Connect with us
Finance Digest is a leading online platform for finance and business news, providing insights on banking, finance, technology, investing,trading, insurance, fintech, and more. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.


Luc Brandts, CTO at Nasdaq BWise

Luc Brandts

Governance, risk management and compliance demands that firms tap into a broad spectrum of the business. In today’s world of complex infrastructures and even more complex risk scenarios, the evolution of technology in GRC is far from over.

 IT is an increasingly important component of any business, and as a result an increasingly important source of risk. This requires the discipline of IT GRC to be reconsidered.

 Defining the scope for IT GRC

IT has a huge impact on business risk – and that impact is on the rise. This is one of the major reasons why it needs to break away from being a purely embedded function. By creating a separate discipline, firms can put in place the right tools, controls and processes to manage it effectively within the wider GRC framework.

 Often, firms will think of IT risk as almost synonymous with security. Nobody would deny security’s importance. However, IT GRC must encompass a far broader range of factors, including technology infrastructure, integration of multiple data sets and databases, applications and development environments, operations as well as numerous third party influences on IT. There are countless ways in which technology is woven among the business and, therefore, influences risk.

 As such, effective IT GRC requires IT to be embedded across the GRC pillars. Firms can only really gain control by integrating it with financial risk, regulatory risk, legal risk, operational risk and HR risk. Each will have technology-related controls and consequences. In HR, for example, only part of the risk is down to HR – the rest, such as security checks or access rights, are about IT.

 Tackling the complexity

While there is a strong case for IT GRC, many firms will find it challenging to implement. Complexity is a major hurdle – and comes in many forms.

Hundreds or even thousands of applications are running on many, many servers in several data centers or in the cloud. These applications serve a multitude of business processes in different business units across the globe. On top of this, systems applications and servers are vulnerable to (internal and) external attacks. As a result, there is a strong need to get a grip on all this. Have software to manage the complexity.

 Creating the IT GRC toolkit

So capturing the complexity in business, IT and the vulnerabilities is an important first task of any IT GRC system. Monitoring all these systems, logs and processes is an enormous task, which means firms can struggle to know where to start. It is impossible to follow-up on the millions of tasks that may follow from such monitoring activities.

 To cut through and reduce the complexity, firms need to apply effective risk management processes on the technology itself – and tackle the issues from a business point of view. For example, it’s impossible to determine the importance of a particular server, or an application that it runs, without knowing and truly understanding its business function. If firms lose web access for a particular online store front, or the ability to produce reports for a specific area, it’s not just a temporary operational inconvenience. The effect on the business could be far reaching and longer lasting than the glitch itself.

 An important task to gain a handle on all the priorities is to conduct a risk assessment, understanding the business impact and the vulnerability. This equips firms with insight into which of the millions of alerts they need to focus on the most – and, therefore, what actions they need to take. This is where technology becomes vital. There is simply no way of handling the millions of relationships with IT and the various risks that are continuously changing without the right tools to monitor and filter everything.

 Crucially, all of this needs to be simple to implement and, therefore, easy to integrate. Systems continually change while data expands rapidly.  If firms are left struggling to put everything in place for IT-GRC over several months or even years, it becomes an ineffective and perhaps pointless task. Even more so, because it needs to be adapted to the ever-changing situation continuously.

 With the right easy-to-use tools, firms can drive forward the next phase of the technology evolution within GRC. By giving IT the spotlight it deserves – and needs – firms can be sure of delivering valuable and actionable insight for the business.

 Many have tried before, and focused on the complexity. However, this hasn’t worked which is why there is now a need for a solution that focuses on simplicity and managing complexity behind the scenes

Continue Reading

Why pay for news and opinions when you can get them for free?

       Subscribe for free now!

By submitting this form, you are consenting to receive marketing emails from: . You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

Recent Posts