1. For more than 24
months, FixNix has researched
compliance for the India’s
leading e-commerce
brands, security thought
leadership forums, and
production of SMB GRC
product.
Now they bring you…
FIVE RULES FOR
GOVERNANCE, RI
SK & COMPLIANCE
2. Mute Your Cellphone
FIRST
Unlearn Whatever You Know in GRC World
& Lend your Ears for next 60 minutes
SECOND
To Get 200% Benefit of This Presentation
56. Community
maximum impact
support the priorities
Development
• In order to bring lasting change, we
must first prioritize the things that will
bring about the
• Then we must organize schedules and
resources that will
about that change
• Finally, we need to mobilize people
to be able to take action and bring
57. mobilize
mobilize
support the priorities
• Then we must schedules and
resources that will
organizeprioritize organize
Community
maximum impact
Development
• In order to bring lasting change, we
must first the things that will
bring about the
about that change
• Finally, we need to people
to be able to take action and bring
prioritize
To view this presentation, first, turn up your volume and second, launch the self-running slide show.
To get 200% benefit of this presentation, first, mute your cellphone and second, unlearn whatever you know in GRC world & lend your ears for next 60 minutes.
GRC is a powerful compliance program which can move & shake any organization.
For more than 24 months, FixNix has developed GRC programs…
…to improve compliance,
…align all departments,
…increase company value,
…and propel
…GRC program.
Along the way we’ve discovered…
…five simple rules for creating Governance, Risk & Compliance programs.
The first rule is: Treat your business as king.
Your business groups, management deserves to be treated like royalty. Design a GRC program that meets their needs, not just yours.
Management want to know what you can do for them, why they should adopt your view, and the steps they need to follow to take action.
Give them those things in a clear, easily understandable way…
…and you will undoubtedly find favor with the king.
The second rule is: Spread ideas and move people.
Your business didn’t show up to read your 60 page on screen dissertation.
They’re there to see you. To be inspired by your message…
…and witness the quality of your thought.
You are not giving your presentation to have another meeting. You are there to convey meaning.
So, consider including imagery that powerfully illustrates your point.
IT roadmap for GRC
How do we align our GRC initiatives ?
How do I assess risk ?
Policies, procedures and controls
What are the elements of privacy risk management and compliance ?
How can operational controls add value to a business process ?
How do I know if my GRC system or overall program is effective ?
How should we conduct investigation
Suspicious activity investigation lifecycle
What controls are needed for the extended enterprise ?
How do we broaden our awareness of incidents and risks?
How do we optimize our approach to GRC
How do we integrate IT to enable GRC ?
How do we manage the business risk of fraud ?
How do we measure the performance of GRC ?
How does a federated GRC approach apply to policy management ?
How can we use a lean approach for compliance and control ?
Which GRC product has it all ?
And a thought-provoking inclusive awareness training moves your business in a way that can change not only minds, but hearts.
The next rule is: Help them see what you are saying.
Half of the people in your business are verbal thinkers and the other half are visual.
Combining minimal text with meaningful visuals means that you’ll reach everyone.
Brainstorm graphics that will effectively communicate your message…
…and replace those words with a picture, chart or diagram. Then apply a consistent treatment to your graphics to give your whole GRC solution a unified look so that your business is attracted to, rather than distracted from, your message.
Rule number 4: Practice design, not decoration.
As tempting as it is to fill your GRC solution with stuff, often de-decorating is the best policy.
Any writer or designer will tell you that 90% of the creative process…
…is destructive.
Do you have a main point? Consider putting just one dashboard on the GRC solution by itself. Want them to remember a few items? Don’t show everything at once. Instead, show one item at a time. Have a snapshot that expresses your idea? Scale that snapshot so that it fills the overall solution. Have a single metric that says it all? Let’s depict it and remove everything else.
The last rule is: Cultivate healthy relationships (with your solution and your business )
Letting go is hard, we know.
But don’t hide behind your GRCsolution.
Breaking your dependence on your GRC solution can do a world of good for your relationship with your business.
Reduce the amount of metrics to a few key ones. Put the rest into your behind the scene pages.
And practice, practice, practice.
Thinking of your GRC solution as digital scenery,
Allows you to connect eye-to-eye with your business in a meaningful way.
So there are the rules.
But the question remains—Why go to all this trouble?
Why not do it the way you are used to?
The answer is simple. Because everyone else does it that way, too. You need to stand apart and be different.
When you apply these rules,
and keep the business’s needs top of mind,
your GRC solution will not only hold their attention,
But also change the company world . (Well, at least your part of the world.)
For more ways to harness the power of GRC, visit www.fixnix.co