Common mistakes in implementing GRC
In our recent webinar, which was co-hosted by Forrester, we discussed some of the most prevalent mistakes in implementing GRC. Poor data governance, the need for data integration and aggregation, as well as flexibility in the data model and the GRC technology are all vital components of implementing an effective GRC program, yet they are often overseen, and at best underestimated.
Project Management Challenges
We didn't speak about the more generic common mistakes in implementing GRC: project management challenges. The need for executive sponsorship is clear. The need for strong project management, and strong monitoring of scope is of great importance. Implementing GRC technology involves many people, integrates many ideas, and can require adjustments in day-to-day activities. Very often people involved in a GRC implementation are passionate specialists in their own fields, and not specialists in IT implementations. Scope creep or refinement of requirements becomes a discussion, and can endanger the project. Somebody once said "begin with the end in mind" (Stephen Covey). This is something to bear in mind; what do you want to get out of the project: Whether the goal is compliance assurance, a certain consolidated risk report or cost reduction, it should be driving your process and your implementation. Throughout the project it is critical to ask yourself whether the current process is pushing you further toward your end goal, and if it is not-to evaluate what changes in methodology will help you arrive there. During the project, you will hear hundreds of arguments why certain things need to be, or should be different, but do they really matter for your end goal?
Tip: write them on the whiteboard behind your desk, and be sure to use a pen so you cannot wipe out your notes.