What is IT GRC?

Simply, IT GRC encompasses the practices for delivering the following: 1 .Greater business value from IT strategy, investment and alignment 2 .Significantly reduced business and financial risk from the use of IT 3 . Conformance with policies of the organization and its external legal and regulatory compliance mandates While some of these practices involve continuous improvement to quality, others involve practices and capabilities that are known to be effective, along with objectives for what the organization wants to achieve . IT GRC energizes the entire organization to imagine what it can achieve, establishes methods for achieving their objectives, and demonstrates the practices that are proven to work for minimizing business and financial risk . Fundamentally, IT GRC is about striking an appropriate balance between business reward and risk, enabling an organization to more effectively anticipate and manage business risk while more effectively delivering value for the organization

Safely managing the speed of IT
Much like a team trying to win an automobile race, an organization may choose to press the accelerator pedal of IT usage and change to the floor . But, when road condi- tions, fuel remaining in the tank, tire conditions, brakes, and drivers change, or when drivers are not paying attention, accidents are more likely to occur .

Objectives of organizations cannot be achieved when IT change does not keep pace with changing business conditions . Similarly, when the pace of IT change or use is faster, accidents are more likely . IT GRC involves the practices and procedures imple- mented to: • Govern the investment and alignment of IT strategies and resources • Manage risks associated with the introduction, use, and disposition of IT resources • Manage compliance with company policy, regulatory, and legal requirements Like the driver of an automobile, experience begets greater maturity, enabling some organizations to accelerate past competitors with less worry .