ERIC Number: EJ1016304
Record Type: Journal
Publication Date: 2013
Reference Count: N/A
Governance, Risk, and Compliance: Why Now?
Grama, Joanna Lyn; Petersen, Rodney
EDUCAUSE Review, v48 n6 p10-13 Nov-Dec 2013
Governance, risk, and compliance (GRC) issues are increasingly pervading the IT space, with these concepts transcending silos such as central and distributed IT units, information security, and service management. As campus investment in information technology and campus reliance on information systems have grown, so has the need for reliable structures and measures to ensure success and minimize failure. GRC programs intend to do just that: they develop a framework for the leadership, organization, and operation of the institution's IT areas to ensure that those areas support and enable the institution's strategic objectives. As EDUCAUSE President and CEO Diana Oblinger notes, GRC programs are about "getting your ducks in a row." GRC programs align institutional activities with the larger institutional goals (i.e., governance) and allow the identification of challenges and opportunities (i.e., risk). When internal requirements and external mandates are lined up (i.e., compliance), institutional activities have the best chance for success--especially in stormy weather or where danger lurks. This issue of "EDUCAUSE Review" is devoted to better understanding the role of GRC programs in higher education IT organizations.
Descriptors: Governance, Risk, Compliance (Legal), Information Technology, Information Systems, Information Security, Improvement Programs, Risk Management, Higher Education
EDUCAUSE. 4772 Walnut Street Suite 206, Boulder, CO 80301-2538. Tel: 303-449-4430; Fax: 303-440-0461; e-mail: email@example.com; Web site: http://www.educause.edu
Publication Type: Journal Articles; Reports - Descriptive
Education Level: Higher Education; Postsecondary Education
Authoring Institution: N/A