Learn from the experience of others and share your experience! blog
Have you ever asked your peers or professional colleagues what risk management or compliance tools they use? We value the ground well tread because we know that learning comes from making mistakes. How would you like to know what 1000's of your peers are saying about GRC ven
WYSIATI - Jumping to Conclusions with Limited Evidence blog
Over confidence in our ability to assess risks has led to more mistakes than we care to admit. WYSIATI - "What You See Is All There Is" describes a set of biases that prevents us from becoming better risk managers. Why is this the case? Because we jump to conclusions based on weak evidence and confuse correlation with causation.
SAS Enterprise GRC
SAS Enterprise GRC strengthens governance and trust with systematic management of risk. It detects and helps prevent violations, allowing you to align strategy with risk appetite. The solution builds a reliable view of risk compliance, facilitates collaboration between GRC teams and reduces the cost of risk management through automation. Some Distinctive Features Include: Creates a common and integrated repository of all critical GRC components (e.g., risks, controls, policies, audits, etc.). Facilitates collaboration between various GRC teams, which will be difficult when the GRC components are in multiple systems. Reduces cost of risk management and compliance by reducing duplication of data and processes. Links all critical GRC elements, enabling you to easily visualize and assess the impact of a business decision in one part of the organization over other parts of the organization.
- IT.01 - Audit and Assurance Management
- IT.03 - Brand and Reputation Management
- IT.05 - Compliance Management
- IT.07 - Control Activity, Monitoring, and Assurance
- IT.12 - Finance/Treasury Risk Management
- IT.13 - Fraud and Corruption Detection, Prevention & Mgmt
- IT.16 - Information/IT Risk & Security
- IT.19 - Issue and Investigations Management
- IT.22 - Policy Mgmt, Communication & Training
- IT.24 - Quality Management and Monitoring
- IT.26 - Risk Management
- IT.26 - Regulatory Intelligence and Monitoring
- IT.27 - Strategy, Performance, and Business Intelligence
- A1. Identification
- D1. Detective Actions & Controls
- I1. Info Management
- M1. Context Monitoring
- P1. Proactive Actions & Controls
- R1. Responsive Actions & Controls
- A2. Analysis
- D2. Notification
- M2. Performance Monitoring
- R2. Internal Investigation
- A3. Planning
- D3. Inquiry
- I3. Technology
- P3. Policies
- R4. Crisis Response
- P7. Risk Financing
SAS Enterprise GRC
SAS Enterprise GRC strengthens governance and trust with systematic management of risk. It detects and helps prevent violations, allowing you to align strategy with risk appetite. The solution builds a reliable view of risk compliance, facilitates collaboration between GRC teams and reduces the cost of risk management through automation. Benefits Demonstrates an effective implementation of the GRC framework. Enhances the quality of decision making across the organization. Reduces the likelihood of unpleasant surprises for all stakeholders. Enhances the efficiency and effectiveness of GRC processes. Reduces risk-related losses. Reduces the risk of regulatory compliance violations. Provides more reliable assurance to stakeholders. How SAS® Is Different Creates a common and integrated repository of all critical GRC components (e.g., risks, controls, policies, audits, etc.). Facilitates collaboration between various GRC teams, which will be difficult when the GRC components are in multiple systems. Reduces cost of risk management and compliance by reducing duplication of data and processes. Links all critical GRC elements, enabling you to easily visualize and assess the impact of a business decision in one part of the organization over other parts of the organization.
- IT.01 - Audit and Assurance Management
- IT.03 - Brand and Reputation Management
- IT.04 - Business Continuity Management
- IT.05 - Compliance Management
- IT.07 - Control Activity, Monitoring, and Assurance
- IT.16 - Information/IT Risk & Security
- IT.22 - Policy Mgmt, Communication & Training
- IT.26 - Risk Management
- IT.26 - Regulatory Intelligence and Monitoring
- IT.27 - Strategy, Performance, and Business Intelligence
- IT.28 - 3rd Party/Vendor Risk & Compliance
- A1. Identification
- D1. Detective Actions & Controls
- I1. Info Management
- M1. Context Monitoring
- O1. Commitment
- P1. Proactive Actions & Controls
- R1. Responsive Actions & Controls
- A2. Analysis
- M2. Performance Monitoring
- O2. Roles
- P2. Codes Of Conduct
- R2. Internal Investigation
- A3. Planning
- D3. Inquiry
- I3. Technology
- M3. Systemic Improvement
- O3. Accountability
- P3. Policies
- C4. Objectives
- M4. Assurance
- R5. Remediation
- P7. Risk Financing
MEGA GRC Suite
To maximize business performance within acceptable risk levels, the MEGA Governance, Risk and Compliance software solution helps executives coordinate their efforts and manage and communicate enterprise information in a consistent way. The solution helps establish an integrated and adapted corporate governance system based on the correlation of complex risks and processes to consistently address enterprise risk management, operational risk management, internal audit management and compliance management. The MEGA Governance, Risk and Compliance solution is based on a flexible and modular platform, which consists of powerful and user-friendly tools, built on a common repository, integrating standard best practices and methodologies, and providing each stakeholder the right view on his GRC area of interest. The MEGA solution is reinforced by 19 years of process expertise from an international team of consultants. MEGA consultants help you manage the changes addressed by your organization’s performance improvement project.
- IT.28 - 3rd Party/Vendor Risk & Compliance
- A1. Identification
- C1. External Context
- A2. Analysis
- C2. Internal Context
- A3. Planning
- C3. Culture
- (A) Assess
FIVE TIPS TO GET MORE BUSINESS BENEFIT FROM OPERATIONAL RISK resource Articles Member contribution
"The list from the regulators is growing!" "Our leadership wants to know if we're creating value beyond shuffling compliance paperwork." "The regulators keep asking questions beyond our risk framework." "The bank is changing faster than we can keep up, changing products and integrating acquisitions." "Our o
New ISO standard for effective management of risk (November 2009) resource Standards and Guidelines
Introduction: A new International Standard, ISO 31000:2009, Risk management – Principles and guidelines, will help organizations of all types and sizes to manage risk effectively.
ISO 31000 provides principles, framework and a process for managing any form of risk in a transparent, systematic and credible manner within any scope or context.
Why is GRC important? blog
I have been blogging about what GRC is, advocating the definition developed by the Open Compliance and Ethics Group, OCEG (see this and subsequent posts). But, I haven’t really talked about why the concept of GRC has value.
LeanGRC™ - Improving Your Risk Profile: LeanGRC Assessments resource White Papers OCEG Reviewed
This whitepaper, the third in a series devoted to the topic of LeanGRC™, addresses how the key concepts of Lean Production principles can be applied to risk assessments, a key governance, risk management and compliance (GRC) activity.
Risk and Incident Management: Getting the Right Information at the Right Time resource Archived Webinars Member contribution
When an issue is brought forward in a face to face conversation with a manager or HR, how do you ensure the follow up is consistent across your organization? Answer this question and more as you join David Wilber, COO for Eggleston Services, for an in-depth webinar on risk and incident management.
