Governance, Risk and Compliance
"GRC is an integrated, holistics approach to organisation-wide governance, risk and compliance ensuring that an organisation acts ethically correct manner and in accordance with its risk appetite, internal policies and external regulations through the alignment of strategy, processes, technology and people, thereby improving efficiency and effectiveness."(1)
A GRC program can focus on any individual area of the organisation's activities, or can be fully integrated in a single GRC framework operating throughout the whole organisation.
(1) Racz, N., Weippl, E. & Seufert, A. (2010), Bart De Decker, Ingrid Schaumüller-Bichl, ed., A frame of reference for research of integrated GRC, Communications and Multimedia Security, 11th IFIP TC 6/TC 11 International Conference, CMS 2010 Proceedings, Berlin: Springer, pp. 106-117, ISBN 978-3-642-13240-7
Governance, Risk and Compliance
Governance, Risk Management and Compliance or GRC are the activities that define the management & control of an organisation and its risks, ensuring that the organisation complies with these defined objectives.
Governance defines the direction and control of the whole organisation through management information and hierarchical management control. This includes information management to support decision-making, the dissemination of appropriate management directives and the assurance that these directives are carried out.
Risk Management is the process of identifying, assessing, responding to and managing risk within the organisation, to ensure the organisation's resilience and to control its risk exposure to acceptable levels.
Compliance is conforming to the defined management processes and any applicable external requirements e.g. legislative, regulatory or contractual. This includes the assessment of compliance to understand the potential exposure through non-compliance and priorities and investment needed to achieve compliance. It also includes the provision of auditable evidence to demonstrate compliance.
Collecting, managing, calculating, and maintaining an audit trail can become an overwhelming task.
RiskAid Enterprise is designed to make this process so much easier for all concerned. It helps you to collect and manage the risks in assessments that reflect the structure of your organisation (and can be changed quickly to reflect organisational changes).
It maintains an audit trail of all changes with associated reasons for the change. It allows users to try out alternative solutions before proposing them without affecting the reported assessment. You can define assessment snapshots at any time, so that assessment snapshots can be compared over time, to highlight and explore changes.
RiskAid Enterprise can capture exposures as Risks (which may occur), Issues (which will occur) and Incidents (which have already occurred) to allow users to develop actions to prevent risks or reduce impact.
It maintains the security of every assessment, yet supports the ability to collate information through assessment hierarchies, to give instant views of the whole risk profile at any management level, with rapid filtering and drill-down facilities to explore points of interest.
RiskAid Enterprise meets or exceeds the requirements of a wide range of risk, governance and compliance standards, including IRM, MoR, OGC, COSO (ERM & Controls), PmBok, HIPAA, FDA, CMI, COBIT, Sarbanes-Oxley, HSE, The Orange Book, EFQM, Basel II & Turnbull.