IT Governance & Compliance
Securing Business Value From IT
For many organizations today, IT is central to success, and IT performance has a direct impact on business performance. But IT departments don’t perform well for the business by chance.
IT spend, decision making and activity need to be in line with the overarching business objectives to make sure IT is supporting these objectives.
That means the business needs to have its hands on the levers of IT – to be able to govern IT in the same way it governs other business units.
Compliance and governance are not the same thing at all but this viewpoint explains why some believe that effective IS governance is the way in which an IS organisation can discharge its compliance requirements at the same time as retaining the leadership role for service delivery. Peter Wheatcroft, principal consultant, Partners in IT, takes a good hard look at what governance actually entails.
Governance, risk management and compliance (GRC)
It is the umbrella term covering an organization's approach across these three areas: Governance, risk management, and compliance. The first scholarly research on GRC was published in 2007 where GRC was formally defined as "the integrated collection of capabilities that enable an organization to reliably achieve objectives, address uncertainty and act with integrity." The research referred to common "keep the company on track" activities conducted in departments such as internal audit, compliance, risk, legal, finance, IT, HR as well as the lines of business, executive suite and the board itself.