| Page Properties |
|---|
Title | Optimize Risk |
|---|
Alternative Wordings | Manage Risk Mitigate Risk Optimize Risk Operational Risk Risk Management
|
|---|
Sources | |
|---|
|
Quotes
| Expand |
|---|
| title | KPMG and Everett, 2009, p. 3 |
|---|
|
Governance, Risk and Compliance is by far the main driver of IAM
(KPMG and Everett, 2009, p. 3) |
...
| title | KPMG and Everett, 2009, p. 7 |
|---|
Governance, Risk and Compliance (GRC) – Being ‘in control’ and able to prove it;
...
| Expand |
|---|
| title | Osmanoglu, 2013, p. 5 |
|---|
|
The Risk and Compliance Business Case This type of business case has been the driver behind the successful initiation of many IAM programs in the last several years. The financial services and healthcare industries in particular have been subject to increased regulatory requirements to more closely manage and control user access and provide more granular control to segregate the duties of users. The case for change often starts with an external auditor or regulatory body issuing a management letter of findings or a Matter Requiring Attention (MRA) to executive leadership or the board of directors. Often the threat of sanctions or fines is a strong motivator for the businesses to address these issues. At some point either the board or an executive leadership committee issues a mandate to comply. When that happens, the business case is pretty much made. All that is left is to articulate how the IAM program will mitigate the risk or comply with the regulatory issues identified.
(Osmanoglu, 2013, p. 5) |
...