SAP - TINET - Tarragona Internet

Chapter 3

Chapter 3: Governance: GRC in Action..........................................................................

In This Chapter

Getting to know the ropes of governance

Creating a governance plan

Maintaining a good governance framework

I

n the past few chapters, we examined the R (risk) and the C (compliance)

of GRC. In a nutshell, risk not only deals with what could go wrong, but

also where a sophisticated and enterprising company might be able to divine

opportunities. Examining risk involves finding the lemons and maybe some

water and sugar to make fresh lemonade. Compliance, on the other hand, is

doing what you are supposed to do from a regulatory standpoint. Simply put,

comply or pay the consequences.

On their own, the two legs of risk and compliance make something of a fairly

wobbly stool. They are all talk and no action. They are a car with no engine.

It’s the third leg, governance, that allows the stool to stand, or the car to

drive, depending on which analogy you favor.

In this chapter, we show you the benefits of good governance, how to create

a blueprint for it, and how to make sure that you maintain a positive approach

to governance over time. We also take a look at the importance of automation

in executing your governance plan and examining the details of the SAP

solution.

Getting to Know Governance........................................................................

So, what is governance? Avoiding risk and trying to make lemonade out of

lemons seem like pretty good ideas. So, too, is complying with relevant rules

and regulations rather than paying fines, risking the company’s brand and

reputation, or worse.

However, without the governance component, compliance and risk are merely

ideas floating around the boardroom. It’s a classic stereotype: white-haired

corporate leaders sitting in the boardroom congratulating themselves