From my early days in the computer world, starting with Data Processing (DP), and rapidly moving to Management Information Systems (MIS) and currently know as Information Technology (IT), the need for some type of Governance has been required, but rarely consistently applied. Depending on the type of company – Financial, Medical, Manufacturing, Industrial, Service etc there has always been a wide range or lack thereof of hard requirements. So there might have ever been a carrot or a stick, and promoting consistent good behaviour has always been the challenge.
The rapid rate of change has always seemed to be a blessing and a curse if you were concerned about Governance. I’ll define governance as saying what you will do. The structure of how you govern is larger, but in a nutshell it’s just saying what you’ll do. The triad of People, Process, and Technology has been defined and refined with just about every change in technology.
In my series of blogs, I cover the past, present and future of GRC from the strategies to the solutions that are or were available, and how the need for consistent compliance will need to work to meet business needs and their digital transformation.
These blogs will be based on my experience with different strategies and tools that have been around, and how companies have leveraged those solutions to meet the compliance needs, and how as time moves on the solutions need to adapt and evolve quickly. I’ll cover suggestions, recommendations, guidelines, policies, and rules. Rules actually being the ones that get you in trouble quickly.
These days, many companies are addressing digital transformations and identifying Information Technology Risk as an underlying Enterprise Business Risk, I’ll cover more updated or modern approaches and expectations of systems. We’ll cover four pillars of IT Governance – Applications, Infrastructure, Data Access, and Third Party Governance, and the solutions that cover cross functionality across all four of those pillars.