ISACA session about GRC

Editor's Notes

• #2: To view this presentation, first, turn up your volume and second, launch the self-running slide show.
• #3: To get 200% benefit of this presentation, first, mute your cellphone and second, unlearn whatever you know in GRC world & lend your ears for next 60 minutes.
• #4: GRC is a powerful compliance program which can move & shake any organization.
• #5: For more than 24 months, FixNix has developed GRC programs…
• #6: …to improve compliance,
• #7: …align all departments,
• #8: …increase company value,
• #9: …and propel
• #10: …GRC program.
• #11: Along the way we’ve discovered…
• #12: …five simple rules for creating Governance, Risk & Compliance programs.
• #13: The first rule is: Treat your business as king.
• #14: Your business groups, management deserves to be treated like royalty. Design a GRC program that meets their needs, not just yours.
• #15: Management want to know what you can do for them, why they should adopt your view, and the steps they need to follow to take action.
• #16: Give them those things in a clear, easily understandable way…
• #17: …and you will undoubtedly find favor with the king.
• #18: The second rule is: Spread ideas and move people.
• #19: Your business didn’t show up to read your 60 page on screen dissertation.
• #20: They’re there to see you. To be inspired by your message…
• #21: …and witness the quality of your thought.
• #22: You are not giving your presentation to have another meeting. You are there to convey meaning.
• #23: So, consider including imagery that powerfully illustrates your point.
• #24: IT roadmap for GRC
• #25: How do we align our GRC initiatives ?
• #26: How do I assess risk ?
• #27: Policies, procedures and controls
• #28: What are the elements of privacy risk management and compliance ?
• #29: How can operational controls add value to a business process ?
• #30: How do I know if my GRC system or overall program is effective ?
• #32: How should we conduct investigation
• #33: Suspicious activity investigation lifecycle
• #34: What controls are needed for the extended enterprise ?
• #35: How do we broaden our awareness of incidents and risks?
• #36: How do we optimize our approach to GRC
• #37: How do we integrate IT to enable GRC ?
• #38: How do we manage the business risk of fraud ?
• #39: How do we measure the performance of GRC ?
• #40: How does a federated GRC approach apply to policy management ?
• #41: How can we use a lean approach for compliance and control ?
• #42: Which GRC product has it all ?
• #43: And a thought-provoking inclusive awareness training moves your business in a way that can change not only minds, but hearts.
• #44: The next rule is: Help them see what you are saying.
• #45: Half of the people in your business are verbal thinkers and the other half are visual.
• #46: Combining minimal text with meaningful visuals means that you’ll reach everyone.
• #47: Brainstorm graphics that will effectively communicate your message…
• #48: …and replace those words with a picture, chart or diagram. Then apply a consistent treatment to your graphics to give your whole GRC solution a unified look so that your business is attracted to, rather than distracted from, your message.
• #49: Rule number 4: Practice design, not decoration.
• #50: As tempting as it is to fill your GRC solution with stuff, often de-decorating is the best policy.
• #51: Any writer or designer will tell you that 90% of the creative process…
• #52: …is destructive.
• #53: Do you have a main point? Consider putting just one dashboard on the GRC solution by itself. Want them to remember a few items? Don’t show everything at once. Instead, show one item at a time. Have a snapshot that expresses your idea? Scale that snapshot so that it fills the overall solution. Have a single metric that says it all? Let’s depict it and remove everything else.
• #54: The last rule is: Cultivate healthy relationships (with your solution and your business )
• #55: Letting go is hard, we know.
• #56: But don’t hide behind your GRCsolution.
• #57: Breaking your dependence on your GRC solution can do a world of good for your relationship with your business.
• #58: Reduce the amount of metrics to a few key ones. Put the rest into your behind the scene pages.
• #59: And practice, practice, practice.
• #60: Thinking of your GRC solution as digital scenery,
• #61: Allows you to connect eye-to-eye with your business in a meaningful way.
• #62: So there are the rules.
• #63: But the question remains—Why go to all this trouble?
• #64: Why not do it the way you are used to?
• #65: The answer is simple. Because everyone else does it that way, too. You need to stand apart and be different.
• #66: When you apply these rules,
• #67: and keep the business’s needs top of mind,
• #68: your GRC solution will not only hold their attention,
• #69: But also change the company world . (Well, at least your part of the world.)
• #70: For more ways to harness the power of GRC, visit www.fixnix.co