PART IV: ACTION
Whilst “stress testing” some of my ideas on control elements, principles and strategies with audiences in GRC conferences, I am almost always asked a question along the following lines:
Sure, all this sounds good in theory. But what you are advocating takes up a lot of time and resource. Isn’t it easier for us to continue the manner we have been devising, implementing and validating IT controls.
Indeed, it is much easier to stick with status quo. Bridging compliance with performance, or convincing stakeholders to break unhealthy cycles, requires more upfront effort beyond compiling and ticking checklists. Therein lays a classic conundrum: though the payoff with identifying elements, principles and strategies sounds promising, ...
Get Compliance by Design: IT Controls that Work now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
