-
Featured services
Think beyond the robots
The successful integration of AI and IoT in manufacturing will depend on effective change management, upskilling and rethinking business models.
Read the blog -
Services
Leverage our capabilities to accelerate your business transformation.
-
Services
Network Services
Popular Products
-
Private 5G
Our turnkey private 5G network enables custom-built solutions that are designed around unique use cases and strategies, and deployed, run and optimized through a full network-as-a-service model.
-
Managed Campus Networks
Our Managed Campus Networks services transform campus networks, corporate area networks and interconnected local area networks, and connect smart places and industries.
-
-
Services
Cloud
Popular Products
-
Cloud Architecture and Modernization
Discover how to achieve your business goals through cloud modernization practices, that deliver improved agility, reusability and scalability.
-
Cloud Optimization
Discover how to maximize operational excellence, business continuity and financial sustainability through our cloud-advanced optimization services.
-
-
Services
Consulting
-
-
Services
Data and Artificial intelligence
-
Services
Technology Solutions
Client stories
-
Services
Data Center Services
-
Services
CX and Design
-
Services
Application Services
-
Services
Sustainability Services
-
Services
Digital Workplace
-
Services
Business Process Services
Master your GenAI destiny
We’ll help you navigate the complexities and opportunities of GenAI.
Explore GenAI -
-
-
Insights
Recent Insights
-
The Future of Networking in 2025 and Beyond
-
Using the cloud to cut costs needs the right approach
When organizations focus on transformation, a move to the cloud can deliver cost savings – but they often need expert advice to help them along their journey
-
Make zero trust security work for your organization
Make zero trust security work for your organization across hybrid work environments.
-
-
Master your GenAI destiny
We’ll help you navigate the complexities and opportunities of GenAI.
Explore GenAI -
-
Master your GenAI destiny
We’ll help you navigate the complexities and opportunities of GenAI.
Explore GenAI -
Discover how we accelerate your business transformation
-
About us
CLIENT STORIES
-
Liantis
Over time, Liantis – an established HR company in Belgium – had built up data islands and isolated solutions as part of their legacy system.
-
Randstad
We ensured that Randstad’s migration to Genesys Cloud CX had no impact on availability, ensuring an exceptional user experience for clients and talent.
-
-
CLIENT STORIES
-
Liantis
Over time, Liantis – an established HR company in Belgium – had built up data islands and isolated solutions as part of their legacy system.
-
Randstad
We ensured that Randstad’s migration to Genesys Cloud CX had no impact on availability, ensuring an exceptional user experience for clients and talent.
-
-
CLIENT STORIES
-
Liantis
Over time, Liantis – an established HR company in Belgium – had built up data islands and isolated solutions as part of their legacy system.
-
Randstad
We ensured that Randstad’s migration to Genesys Cloud CX had no impact on availability, ensuring an exceptional user experience for clients and talent.
-
Everest Group PEAK Matrix® Assessment
NTT DATA is a Leader and Star Performer in the Everest Group Sustainability Enablement Technology Services PEAK Matrix® Assessment 2024.
Get the Everest report -
- Careers
Topics in this article
If you’re facing a looming governance, risk management and compliance (GRC) audit, you may be tempted to envy an earlier generation of business leaders. Decades ago, GRC was less complex – governance was simply about the structure of the board, risk management focused on insurance policies and treasury oversight, and compliance involved the SEC and a few other alphabet agencies, meting out far less stringent penalties. But business practices, systems and risks have changed – and the world is, of course, different today. It’s important to have a comprehensive GRC strategy and to test its effectiveness.
What is GRC?
As it pertains to the board of directors, GRC describes a number of critical, shared responsibilities. The board has a fiduciary duty to protect shareholder assets from risks such as theft, damage and hacking.
- Governance is how the board protects and grows those assets.
- Risk management comprises the practices of identifying and mitigating threats to the value of shareholder assets.
- Compliance relates to the board’s duty to shield the shareholder assets from the devaluing impacts of regulatory penalties (ranging from fines, all the way up to de-listing from exchanges and prison terms for C-level executives).
In theory, G, R and C are separate spheres of activity. Pushing them into a single category arises naturally from their deep connections. IT, in particular, creates overlaps and dependencies between G, R and C. Non-compliance is essentially a risk, for example. Cybersecurity gaps are also a risk factor that connects directly with most major compliance regulations, such as Sarbanes Oxley and PCI. In addition, governance structures are supposed to address risk management and compliance. Today’s boards, for instance, now often feature dedicated cybersecurity committees. This is a newer phenomenon, but reflective of the unified nature of GRC.
GRC is a software category too. As G, R and C have become intertwined, this class of software emerged to help companies stay on top of divergent and sometimes conflicting workstreams. GRC solutions provide a means for tracking risks and policies, and offer ways to report on activities of various systems that the company relies on for GRC functions.
With GRC software, you can integrate compliance into everyday business processes including user provisioning, role management, emergency access management and periodic risk assessment. A GRC platform might deliver reporting on the policy enforcement activities of an identity and access management (IAM) system like Microsoft Active Directory, for example. GRC software (such as our ControlPanelGRC for SAP environments) streamlines routine audit and compliance processes while reducing the risk of fraud or malicious activity in enterprise resource planning (ERP) systems.
What is a GRC audit?
First, there is no such thing as an official GRC audit. It’s not like a Sarbanes-Oxley Section 404 audit over internal controls. (That’s an audit with a well -understood structure and set of deliverables.) Nor is it an audit like those done for PCI DSS, which covers an industry -standard set of parameters and confers a certification upon passing. A GRC audit is made up of steps and reports determined by whoever is responsible for GRC. This is usually the CFO or chief compliance officer (CCO).
The GRC audit assesses how well an organization is following its particular implementation of its chosen GRC framework. The frameworks vary. Some are completely original in nature. Each company has its own way of doing GRC and as a result, its own unique GRC audit processes and deliverables.
What is consistent across all GRC audits, however, is the practice of generating and evaluating reports from security and compliance systems that support GRC overall. The GRC audit process will include creating accurate reports on:
- The state of the company’s segregation of duties
- The monitoring of user accounts and role changes
- Password management on ERP systems
How to nail a GRC audit
Getting the GRC audit right requires a combination of technologies and processes. People matter, too. They are the ones using the tools and executing the processes. But, of these three, having the right tools at the heart of GRC makes the biggest difference. Without effective GRC technologies, people and process won’t get you very far.
Our approach involves the use of our ControlPanelGRC AutoAuditor. This software helps with GRC and compliance by automating the execution and validation of reports. With the tool, it’s possible to predefine numerous reports and then run them with relative ease. Our customers frequently tell us how laborious GRC audit report preparation can be, and this tool removes some of the stress of – and time involved in – preparing reports.
Specifically, ControlPanelGRC AutoAuditor enables you to schedule and then automatically execute any predefined, customized compliance report. The application can then route it to preselected users. AutoAuditor also integrates with other ControlPanelGRC modules including the Risk Analyzer, Usage Analyzer, Transport Manager, User and Role Manager, and Emergency Access Manager.
Combined with well-thought-out GRC audit procedures, tools like AutoAuditor can expedite and streamline the GRC audit process. The results of the audit will come faster and be easier for key stakeholders to consume and act upon. The audit should be less costly and time-consuming for everyone involved.