In addition to risk mitigation, GRC programs offer the business a lot of ROI from the consistent cataloging of processes across the enterprise. And consistency is one of the foundational elements needed in evolving IT service delivery to a value-chain-based model, says Nauman Noor, director of PwC Advisory Services.
"Use of GRC tools often results in a level of standardization and conformance when it comes to capturing processes as well as aligning the high-level representation -- value chain -- across various departments and, in case of large corporations, business units," he says.
This gives enterprise IT the ability to use information about processes gathered through GRC to offer things like activity-based costing and offer more integrated view of how the organization interacts with its customers, he says.
"The ongoing compliance and audit activities supported by such tools ensure captured processes, controls, and assessment of their efficacy are relevant and representative," Noor says.
GRC Can Reduce Gaps In IT, Increase Business Agility
It may be a little bit of a chicken-and-egg situation, but just as organizations should be looking to bust IT silos to create a good GRC program, a good GRC program can be used to bust silos.
"A well-architected GRC program can effectively bridge the gaps between various areas of a single organization, connecting the company's resources, processes and systems to reduce redundancy; resolve process, procedural, and technical inadequacies; and provide decision-makers with actionable information to drive successful business operations," says Steve Barone, president and CEO of IT advisory services and network security firm Creative Breakthroughs.
Barone believes that an effective convergence framework will increase agility within enterprises and can ultimately fuel strategic planning decisions. Ideally, it will be helping to eliminate redundant business and IT activities, and ultimately increase efficiency of spend on effective innovation. But to achieve these gains, organizations can't view GRC as a one-shot deployment.
"A GRC program shouldn't be a one-time event -- it should be an ongoing, sustainable process that empowers organizations to cultivate value from what is often perceived as a nonrevenue-generating requirement for doing business," Barone says.
Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.