The project staff is made up of contractors only.Make sure key
internal staff works on the project as well. Having only contractors
assigned to the project means that little knowledge transfer will take
place. Furthermore, contractors don’t have a relationship with the
business and won’t know the unique circumstances and challenges
your company faces.
No authority.Project leaders are given little decision-making authority
and are simply told to just keep doing things the way we’ve always done
them. Successful GRC implementations require lots of input as well as
latitude to make important changes.Define GRC Roles and Responsibilities .....................................................
A successful GRC implementation requires broad participation. So the first
question you may hear is “What do I have to do?” Table 16-1 contains some
answers, depending on who asks the question.Table 16-1 GRC Roles and Responsibilities
Role Their ResponsibilitiesBusiness process owners and Identify risks and approve risks for
business analysts monitoringApprove user role assignmentsDesign alternative controls for
mitigating risksCommunicate access assignments
or role changes to usersArchitect business processesIdentify configuration alternativesConduct gap analysis on current
processesExplain the key control integration
into the processesSenior officers Arbitrate conflicts between
business areas