Many governance, risk and compliance (GRC) practitioners feel their roles are seen as inhibitors of rather than facilitating business's progress. We spoke to Portia Simelane, who is a group manager of IT Governance and Resilience at the Airports Company of South Africa.
Simelane has vast experience in the GRC sphere and spoke to us about how GRC practitioners can change this perception. She has more than 14 years of IT experience in various areas, including information security management, IT risk management, and IT governance and compliance. She will be part of the speaker line-up at the ITWeb GRC conference next month.
"I believe the false view that GRC is an inhibitor of business agility is caused primarily by the fact that most business processes fail to incorporate GRC practices into their design. Some do this thinking that they will be able to fast-track solutions," said Simelane.
"Unfortunately it has the opposite effect. Failing to incorporate GRC requirements and principles in the design of processes upfront creates delays and, in some cases, significant additional costs of remediation," she continued.
GRC practitioners also need to be proactive, she added. "GRC practitioners can be agile by being proactive in providing assurance and assistance during the design and implementation lifecycle of the business, as well as empowering business to make informed decisions within the confinement of law and regulations," advised Simelane.
"GRC practitioners need to have ongoing engagements with business so that they will be considered strategic partners. This will ensure that business consults and engages with GRC practitioners upfront, at the conception and design stage of their projects and initiatives," she concluded.
Share