
Despite great strides in governance, risk and compliance (GRC) software, it’s unlikely we will ever see a single plug-and-play software solution that satisfies all the demands of multidisciplinary GRC. Instead, GRC leaders who want to make real, practical strides toward a multidisciplinary GRC environment need to take a well-thought-out, iterative approach. If your organization is like most, your assurance groups already have their own processes in place. If you try to impose a monolithic, top-down GRC solution on all these groups, you will likely meet with frustration, resistance and eventual non-compliance. This article identifies the key steps to overcoming the inherent messiness of developing a multidisciplinary GRC program.