Managing Information Technology (IT) risk within large organization with disparate groups/business-units is a difficult task and presents many challenges. Ineffective risk management can expose the business to vulnerabilities, which result in fines, business loss, and possible the organizations brand recognition. By deploying an enterprise wide Information Technology Governance Risk and Compliance (IT- GRC) tool, organizations have the ability to identify, mitigate, and accept and manage risk to a reasonable level. Mandated by the Sarbanes-Oxley act of 2002, public traded corporations must implement internal security controls to sufficiently protect financial data.  An IT-GRC  tool provides a central repository where individuals, at different levels within the organization, can disposition, address, and accept risk. By doing so, the organization can document and properly assesses its risk posture from an Information Technology (IT) system perspective.
In Copyright. URI: http://rightsstatements.org/vocab/InC/1.0/ This Item is protected by copyright and/or related rights. You are free to use this Item in any way that is permitted by the copyright and related rights legislation that applies to your use. For other uses you need to obtain permission from the rights-holder(s).
Rusnac, Claudiu, "Information Technology - Governance, Risk Management and Compliance
(IT-GRC)" (2011). Engineering and Technology Management Student Projects. 696.