Fred Rica, Partner at BPM, contributed his insights to a comprehensive guide on Information Technology Risk and Compliance (ITRC) platforms. The e-book, “IT Risk & Compliance Platforms: A Buyer’s Guide,” from CyberRisk Alliance provides businesses with advice on managing their ITRC programs efficiently and effectively.

Today’s organizations face challenges in managing their ITRC programs, including rapidly changing requirements, regulations and the complexities of governance, risk and compliance (GRC) processes. Rica shares his perspectives on how businesses should approach adopting ITRC platforms.

Rica states, “Technology should be the last decision. And for many organizations, it’s the first decision because it’s easy. ‘We’ll buy the bright, shiny thing that’s going to fix our GRC problem.’ Ideally, what you want to do is build the organization, understand the assets, understand the controls, understand your risk tolerance and then go look for a technology that best matches up to your requirements.”

Furthermore, Rica highlights the importance of viewing GRC programs not just as a compliance exercise but as a business enabler that can make organizations more efficient and robust.