Why is it much better to start your GRC improvement program with Metrics

Source By: 

Because, metrics can provide realistic and factual data. However, designing and implementing a metrics program for any GRC processes has been more challenging than designing and implementing the processes.

Benefits from Metrics program:

There are many but a few that are worth noting are

  1. It enables both IT and Business leadership with significant data points about risks, controls, gaps, mitigation efforts required, compliance, user awareness and so on.
  2. It helps to gain control over your risk & security posture. Whether good or bad you know for sure that you are very much in the know and that is the foremost thing any GRC leader strive for
  3. It helps you lay down a controlled roadmap for improving your risk & security posture
  4. Measuring controls performance helps measure ROI on security & GRC initiatives
  5. Most importantly, it can help predict, prioritize and perform your investments, something every business leader desires for.

Top pointers that need to be evaluated while designing a metrics program

  1. Keep it simple and avoid big bang approach
  2. Know what is to be measured, why it should be measured and how it should be measured
  3. Decide on data collection, analysis and reporting methods including securing them
    1. Because, metrics provide significant data points that need to be secured
    2. Organize resources for measurement including necessary sponsorship and collaboration required
    3. Collect, Analyze, Report and Improve measurement so that you can improve your overall risk & security posture

Remember, you can measure controls whether procedural or technological, processes as well as risks & gaps. Measuring risks are probably the most challenging as risks tend to be a composite of multiple factors that need to be rolled up for better visibility. So, it is important to be able to create a risk value chain so that rolling up makes sense for you.

Comments: 0



  • Subscribe for Blog Updates