client login    languages

Data Privacy and Integrated GRC

Request A Demo of Our Ethics And Compliance Solution

Data Privacy and Integrated GRC

Data privacy is becoming one of the most talked about topics among compliance and auditing practitioners. A short while ago I blogged about the need for strong policies and security measures geared toward data protection. Our partner Grant Thornton has release results of a new survey, “Rising to new challenges: The view from the office of the CAE,” on the current state of the chief audit executive, and the report points out two important factors that CAE’s need to embrace in order to be successful (including data privacy).

First off, there is that ongoing risk posed by cloud computing and cybersecurity threats. As Grant Thornton outs it, “The ability to achieve growth goals is at risk without protected data and secure processes.” Half of the execs surveyed said that they did not have cloud computing factored into their audit plans, and that’s somewhat disturbing. Sixteen percent had to report a breach sometime during the last year.

Almost half of the respondents believe threats will come from external sources, and while data security should focus efforts there, the combined corporate compliance, auditing and security functions must implement the strongest control measures they can to prevent data compromise from within the organization. One way to do that is to align with security teams to identity those measures and make sure that corporate policy and training support those measures.

In a related survey by PwC, data privacy and security ranked right up there with the economy, competition, and regulation as being key risk areas.

Another area where Grant Thornton sees the need for improvement is in how chief auditors leverage the power of technology to do their jobs. The survey found that four out of five respondents weren’t using a GRC tool in their auditing process. This is interesting, because 64% said that they rely on data analytics, and integrated GRC provides the monitoring, trending analysis and tracking systems to answer both of these needs.

These numbers from Grant Thornton seem to match up with what KPMG found in their Convergence Evolution report. Take a look back at my earlier blog series GRC: Come Together, Right Here, Right Now to hear more about integrated GRC.

About the Author

Jimmy Lin, VP, Product Management & Corporate Development. Jimmy leads corporate and product strategies for The Network’s Integrated GRC Solutions. He has over 14 years experience in and around software and technology, from implementing software to analyzing new markets and leading product strategies. Jimmy is a Certified GRC Professional (GRCP). Connect with Jimmy on LinkedIn

Leave a Comment

We would be glad to get your feedback. Take a moment to comment and tell us what you think.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Awards & Certifications 2013 GRC 20/20 Technology Innovation Award 2013 TAG Top 40 Innovative Company 2012 IABC Gold Quill Award 2012 MarCom Award We self-certify compliance Safe Harbor Safe Harbor Certification SOC 2 Certification