SEPTEMBER 2021CIOAPPLICATIONS.COM9· Who are the owners and stewards of each data type and how will changes be vetted and approved?· Are the key customers and consumer of dashboards and reports identified in order to have input to the information delivered and in what format?· Can you ingestinventory data (e.g., teammate, technical asset, business process, vendor, cost center, location, etc.) up front and, where possible, provide regular automated updates within your GRC tool?· Is the impact of data changes from one risk function on other GRC functionality understood (e.g., will business process changes for risk assessment purposes result in scope, definition, and rework changes to business continuity plans, policy and procedures, model risk attestations, other reassignments, etc.)?· Will the GRC tool provide performance reporting on the entire Integrated Risk Management process to identify operational gaps, subsequent automation improvements, and additional value-added reporting?Know the Ways of the SeaInitial GRC tool implementation can be frustrating and challenging. The initial data collection process, if done well, will be extensive.It will feel like the tool is not adding any value for an extended period of time. This is no time to take the direct path though the rapids; initial tool setup is best done along the longer yet calmer course. The long-term benefits of being initially cautious are significant. Having your asset inventories within the tool before building GRC workflow will allow you to:· Address discrepancies in the asset inventories which will in turn add value by streamlining or enhancingupstream operational processes· Allow the business to become familiar with the GRC tool in a safe and controlled manner, increasing long-term adoption and value· Deliverextended flexibility and process simplicityDeparture ReadinessNow that you have your sea legs, remember that providing strategic clarity and supporting the initial data-driven implementation phase will serve you well to enable ongoing voyages toenhance Enterprise-class Integrated Risk functionality. If the initial voyage is successful, you will have taken steps to establish a culture of transparency, collaboration, and resiliency, serving you well along ongoing journeys into the unknown. Having clear understanding of the purpose of the GRC tool implementation will enable you to drive effective design: infrastructure hosting options, capacity planning, desired functionality, and ongoing system support model
< Page 8 | Page 10 >