Outskirts Press, INC.

Integrating ITGRC Controls for Risk Awareness and Action

A key challenge for managing Information Technology Governance, Risk, and Compliance (ITGRC) is ensuring that the correct IT controls and functions are implemented in best-practices. “Building ITGRC Ecosystems into the Enterprise”, describes the ITGRC processes and automation approaches that have evolved in the IT industry for managing the risks associated with the introduction of global computer technologies.

The author provides proven controls, processes, and automation models that can allow IT and Risk personnel to develop integrated ITGRC Ecosystems for governing IT compliance and risks across the Enterprise. The book contains descriptions of the major ITGRC control frameworks and automation samples for the capture of key Information Technology performance and risk variables. It provides the major integration focus for key Ecosystem data components, dashboard/reporting concepts, and touch points for Enterprise ITGRC management.

It represents a practitioner-oriented blueprint for building an integrated IT Governance, Risk, and Compliance (ITGRC) capability across an enterprise environment.

Core  narratives include:

• Migrating from fragmented control and technology silos (audit, security, compliance, risk each operating independently, Toward a unified ITGRC ecosystem
• Emphasizing automation, control rationalization, and enterprise data integration
• Showing how to embed ITGRC into operating processes, not just audit checklists
• Introducing real-time intelligence controls and risk sensing agents into the ITGRC Ecosystem

In Building ITGRC Ecosystems into the Enterprise, the objective is to reinforce for IT and risk management personnel key IT operational controls and practices that are a basis for management of enterprise governance, risk, and compliance of IT services and operations. This book provides an understanding of the basic approaches and methodologies for managing IT governance, compliance, and risk exposure. It can assist in enabling IT operational control and risk management activities for development of processes, measurement of technology, system and control interfaces, policies, and standards. Finally, it provides a review of practical techniques for automating controls through sample technology concepts, and key performance (KPI) and risk management (KRI) indicators, comparative risk trends and leading measurements for ITGRC best-practice management.

While IT executive management still require risk-based decision processes and continued analysis to manage IT controls and risk exposure, it is critical to automate the environments. This is needed to reduce manual data handling and avoid manipulation in ITGRC environments and provide real-time risk assessment and management. It includes automation of hundreds of IT controls where possible and the validation of these controls, while providing real-time messaging from IT Ecosystems. It is a key attribute for efficient management in today’s micro-second transactional and global usage of mobile technologies. Enabling ITGRC management with automated measurements and risk technology controls is vital to effective management of complex technology and the real-time exposure from today’s IT risks to the Enterprise.