Successful GRC Program – Do’s and Don’ts

A Successful and effective GRC Program is critical if you want to achieve integrity and protect your Brand. Having the Governance, Risk and Compliance roles interlinked at all times is the key.

If you are implementing or if you are thinking of implementing a GRC program, keep in mind the Do’s and Don’ts.


  1. Use Case Definition – Define and prioritize GRC use cases clearly, focus on the most importants and critical for your business.
  2. Solid Project Management – Establish a GRC team with solid project management and Business expertise.
  3. Involve all PPT – Remember that effective GRC is a combination of PPT (People, Processes, and Technology) they need to be involved together in order to work properly.
  4. Accountability – Establish clear lines of accountability and responsibility.


  1. Technology – Don’t implement a program thinking that will be a substitute for good governance.
  2. Use Cases – Don’t start planning to implement complex use cases without understanding the basic ones or learned from the first phases of the project.
  3. Communication – Don’t forget to communicate the importance of a GRC Program in driving business performance.
  4. Redundancy – Don’t let your GRC program become redundant – keep reviewing your objectives and goals as the business changes.