Charting the right course

Cultivating a lasting GRC mindset

Prasanna Govindankutty

Prasanna Govindankutty

Principal, Advisory, Cyber Security Services, KPMG US

+1 212-954-2737

Organizations around the world are coming into an adjusted reality after a potent mix of healthcare, economic and political challenges.

It is critical now more than ever to take a hard look at how companies can manage risks and compliance while sustaining a culture that is strong in the face of unprecedented adversity.

A well-established GRC program should have a strong set of foundational principles that can adapt with changing times.

Outlined here are seven topics for organizations to cultivate and practice a forward-looking GRC program that is complementary.

  1. Recognize GRC programs are ever-evolving
  2. Words and context matter
  3. Embrace diversity
  4. Self-awareness is a good thing
  5. Being comfortable in the eye of the hurricane
  6. Encourage creative confidence
  7. Practice, measure, and repeat

As discussed in this paper, GRC programs are continuously evolving journeys—with a direction of travel that aims to improve an organization’s ability to manage the ever-changing landscape of threats including cyber, technology, operational, supply chain, and enterprise risks. It starts with a single step, but it does not have a final step—rather, the journey has to diffuse into your organization’s culture and become a way of life. It is usually exciting and sometimes painful, but if you have the right mindset, pragmatic set of roadmaps, and a great band of fellow travelers, it is a rewarding journey that is bound to raise the risk quotient in your organization and contribute to better practices in an organization’s management.