Governance, Risk and Compliance

How to Build an Agile GRC Program

Mature GRC programs deliver agility so that the organization can effectively navigate risks and opportunities and build resiliency to recover from risk events quickly. To achieve these outcomes, GRC programs must be able to provide a holistic picture of the operational, strategic, compliance, financial, and social risks facing the organization.

To accomplish this, the GRC management strategy, processes, and technology architecture must align with the risks and objectives of the organization.

Watch this webinar to learn how to define, build, and enable an agile GRC program which will allow your organization to effectively navigate risks and opportunities and build resiliency to recover from risk events quickly.

What we’ll cover:

  • Define a GRC strategic plan for your organization that is agile
  • Build agile GRC management processes to support the strategic plan
  • Enable the GRC strategic plan and processes with an agile information and technology architecture


14:44 – OCEG’s official definition of GRC

18:07 – Critical questions organizations need to ask

19:43 – GRC Agility vs. Resiliency

27:12 – GRC Management: A Top-Down Approach

31:33 – GRC Management Strategy Drivers

33:29 – Critical Roles in GRC

34:53 – Rasmussen’s 5-step Plan for Building a GRC Strategy

39:46 – Creative GRC Thinking

41:50 – GRC Capability Model version 3.0

47:34 – GRC 20/20’s GRC Maturity Model

50:34 – How technology can deliver GRC Agility

Presented by:

Michael Rasmussen

Michael Rasmussen

Michael is an internationally recognized pundit on governance, risk management, and compliance (GRC). With 27+ years of experience, Michael helps organizations improve GRC processes, design and implement GRC architecture, and select effective, efficient, and agile technologies.

Ryan Napoleone

Ryan Napoleone

Ryan is a product manager and subject matter expert in governance, risk management, and compliance (GRC) software. Leveraging his experience in risk advisory at Deloitte and implementations and product management at Resolver, Ryan delivers solutions and guidance to help organizations transform risk management into risk intelligence.