IT GRC (IT Governance, risk and compliance) is certainly yet to mature. Currently there is a lot of confusion as to what it is all about and what the subcomponents are? But it’s certainly proving to be beneficial to the organizations adapting to it. In addition to identity audit, a unified approach towards GRC increases efficiency, cost effectiveness and poses lesser risk.
IT governance is all about how decisions are made, who makes the decisions and who is to be held accountable; et al. IT risk deals with threats at every stage and in every area of the enterprise. Risk related to identity management- who has access to what, is the biggest question posed before the organization. IT compliance is about adhering to laws and regulations, primarily due to large data security and privacy requirements, like the ones demanded by financial compliance, healthcare compliance, Insurance compliance etc. Traditionally these components were dealt individually. But with IT GRC a holistic approach is gaining in popularity.
