This presentation discusses the development and implementation of an IT Governance, Risk, and Compliance (IT-GRC) program and will illustrate through a case study the success of this type of program in an academic institution. IT-GRC is an investment. Making the case to CIOs involves developing a business case that includes evaluating security, risk management, and compliance as the primary means to improve processes and to enable the business to improve and grow without impediments. The argument that resonates is business enablement and business process improvement.
