Philip Cao

Stay Hungry. Stay Foolish.

Traveling the Road to GRC Maturity

3 min read


Today’s business environment is fraught with risk. However, to successfully seize growth opportunities in the market, organizations need to effectively position themselves to embrace risk with confidence instead of simply avoiding it.

Technology, economic and market conditions affect organizations on a daily basis. The constantly changing landscape of risk is a leading topic in headlines, industry forums, media outlets and board rooms. We are moving to a world where your risk management approach is not only your defense against known and unknown risks, but a critical component of your competitive advantage.

The next five years will bring even more pressure and greater shifts in the way governance, risk and compliance (GRC) programs need to operate to succeed. Not only are regulations and risk management needs changing, but the technology used to power businesses is radically shifting. The delineation between digital strategies and business strategies has disappeared, and any differentiation between cyber risk and business risk has vanished, as well.

What’s Your Cyber Risk Appetite?
Given that many new business growth strategies rely on technology, organizations must be able to manage cyber risk as part of their risk management strategy. This convergence is leading many organizations to think in terms of cyber risk appetite – what risks can the business take and which are beyond the tolerance of the organization.

GRC programs must create a unified risk culture and a common language across the enterprise in order to understand risk in the context of the organization’s overall objectives. Therefore, effective risk management practices must address cyber risk and business risk in equal measure and provide a consolidated view of risk to executives and practitioners.

These capabilities do not magically appear within an organization overnight. The transition from a compliance-driven approach to a risk-based strategy takes commitment and collaboration across all “lines of defense” within an organization. The road to a mature risk management strategy has many twists and turns. Organizations will face multiple forks in that road and a fair share of distractions and derailments. However, the benefits of staying the course are clearly evident.

Risk management is becoming a core capability that separates the winners from the losers. Organizations that understand and effectively manage risk will prosper, while those that cannot will fail. Success starts with the ability to manage risk in a manner that frees up resources to focus on the company’s long term, strategic objectives. Executives need relevant, up-to-date risk information in order to make the right decisions and pursue the right opportunities.

I am pleased to be participating in a 16 June (11 a.m. CDT) webinar titled Next-Gen GRC: Building a Road to GRC Maturity with fellow risk and compliance professionals to discuss this maturity journey. Every organization has its own challenges but there are some fundamental elements that can make a significant impact in your program’s success. We will be discussing strategies to push risk management across your organization and take your program to the next level.

Patrick Potter, GRC Strategist, RSA

[ISACA Now Blog]

Leave a Reply

Copyright © 2006-2022 Philip Hung Cao. All rights reserved