Spring cleaning governance, risk management, and compliance programs
With spring in the air, thoughts turn to spring cleaning, that time of year when many of us feel compelled to deep clean the kitchen and bathrooms, dust blinds, mop floors, and clean up the outside—be it a garage, porch, yard, or garden. That same mindset that hits us in springtime is handy to have with governance, risk management, and compliance (GRC) programs.
Here are five spring cleaning tips for anyone tasked with conducting audits, maintaining compliance, managing risk within IT, third parties, or the organization, focusing on business continuity, or working in health and safety.
Deep clean internal controls and policies
Over the winter (or since the last audit) some processes may have changed, leading to outdated controls and policies. Use controls testing to spruce up your controls and make any updates. Spiff up policies and take advantage of best practices for policy writing.
Polish up your questionnaires
Springtime is a great time to give your assessment questionnaires a good scrubbing. Look for errors and omissions. See if there’s a commonality in specific questions that causes problems. Invest in tools for the job like the Standard Information Gathering (SIG) questionnaire from Shared Assessments.
Dust off your business continuity plan
Many organizations create business continuity plans and file them away where they collect dust. The trouble is, assets, people, processes, and priorities change over time. It was right last fall but may need updating this spring. Review and update plans using these business continuity best practices.
Declutter your third party roster
Do you have third parties that perform the same duties? Use springtime to declutter, removing lower performing or higher risk third parties. You’ll save time and costs associated with assessments and help lower third-party risk.
Mop the floor with the competition
Companies want a competitive advantage and can find one in risk management. By shifting from decentralized to integrated processes, you can streamline activities and gain efficiencies. All you need is the right technology platform designed for integrated risk management.
Those are our five spring cleaning tips for professionals working in integrated risk management. During springtime when your mind turns to spring cleaning, apply this mindset to the processes you govern. A fresh, clean approach that streamlines processes and improves efficiencies might just get noticed by management.
Learn about the key takeaways from Seven Steps to Effective Reputational Due Diligence.
NAVEX Global Expands into Integrated Risk Management by acquiring Lockpath.
Continue to follow the progress of Lance, who is training for a 50-mile race on September 7th.