CHAPTER THREE
Enterprise Governance and GRC Tools
ALL BUSINESSES, AND PUBLICLY TRADED CORPORATIONS in particular, have faced governance needs and requirements issues going back to their earliest days. For many enterprises, senior management often initially took the lead in setting business compliance rules and policies for its employees and others to follow. While this worked with many smaller single proprietorships or in the tightly centralized corporations of eras past, many of today’s larger multiunit enterprises need broad-based facilities for setting rules and procedures—they need efficient and effective governance processes.
Life would be easier for those same enterprises if they just had to rely on strong central leadership, such as a dominant chief executive officer (CEO), to authorize and direct implementation of any required governance rules. However, enterprises today at any location or size are faced with ever-increasing sets of rules and procedures ranging from local police and public safety ordinances to state, national, and sometimes international government-issued rules and laws as well as some broad professional rules. An enterprise must comply with these laws and regulations on a whole series of levels, and its compliance failures can potentially result in a variety of penalties. Every enterprise needs processes to ensure that it is operating in compliance with the appropriate laws and regulations.
An enterprise always faces risks that it will misinterpret rules ...
Get Executive's Guide to IT Governance: Improving Systems Processes with Service Management, COBIT, and ITIL now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
