Governance is a buzzword in business today, but what does it mean and what benefits can it really offer? A host of stakeholders across various enterprises are pursuing governance initiatives, but those efforts are inefficient and disjointed. The result is excessive cost and a dangerously incomplete picture of the risks of noncompliance. A new, unified model can help today’s complex organizations unify and simplify governance management.

Business governance is not new, but the term has become increasingly popular among analysts, pundits, and business people. The rapid growth of regulations, including Sarbanes–Oxley and others, has increasingly brought governance into the everyday lexicon, and poses a tremendous challenge and opportunity: How does business address the burgeoning costs of governance and compliance, and how can it leverage the discipline of compliance with both external regulations and internal policies to improve performance? In many ways, “governance” has become the new “management”—the strategy and tactics enterprises adopt to achieve business goals, optimize operations, and limit risk. But to achieve that vision, we need to step back and understand what governance is, is not, and should be. That means rationalizing the confusing lexicon in use today, spanning governance, risk, and compliance (GRC), IT governance (ITG), IT governance risk and compliance (IT GRC), information governance, and more. It also means understanding that governance is not audit, risk management, security, business ethics, or other disciplines. And, to truly capitalize on the potential of governance, it means broadening our understanding to encompass the entire enterprise and introduce a new vision of governance. What is needed is a unified approach to governance that squeezes out redundancies and simplifies implementation, while also leveraging the power of an enterprise–wide view of risk to rapidly identify and evaluate business downsides and upsides. As a contrast, some brief case studies of poor business governance management highlight the stakes involved in ignoring this essential move toward unified governance.

What you’ll learn

In this book you will learn

• A unified approach to governance that works across the enterprise
• How to work on compliance to meet both internal organizational requirements and external compliance regulations
• How to evaluate risk management strategies
• How to manage the cost of compliance and other governance issues

Who is this book for?

This book is for all business people, managers, auditors, IT professionals, pundits, and analysts interested in corporate governance.