Compliance and risk experts say IT personnel should have significant input in developing GRC strategies. IT should never be left totally alone to verify procedures, says Glenn Phillips, president of Forte Inc., an audit firm. A good start to bringing both groups together is to bestow compliance responsibility on a single person or small team, preferably people with cross-pollinated business and technology skills. As line-of-business and technology groups work to cooperate, theyre more likely to succeed if they remember that compliance is a “living” thing, says Jon Heimerl.”]
Source: https://www.darkreading.com/compliance/avoid-putting-it-in-a-grc-vacuum