An integrated approach to governance, risk, and compliance will not work without an IT infrastructure to support it; after all, take the wiring out of your Maserati and see how much good its fine-tuned Italian engineering does.
Similarly, without information systems designed to move data where they’re needed, when they’re needed, GRC personnel cannot form a clear, three-dimensional, enterprise-wide picture of an organization’s challenges and opportunities. In other words, they cannot turn data into knowledge if the data aren’t where they’re supposed to be—and in a format that has meaning.
