmos. All Rights Reserved.
© 1997-2018 Springwolf, D.D., Ph.D., Springwolf’s Creations. All Rights Reserved.