Mike Hoefgen of CA put together some Tips for Getting Your GRC Program Running Quickly. Even if you do not put your compliance program into the GRC archetype there are some useful thoughts.
- It is not a project. GRC / compliance is an on-going business process. I encountered this when I was in knowledge management. Some saw it as a project with an end-date and a segmented group. To be successful with compliance you need to be embedded in the business processes.
- Cross-functional team. Compliance is a business challenge, not a discrete process. You need input, but-in and support from across the organization.
- Don’t boil the ocean. It is easy to get caught up in trying to solve all the problems at once. Start with something that can deliver some provable success. This builds credibility.
- Need for speed. You want to be able to show that credibility and success in the short term. If it takes you 2 years to show success, you will be forgotten and the business processes will have moved on without you.