This document discusses implementing technology within a GRC (Governance, Risk, and Compliance) framework. It notes that over 85% of organizations would benefit from integrating and streamlining GRC technology. However, the greatest barriers are a lack of strategy, complexity concerns, IT not being aligned with GRC, and not knowing where to start. The document advocates choosing standards to address both business and IT processes, using GRC software as a tool rather than the goal. It also stresses the importance of qualified people and stakeholder buy-in to ensure success of any technology integration initiative.

1. HowHow to implement andto implement and
alignalign Technology withinTechnology within
youryour GRC FrameworkGRC Frameworkyouryour GRC FrameworkGRC Framework
Parag Deodhar
Chief Risk Officer
Bharti AXA General Insurance

2. 85.6%
14.4%
Would you benefit fromWould you benefit from
integrating and streamliningintegrating and streamlining
technology for GRCtechnology for GRC
YES NO
Source: OCEG survey 2012
2Parag Deodhar26 April 2013

3. What? When? How? Who? Where?What? When? How? Who? Where?
3Parag Deodhar26 April 2013

4. 39.6%
31.6% 26.0%
16.6%
Greatest Barriers to an IntegratedGreatest Barriers to an Integrated
GRC approachGRC approach
No established
strategy for
integration
efforts
Belief it is too
complex to
undertake
integration
IT not aligned
with GRC
Not knowing
how to start
Source: OCEG survey 2012
4Parag Deodhar26 April 2013

5. IT is not just CORE anymore..IT is not just CORE anymore..
5Parag Deodhar26 April 2013

6. BYOD,
Mobile
computing
risks,
Partner
access
Information
overload,
Data co-
relation,
consistency
IT is transforming the business…IT is transforming the business…
SAAS – IT
is no longer
the
provider,
compliance
Employee
behavior,
Customer
feedback,
reputation
risks
6Parag Deodhar26 April 2013

7. Technology
• It is not only about
implementing an IT
solution
• GIGO
• Cross enterprise
visibility and
Process
• Controls should not
be an overhead – it
should be embedded
without being
burdensome.
• Loss Data Collection
People
• Integration is likely to
involve a major
transformation
program - resistance
to change is
considered the single
biggest obstacle
• Employee Turnover
ChallengesChallenges
7Parag Deodhar
visibility and
intelligence
• Most organizations
also have multiple GRC
tools, SIEM
applications – do these
integrate with each
other?
• Loss Data Collection
• Duplication of
controls, reporting –
leading to higher
resource
requirement, time &
cost
• Employee Turnover
• Training
• Governance model &
team structures
• Roles and
Responsibilities – IT
role
26 April 2013

8. Suggested StandardsSuggested Standards
8Parag Deodhar26 April 2013

9. Choose a standards based approach that addresses
both business and IT processes.
GRC software will help – however it is only a means
and not an end in itself.
◦ Integrating applications / infrastructure / security
◦ Survival of the most informed
◦ Integration of controls within the organization
◦ Integration of IT systems with vendors / suppliers /
business partners – don’t forget the regulator &
government departments!
Options / Solutions to considerOptions / Solutions to consider
government departments!
◦ Electronic payments, mobile, social & cloud
◦ Loss data collection
Ensure that qualified people, including internal and
external consultants with risk &
controls, audit, business process, and relevant IT
knowledge, play a key role in the initiative.
Secure buy-in from all stakeholders
9Parag Deodhar26 April 2013

10. No silver bullet!!
Each organization has its own
dynamics and the solution
needs to be evaluated based
Your thoughts please!Your thoughts please!
needs to be evaluated based
on detailed requirements
analysis.
10Parag Deodhar26 April 2013