GRC Support Ecosystem

Coming soon... GRC Professional Services Matching Capability!

A GRC support ecosystem consists of specialized resources that exist across a company, as well as across independent partners that exist outside the four walls of the enterprise. Now, companies realize that they need to do a much better job in managing their GRC support ecosystem so that they can have broad coverage across many specialized areas in a cost-effective way no matter where they may want to conduct business globally and no matter how complex and challenging the GRC support requirements might be. Below, we tell you why this is a hot topic and what we are doing to address this major need.

The GRC Sphere is now working on a unique GRC support ecosystem that will bring together specialized GRC service organizations and provide these resources to companies globally. We are implementing a "GRC service matching capability" so that companies like your can reach out to 3rd party firms for the following types of professional GRC services:

    • Requests-For-Guidance (over the phone mentoring)
    • GRC education
    • GRC Specialist services (on an as-needed basis)
    • "Virtual GRC Specialist" services (Add a GRC specialist onto your GRC team on an annual retained basis)
    • Internal Auditor services (on an as-needed basis)
    • "Virtual Internal Auditor" services (Add an Internal Auditor onto your GRC team on an annual retained basis)

Why is a GRC Support Ecosystem Needed? 
A company’s GRC support infrastructure is undergoing huge changes based on the hail storm of new threats, laws, standards, regulations, changes to existing regulations, technologies, etc.. Let's take an example. What if your company runs into a situation where white collar fraud is suspected. The first question that comes up is who do we need to speak with for advice on how we handle this risk event? Do we have the necessary GRC support resource within our company? Where do we have coverage? Where do we have little or no coverage? To what extent do the individuals that may be able to help us internally, have the necessary time, authority, and skills to manage this situation effectively?

For most companies, specialized GRC support coverage is extremely spotty. In addition, for the large majority of companies, their senior compliance or IT professionals are juggling a myriad of these topics in an informal, part-time, mode. More junior individuals are not being hired and trained as quickly as is needed so the more experienced individuals are, in many cases, being overly taxed. This is a real risk that needs to be addressed quickly.