1 / 13

GRC - A Strategic Approach

GRC - A Strategic Approach. Christy Thomas Sr. Cyber Security Advisor, Information Technology Group, Kuwait Integrated Petrochemical Industries Company (KIPIC). What is GRC ?. GRC: Integration of Governances, Risks, Compliance and Control Activities to operate in synergy and balance. GRC

wjacob
Download Presentation

GRC - A Strategic Approach

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. GRC - A Strategic Approach Christy Thomas Sr. Cyber Security Advisor, Information Technology Group, Kuwait Integrated Petrochemical Industries Company (KIPIC)

  2. What is GRC ? • GRC:Integration of Governances, Risks, Compliance and Control Activities to operate in synergy and balance. GRC Adds value to my business? • GRC:A continuous process which governs how management: • Identifies and Protects against Risks. • Monitor& Assess effectiveness of internal controls. • Responds to Gaps. • Improves by learning insights. What is GRC ? Is GRC worth the investment ? • GRC:A strategyto create business value: • Reduce cost. • Eliminate operational inefficiencies. • Rationalize controls. • Identify and mitigate risks.

  3. The Traditional Model Concerns: Oversightby Board of Directors and Executive Management Failureto Achieve Strategic & Operational Objectives LowBusiness Performance

  4. Why do we need GRC Automation ? Use of spreadsheets to track compliance & manage risks Usage of homegrown soft tools Unable to adapt to changes in regulatory and risk requirements Hard to produce Audit reports Increase in expenses to manage compliance and risk Difficult to make timely and accurate reports

  5. GRC Segments: • Operational Risk Management • IT Risk Management • IT Vendor Risk Management • Management Planning & Business Continuity • Audit Management • Corporate Compliance and Oversight • Enterprise Legal Management • Courtesy: Gartner

  6. IT Risk Management (ITRM) IT Risks: All IT Systems & Infrastructure, End Users that can create uncertainty in business flow Goal: Balance between operational and protection costs, without compromising business ITRM Solutions: Automate IT risk assessments, policy management, control and reporting IT Risk Elements

  7. IT Risk Management - The Focus Minimize Cost People:Outsource, Optimize org. chart, Freeze headcount, Trim salaries/benefits etc. Technology: Rationalize applications, Use the cloud, Go digital, Reduce over-provisioning etc. Process: Streamline processing steps, Automate manual processes, Speed up existing automation, Simplify processes Maximize Business Value Improve quality of service Cloud for agility and flexibility Build competitive advantage Leverage digital business Innovate Minimize Risk Use accurate capacity planning Soft tools that enable fast problem resolution Cyber Security Framework and Policies

  8. GRC - KIPIC Strategic Plans Minimize Cost: IT services and platforms in cloud Optimize staff strength K-SOC for cyber security alerts Shared resources for major incident response Local monitoring of cyber security visibility Maximize Business Value Buy only essential IT services and application Avoid home grown applications Real time end node protection Digitalization (end to end) MinimizeRisk Cloud based back up and restore infrastructure Critical servers on prim IT & OT – joint team to address OT network security Security data analytics for continuous improvement

  9. IT Vendor Risk Management (VRM) • Why?Increased use and dependencies on service providers and IT vendors NECESSITATES a risk management program • Benefit:Risk management programs HELPS to manage 3rd party risks with adequate controls, such as: • Vendor performance, Security and Data protection • Result:FAILURE to comply with strategic mandates cause significant repercussions in: -Audits • -Regulatory compliance • -Shareholder value • -Corporate viability

  10. IT Vendor Risk Management (VRM) In KIPIC, -We use VRM process to ensure IT service providers and IT suppliers are not a threat to business performance. What do we do ?: -Assess, Monitor and Manage the risk exposure from third-party IT suppliers and IT service providers or whoever has access to enterprise information. VRM Sequence

  11. Operational Risk Management (ORM) • ORM focuses on risks that relate to: • Uncertainty of daily tactical business activities • Resulting from failed processes/people/systems • External events • ORM Software Applications: • (ORM Software Eg.RSA Archer, Oracle Financial Reporting Compliance Cloud etc..) • Aggregate and normalize data of multiple data sources. • (operational, financial, regulatory alerts, incidents etc.) • Identify, assess and address operational risks across all departments of the business Courtesy: Gartner

  12. Business Continuity Management Plng. • Coordinate, Facilitate and Execute tasks that can identify: • Business disruptions • Disaster recovery • Respond to disruptive events • Recover critical business operations • Automate: • Risk assessment • Business impact analysis (BIA) • Recovery plan and invocation

  13. Q&A Thank you

More Related