21-23 Ize Iyamu Street, Ceflix-Scepter Centre,

Off Billings Way, Oregun Ikeja, LagosP. O. Box 10448, Marina, Lagos, Nigeria+234 806 719 1062, +234 806 007 8227

www.mitiget.com | info@mitiget.com KEEP TOTAL VISIBILITY

Inside-Outside

FrequentlyAskedQuestions

1. What is GRC?Governance, Risk and Compliance, or GRC for short, refers to a company'scoordinated strategy for managing the broad issues of corporate governance,enterprise risk management (ERM) and corporate compliance with regard toregulatory requirements.

To ensure that businesses protect their information, have consistent cohesiondepartmentally, and follow all governmental regulations, a governance, riskand compliance, (GRC) program is important. Lastly, a lack of visibility indetermining risks in operations can adversely impact the achievement of thecorporate goals. Hence, the GRC program will enable strategy.to inaccuratereports.

FAQ

2. How Does GRC Work?Organizations develop a GRC framework for the leadership, structures,process, component interactions and operation of the organization's IT areasto ensure that they support and enable the organization's strategicobjectives. The framework specifies clearly defined measurables that shine alight on the effectiveness of an organization's GRC efforts. Although there aremany good software options available to help streamline GRC operations,GRC is more than a set of software tools. Many organizations consult aframework for guidance in developing and refining their GRC functions ratherthan creating one from scratch. Frameworks and standards provide buildingblocks that organizations can tailor to their environment. ISO 27001, COBIT,COSO and ITIL are some of the big options in the industries.

3. What is key to a successful GRC implementation?

The decision-making, resource and portfolio management, risk management,and regulatory compliance functions included in a GRC framework will not beeffective unless the organization's executive leadership really supportscultural change. The leadership must have intent and commitment for a GRCproject to be successful and continuously improved on.

FAQ

4. Who employs GRC?GRC can be implemented by any organization – public or private, large orsmall – that wants to align its IT activities to its business goals, manage riskeffectively and stay on top of compliance.

5. What is a GRC tool and what does it do?A GRC solution enables you to create and coordinate policies and controls and map them to regulatory andinternal compliance requirements. These solutions, which could be cloud-based or on-premise, introduceautomation for many processes, which increases efficiency and reduces complexity. Some of the solutionsare IBM OpenPages GRC Platform, MetricStream, BeWise and Rsam's Enterprise GRC. You also need tocreate a GRC framework. Although GRC tends to focus heavily on IT, implementing a strategy involves anentire organization, and requires a hard look at all of the people and processes that will be affected..

FAQ

6. What are the top GRC certifications?

CIO, IT security analyst, security engineer or architect, information assuranceprogram manager and senior IT auditor, among other roles require or benefitfrom a GRC certification, including:

• Certified in Risk and Information Systems Control (CRISC)• Certified in the Governance of Enterprise IT (CGEIT)• Project Management Institute - Risk Management Professional (PMI-RMP)• ITIL Expert• Certification in Risk Management Assurance (CRMA)• GRC Professional (GRCP)

FAQ

7. Is GRC all about Technology?

GRC in fact, is optimizing performance against an organization’s goals andobjectives, while managing risks and being compliant. It’s about PrincipledPerformance with the elimination of silos and fragmentation amongorganizations and processes involved in GRC.

8. What level of efficiency will GRC program bring to your organization?

An haphazard collage of silo-ed , reactive compliance measures potentiallyincrease costs and risks. Your organization needs to take advantage of realtime service performance, security, and operational information to enablereal time risk assessment and fine grained business impact analysis.

FAQ

9. What level of visibility will GRC bring to your organization?

With manual processes you struggle to gain any sort of scientific-led visibilityon your operational and risk posture. The time taken for your team to assessthe dependencies across risks, compliance, business and operations is long.As a result, your organization remains exposed to recurring compliance andaudit failures, data breaches, IP losses, and service performance failures. Aneffective GRC solution helps you to have visibility.

10. Is the term ‘GRC Management’ meaningful?

There is no such thing as GRC management, only themanagement of GRC processes. To top it all, an automatedcloud based service management platform to manage yourGRC processes is an advantage for your operatingmanagers. It’s beneficial to get a single window 360 degreeview across simultaneous processes, policies and controls.With service management you can extend yourinvestments to break down siloes, operationalizeintegrated GRC, and enhance the efficiency and efficacy ofyour GRC.

FAQ

11. What is the role of IT in implementing GRC?Apart from dealing with its own functional internal risks: data breaches, privacy, internal datagovernance and so on, the IT section of the organization could play a role in business-level GRC,implementing the technology that will help with the flow of information. This could be thesupporting the design of the applications and platforms for conducting risk assessments andtraining employees and pull in the information from systems throughout the enterprise thatmeasure risk.

The GRC implementation should be in purview of the chief risk officer, a person charged withtying together separate areas of risk, such as environmental health and safety, IT security,business continuity and financial risk, so the organization can see its exposure across these areas.Overall, GRC strategy will be a very limited program if it does not come from the board.

MITIGET AND GRC SOLUTIONAn organization’s GRC approach has a dramatic positive impact on organizational effectiveness by providing a clear, unambiguous process and a single

point of reference for the organization. Your GRC approach and the tools that help you achieve that should eliminate redundancy, duplicative software,

hardware, training and rollout costs. The GRC process and approach you employ should provide you with a single source of truth for your employees,

management and stakeholders.

Engage Mitiget today to discuss your GRC needs.

Manage uncertainties and leverage opportunities emerging from rapidly changing business environment. Mitiget is here to help you deploy a robust but functional GRC Software.

Do you want to align your IT activities to business goals, manage riskseffectively and stay on top of compliance? Mitiget helps any organization –public or private, large or small – build a strategy for managing overallgovernance, enterprise risk and compliance. We adopt a structuredapproach which aligns IT processes with business objectives while coveringthree components:

• Governance - managing IT operations to align them to support theorganization's business goals.

• Risk - establishing a comprehensive enterprise risk management framework andprocesses to identify and mitigate any risk while leveraging opportunities inorder to support organization’s business goals.

• Compliance – Ensuring organizational activities are operated in a way that meetthe requirements of the laws and regulations without negative impact tobusiness and systems, that is, IT systems and critical data are used and securedproperly.

Our well-planned GRC solutions will help your organization improvedecision-making, ensure optimal utilization of IT investments, eliminatesilos, and reduce fragmentation both at the cadre level and functional areas.

Our GRC Services

GRC Consulting –Roadmap

Development & Handholding

GRC Technology Deployment &

Integration

GRC Personnel Augmentation

ERM

Set

up

&

Imp

lem

enta

tio

n

Reg

ula

tory

& S

tan

dar

d

Co

mp

lian

ce

IT R

isk

Ass

essm

ent

&

Rem

edia

tio

n

Ris

k B

ased

Au

dit

(O

per

atio

ns,

IT/I

S)

Co

ntr

ol A

sses

smen

t &

Im

ple

men

tati

on

Bu

sin

ess

Imp

act

An

alys

is

and

Gap

Clo

sure

Dat

a P

rofi

ling

& P

riva

cy

Man

agem

ent

Mitiget helps clients plan, assess, and improve GRC capabilities inorder to achieve business goals or principled performance. We alsooffer the following services:

Reach out to us today to discuss your needswww.mitiget.com | info@mitiget.com

+234 909 552 2003, +234 806 719 1062, +234 806 007 8227

Governance, Risk & Compliance (GRC) Solutions

GRC IS A BOARD CONCERN STRONGLY LINKED TO TRUST, INNOVATION, COMPETIVENESS AND BUSINESS GROWTH.

We are the #1 Provider of BCP Facility & DRP Environment in Nigeria. Book For Our Service Today

WH

AT W

E D

O

www.mitiget.com

We Deliver Simple SolutionsTo Complex Problems.

KEEP TOTAL VISIBILITYInside-Outside

Mitiget Assurance and Technology Services Limited (Mitiget)Info@Mitiget.com | www.Mitiget.com

Ceflix-Scepter Centre,21-23 Ize Iyamu Street,

Off Billings Way, Oregun Ikeja, LagosP. O. Box 10448, Marina, Lagos, Nigeria+234 806 719 1062, +234 806 007 8227