• Save
How to implement and align Technology within your GRC Framework
Upcoming SlideShare
Loading in...5

Like this? Share it with your network


How to implement and align Technology within your GRC Framework

Uploaded on

My presentation at The GRC Forum, Mumbai on 26th April 2013

My presentation at The GRC Forum, Mumbai on 26th April 2013

More in: Business , Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads


Total Views
On Slideshare
From Embeds
Number of Embeds



Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

    No notes for slide


  • 1. HowHow to implement andto implement andalignalign Technology withinTechnology withinyouryour GRC FrameworkGRC Frameworkyouryour GRC FrameworkGRC FrameworkParag DeodharChief Risk OfficerBharti AXA General Insurance
  • 2. 85.6%14.4%Would you benefit fromWould you benefit fromintegrating and streamliningintegrating and streamliningtechnology for GRCtechnology for GRCYES NOSource: OCEG survey 20122Parag Deodhar26 April 2013
  • 3. What? When? How? Who? Where?What? When? How? Who? Where?3Parag Deodhar26 April 2013
  • 4. 39.6%31.6% 26.0%16.6%Greatest Barriers to an IntegratedGreatest Barriers to an IntegratedGRC approachGRC approachNo establishedstrategy forintegrationeffortsBelief it is toocomplex toundertakeintegrationIT not alignedwith GRCNot knowinghow to startSource: OCEG survey 20124Parag Deodhar26 April 2013
  • 5. IT is not just CORE anymore..IT is not just CORE anymore..5Parag Deodhar26 April 2013
  • 6. BYOD,Mobilecomputingrisks,PartneraccessInformationoverload,Data co-relation,consistencyIT is transforming the business…IT is transforming the business…SAAS – ITis no longertheprovider,complianceEmployeebehavior,Customerfeedback,reputationrisks6Parag Deodhar26 April 2013
  • 7. Technology• It is not only aboutimplementing an ITsolution• GIGO• Cross enterprisevisibility andProcess• Controls should notbe an overhead – itshould be embeddedwithout beingburdensome.• Loss Data CollectionPeople• Integration is likely toinvolve a majortransformationprogram - resistanceto change isconsidered the singlebiggest obstacle• Employee TurnoverChallengesChallenges7Parag Deodharvisibility andintelligence• Most organizationsalso have multiple GRCtools, SIEMapplications – do theseintegrate with eachother?• Loss Data Collection• Duplication ofcontrols, reporting –leading to higherresourcerequirement, time &cost• Employee Turnover• Training• Governance model &team structures• Roles andResponsibilities – ITrole26 April 2013
  • 8. Suggested StandardsSuggested Standards8Parag Deodhar26 April 2013
  • 9. Choose a standards based approach that addressesboth business and IT processes.GRC software will help – however it is only a meansand not an end in itself.◦ Integrating applications / infrastructure / security◦ Survival of the most informed◦ Integration of controls within the organization◦ Integration of IT systems with vendors / suppliers /business partners – don’t forget the regulator &government departments!Options / Solutions to considerOptions / Solutions to considergovernment departments!◦ Electronic payments, mobile, social & cloud◦ Loss data collectionEnsure that qualified people, including internal andexternal consultants with risk &controls, audit, business process, and relevant ITknowledge, play a key role in the initiative.Secure buy-in from all stakeholders9Parag Deodhar26 April 2013
  • 10. No silver bullet!!Each organization has its owndynamics and the solutionneeds to be evaluated basedYour thoughts please!Your thoughts please!needs to be evaluated basedon detailed requirementsanalysis.10Parag Deodhar26 April 2013