Simply put, understanding the organization consists of understanding both internal and external context with regards to the purpose of the business system being managed.
Internal context may consist of the company’s missions, core values, vision, objectives, direction, organizational and contractual obligations. We need to understand and identify how this system ties in with the organizations overall goals, how it can support these goals and what other internal factors are in place that may affect the system.
The Illustration below shows how we apply this First Step of our “Simplifying GRC in 5 Steps” thinking
In the next post we shall look at the Second Step – Understanding the People and the Structure in the Organisation