Governance

Integrated Data Governance, Risk Management and Compliance

While a universal definition for Integrated Governance, Risk Management and Compliance (GRC) is unquestionably elusive, there is little debate that demand for holistic governance is increasing at a rate faster than organizations’ have thus far been able to manage. A variety of environmental business drivers are contributing to this phenomenon. Lenders are requiring evidence of good governance – even from private companies -- as part of debt covenants, business partners are requiring evidence of privacy and security controls, and acquiring companies are making similar proof part of the due diligence process. At its most fundamental level, governance refers to the alignment between the IT division and the organization as a whole, and the extent to which IT’s ever-spiraling costs are not only justified, but also fully maximized to help the company meet its strategic objectives.

Several process and control frameworks are implemented toward this worthwhile goal, yet not even the two most frequently adopted models are capable of enabling a truly integrated governance structure. CobiT is primarily focused on compliance and high-level control objectives, and ITIL is primarily focused on quality management, yet CobiT provides limited value for IT delivery, ITIL’s best practices are often ambiguous and burdened by the need for considerable interpretation, and neither standard fully addresses software development life cycle processes or roadmap considerations. Additional frameworks often utilized include COSO, Prince II, ISO 17799 and CMMI. In some cases, high-level frameworks are supplemented by ISO 9000 or Six Sigma methodologies. Private and smaller organizations are also evaluating GAIT and ValIT approaches. Avacuna acknowledges an ongoing industry maturation that will lead to more companies developing initial plans to strategically encompass multiple governance frameworks instead of inevitably costly and inefficient attempts to reconcile multiple approaches in the future. Key components of our integrated governance strategies will address the following:

Business drivers
Guiding values
Organization charters
Role/responsibility definitions
Common requirements vision
Enterprise information architecture
IT vision
IT principles
Project selection criteria
Project management methodology
Procurement
Contracting strategies and vehicles
Cost allocation and performance realization
Documentation
Operating Level Agreements (OLA)
Service Level Agreements (SLA)
Availability and Capacity Planning
IT Risk Management
Data and Record Management
Data Center Planning
Digital Asset Management

How We Help

We assist our clients with the development of a top-down strategy to communicate the value of strong governance in business terms and establish a multi-disciplinary team to complete the initiative. Our assessments are comprehensively detailed and our documentation deliverables are presented with the clarity and risk-centric perspective management needs and expects.


	[Home] [About] [Resources] [Services] [Governance] [Ediscovery] [Compliance] [Risk] [Contact]