APAC CIOOutlook

Advertise

with us

  • Technologies
      • Artificial Intelligence
      • Big Data
      • Blockchain
      • Cloud
      • Digital Transformation
      • Internet of Things
      • Low Code No Code
      • MarTech
      • Mobile Application
      • Security
      • Software Testing
      • Wireless
  • Industries
      • E-Commerce
      • Education
      • Logistics
      • Retail
      • Supply Chain
      • Travel and Hospitality
  • Platforms
      • Microsoft
      • Salesforce
      • SAP
  • Solutions
      • Business Intelligence
      • Cognitive
      • Contact Center
      • CRM
      • Cyber Security
      • Data Center
      • Gamification
      • Procurement
      • Smart City
      • Workflow
  • Home
  • CXO Insights
  • CIO Views
  • Vendors
  • News
  • Conferences
  • Whitepapers
  • Newsletter
  • Awards
Apac
  • Artificial Intelligence

    Big Data

    Blockchain

    Cloud

    Digital Transformation

    Internet of Things

    Low Code No Code

    MarTech

    Mobile Application

    Security

    Software Testing

    Wireless

  • E-Commerce

    Education

    Logistics

    Retail

    Supply Chain

    Travel and Hospitality

  • Microsoft

    Salesforce

    SAP

  • Business Intelligence

    Cognitive

    Contact Center

    CRM

    Cyber Security

    Data Center

    Gamification

    Procurement

    Smart City

    Workflow

Menu
    • Compliance
    • Cyber Security
    • Hotel Management
    • Workflow
    • E-Commerce
    • Business Intelligence
    • MORE
    #

    Apac CIOOutlook Weekly Brief

    ×

    Be first to read the latest tech news, Industry Leader's Insights, and CIO interviews of medium and large enterprises exclusively from Apac CIOOutlook

    Subscribe

    loading

    THANK YOU FOR SUBSCRIBING

    • Home
    Editor's Pick (1 - 4 of 8)
    left
    Welcoming Big Data Technology amidst Changes

    Darren Cockrel, CIO, Coyote Logistics

    Leveraging Compliance to Your Advantage

    Mark Bloom, Global CIO, Aegon

    Demystifying the Role of IT in Millennial Organizations

    Jeff Fithian, VP, Strategic Initiatives and CIO, Dynamic Materials Corporation

    Productivity and Security- Can you ever have both?

    Julie Cullivan, SVP, Business Operations & CIO, Fireeye

    Lessons Learned from a CIO

    John Miller, Vice President and CIO, American Textile Company

    New Hr Capabilities To Face Evolving Technologies

    Anti Deisnasari, Director Of Compliance, Seabank Indonesia

    Strengthening The Compliance Fortress In The Banking Sector

    Chuan Lim Ang, Managing Director And Sg Head Of Compliance, Cimb

    Navigating Legal Challenges By Adapting To Technological Shifts

    Valerie Feria Amante, Chief Legal, Ethics & Compliance Officer, Jollibee Group Of Companies

    right

    Implementing an IT-GRC Program

    Ker Shing Chock, Head of Legal & Compliance, DBS Bank, Malaysia

    Tweet
    content-image

    Ker Shing Chock, Head of Legal & Compliance, DBS Bank, Malaysia

    The concept of GRC is nothing new but the entire framework itself is feeling the heat due to growing regulatory environment (especially after the financial collapse of 2008), higher business complexity, increased demands for more accountability, and rapid proliferation of new risks.

    Generally, GRC initiatives will always require business and IT to work together, as many of the risks and challenges in GRC landscape cannot be solved efficiently without specific IT tools. Hence, the term “IT strategy” has been used commonly in the context of GRC process enhancement. This not withstanding, one should always bear in mind that the software is not the strategy; without a solid governance structure as a foundation, no solution will adhere to compliance.

    An effective GRC strategy requires top management to bring order to GRC activities across the organisation – that is, across all business functions and units, all underlying IT infrastructure and all geographies. This is particularly important because when corporate GRC are fragmented, it implies a higher expenditure of time and money, causing significant misallocation of financial and human resources.

    To develop a coherent GRC approach across the organisation whereby management can have a firmer handle on risk from all aspects, a common GRC technology platform (IT-GRC) may be of utmost importance, apart from having a common framework to define the group-wide GRC principles; approve policies, provide guidance to different segments of GRC initiatives, and authorize any GRC-related technology investments.

    A good IT-GRC platform should consider embedding stronger financial controls and compliance objectives, and not just a mere system upgrade to meet the ad-hoc requirements. A successful IT-GRC implementation can enhance business processes from two broad aspects:

    (a) Information/Resource Management

    It is undeniable that both private and public sector executives are battling against a tide of information, which organisations and their staff cannot easily cope up with. Under the common IT-GRC platform, fragmented information can be brought together and streamlined so that employees are able to rely on those comprehensive data to support their analytics, reporting, business rule and end-point decision making.

    This can be achieved by coming up with a common repository for all policy documents, regulatory updates, training materials and other compliance resources.

    A good IT-GRC platform should consider embedding stronger financial controls and compliance objectives

    Under a central location where data is stored and managed, users are not just able to create new policies and controls and map them to the regulations and internal requirements, but also able to assess whether the controls are in place and working, and fix them if they are not.

    In addition, effective information governance through a common IT platform will also help business to extract data for all GRC-related reporting across departments and across domains, which allows upper management to compare the GRC performance of different business units and identify risks on a real-time basis.

    (b) Risk Management

    Risk is inherent in everything we do and the portfolio of risk is broadening as new stresses and challenges continue to emerge.

    To manage both internal and external risks of an organisation, the most common and systematic approach would involve:

    (a) Identification; (b) Analysis; (c) Evaluation; (d) Responding; and (e) On-going monitoring and reviewing risks, whereby the same will be embedded in most software solutions that supports the end-to-end risk management process.

    That being said, we all recognize that risks do not exist in isolation. They interact with other events and conditions. Hence, to ensure that various risks are being managed and mitigated effectively within a common IT-GRC platform, it is important to understand and identify the correlation between different risks. Techniques such as risk-interaction matrices should be developed as part of the GRC tools for segmenting users, to prevent the impact of some risks that are underestimated in classical methods.

    Malaysia IT Governance and Compliance

    Back in the year 2011, Malaysia Software Testing Board (MSTB) initiated the Malaysia Software Testing Hub (MSTH) program funded by the Government with an aim to facilitate and strengthen the nation’s governance, risk and compliance (GRC) framework. In essence, the testing is to ensure the underlying IT components of the GRC framework are thoroughly tested for functionality, integrity, security, and so forth.

    From banking and financial perspectives, the country’s central bank, Bank Negara Malaysia (BNM) had in October 2016, set up a Fintech regulatory sandbox framework for financial institutions and FinTech companies to experiment and test out innovations that:

    (a) Improve the accessibility, efficiency, security and quality of financial services;

    (b) Enhance the efficiency and effectiveness of Malaysian’s financial institution’s risk management; or

    (c) Address the gaps in financing or investments in the Malaysian economy.

    This concept of regulatory sandbox framework is not new as UK, Singapore and Australia are also encouraging the development of FinTech innovations. Banks are investing heavily in new technologies, and spending is expected to grow continuously as banks seek to take advantage of new IT and digital solutions to make their operations more efficient, comply with regulators while simultaneously interacting with customers in order to maintain competitiveness.

    Conclusion

    Today’s era is less about major rewrite of risk and compliance frameworks, and more about rapid response towards the fast-changing environment with big data. As corporates embark on new strategies and change by leveraging digital technology, effective governance from top level is essential to getting a comprehensive IT-GRC platform implemented. It requires an innovative approach not only of technology but of the entire management system.

    tag

    GRC

    Financial

    Big Data

    Weekly Brief

    loading
    Top 10 Compliance Solutions Providers in APAC - 2025
    ON THE DECK

    I agree We use cookies on this website to enhance your user experience. By clicking any link on this page you are giving your consent for us to set cookies. More info

    Read Also

    Listening Beyond Hearing

    Listening Beyond Hearing

    Salvatore Incardona, Head of IT, Amplifon Australia
    Modernizing Lending Through Innovative, Secure and Scalable Technology

    Modernizing Lending Through Innovative, Secure and Scalable Technology

    Steven Meek, Chief Information Officer, Pepper Money
    Advancing the Chemical Industry through Digital Transformation

    Advancing the Chemical Industry through Digital Transformation

    Jan Mandrup Olesen, Global Head of Digital Business, Indorama Ventures
    Cultivating a Sustainable Future through Collaboration

    Cultivating a Sustainable Future through Collaboration

    Jiunn Shih, Chief Marketing, Innovation & Sustainability Officer, Zespri International
    Mastering Digital Marketing Strategies

    Mastering Digital Marketing Strategies

    Tasya Aulia, Director of Marketing and Communications, Meliá Hotels International
    Building a Strong Collaborative Framework for Artificial Intelligence

    Building a Strong Collaborative Framework for Artificial Intelligence

    Boon Siew Han, Regional Head of Humanoid Component Business & R&D (Apac & Greater China), Schaeffler
    From Legacy to Agility Through Digital Transformation

    From Legacy to Agility Through Digital Transformation

    Athikom Kanchanavibhu, EVP, Digital & Technology Transformation, Mitr Phol Group
    Change Management for Clinical Ancillary Teams: Aligning Practice with Policy and Progress

    Change Management for Clinical Ancillary Teams: Aligning Practice with Policy and Progress

    Ts. Dr. James Chong, Chief Executive Officer, Columbia Asia Hospital – Tebrau
    Loading...
    Copyright © 2025 APAC CIOOutlook. All rights reserved. Registration on or use of this site constitutes acceptance of our Terms of Use and Privacy and Anti Spam Policy 

    Home |  CXO Insights |   Whitepapers |   Subscribe |   Conferences |   Sitemaps |   About us |   Advertise with us |   Editorial Policy |   Feedback Policy |  

    follow on linkedinfollow on twitter follow on rss
    This content is copyright protected

    However, if you would like to share the information in this article, you may use the link below:

    https://compliance.apacciooutlook.com/cxoinsights/implementing-an-itgrc-program-nwid-4390.html