Competence: Starting point "Evaluate culture / DNA GRC of the Board of Directors"
Each company have a specific demand in CyberSecurity, thus the first step will start with in review of the basic GRC process actual, expectations and assumptions. These task force include Board, Top Managers, internal expertises and Consultants allocated that must be involved in all analysis and executive reports to be publish.
After that, the task force will build some scenarios that must be submit for tests and analysis, evidence and that will promote a validation process of the DNA of the Governance implemented versus Business Goals.
There are more three steps aiming to collect evidences in waves to produce a high level GRC diagnostic of the culture in Board of Directors and what they want increase the maturity in Governance.
There is a special step for Board of Directors where will demonstrated an easy way to understand the critical FCS communicated of the functional areas and the technology area that represent a potencial risk that must be more investigated.
Other important step is to discover or emphasize again the level of the Company Tolerance Risk in the Board of Directors that is communicated for all organization, partners, third parties, clients, suppliers and consulting services. At least, is dedicate for evaluate Fraud, Internal Control, Compliance, CyberSecurity and legal calendar required culture and the matrix called RACI where there are many FCS for Business Continuity, all these procedures will be evaluate in Board of Directors of the some critical events understanding.
The main point is that there are so many steps to do before the company decide to buy a technical solution, and sometimes the GRC procedures and policies could be appears like additional costs and unnecessary steps, but if done the company will take better decisions with more opportunities and less risk to achieve their business goal.
