People in IT roles are a critical component and serve a dual role in GRC
First, IT must ADDRESS their own IT governance, IT risk and IT compliance issue. For example, they need to govern and oversee the way that IT is used and managed in the enterprise. They must address the unique risks that apply to IT; and address the unique compliance requirements of IT (information privacy, security, etc.).
Second, IT must also help ENABLE their peers in other GRC departments including the board, c-suite, risk, compliance, ethics, audit and other business operators.
The goals of IT and Information Security include:
The role of IT and Information Security in GRC is more than just two letters.
First, IT must ADDRESS their own IT governance, IT risk and IT compliance issue. For example, they need to govern and oversee the way that IT is used and managed in the enterprise. They must address the unique risks that apply to IT; and address the unique compliance requirements of IT (information privacy, security, etc.).
Second, IT must also help ENABLE their peers in other GRC departments including the board, c-suite, risk, compliance, ethics, audit and other business operators.
Other GRC disciplines play a role in IT and Information Security.
It is essential that people who are not specifically charged with IT and Information Security also understand what their colleagues who work in IT and Information Security actually need.
This includes knowledge about: