Graham Blain, head: IT Governance, Risk and Compliance at Standard Bank.

Graham Blain, head: IT Governance, Risk and Compliance at Standard Bank.

The practices of IT governance, risk and compliance (GRC) have been developed in a historical context dominated by the belief that IT is a supporting act for the business.

However, this has been displaced by a revolution in thinking about the role of IT and digital in business, and the way in which enterprises are led and managed, says Graham Blain, head: IT Governance, Risk and Compliance at Standard Bank.

He says GRC and IT GRC are under pressure to reinvent themselves to be relevant in this new age. "We need to be strategic and integral to the enterprise as a whole, as opposed to separate and seeking to merely fit in and address operational matters. It's an exciting opportunity and an existential challenge."

Digitisation, disruption

According to Blain, the banking sector has long been regarded as a leader in respect of the role of IT in business and digitisation. Most businesses in all sectors, however, are fast becoming digitised and transformed, if not disrupted, by radical new technologies and business models.

The legacy of IT as a support act in all sectors, even in a sector as dominated by digital business as banking, has led enterprises to focus on technology risk as a predominantly operational matter, he explains.

"IT is viewed as a cost and source of operational risk, and management and GRC practices are focused on driving both down. While these issues remain relevant, this view is not nearly expansive enough to address strategic business risks integral to digital capabilities," he adds.

Blain says conventional wisdom and so-called best practices in GRC are being radically challenged. The disciplines of focusing on IT as a cost and problem remain relevant, but need to be balanced by a more expansive and strategic view of IT GRC, and the practices required to fulfil the role of IT GRC in an organisation require an equally radical rethink.

Opportunities and challenges

Blain will present on: "Connecting the pieces of the puzzle: seeing how IT GRC fits into the overall enterprise GRC and strategic business context" at ITWeb's Governance, Risk and Compliance 2019, to be held on 20 and 21 February, at The Forum in Bryanston.

Delegates attending his presentation can expect to have their beliefs in the role and practices of IT GRC fundamentally tested, and be instilled with a sense of opportunity and challenge for the future.

"Specific changes to the way that we tackle a renewed purpose for IT GRC will be suggested for consideration. If embraced and applied, this could revolutionise the approach to these practices and exponentially elevate the value created by them," he concludes.