Learn from the experience of others and share your experience! blog
Have you ever asked your peers or professional colleagues what risk management or compliance tools they use? We value the ground well tread because we know that learning comes from making mistakes. How would you like to know what 1000's of your peers are saying about GRC ven
Operational Risk Management – Key Shifts Required to Rise to the Challenge blog
By Brian Barnier, OCEG Fellow
SAS Enterprise GRC
SAS Enterprise GRC strengthens governance and trust with systematic management of risk. It detects and helps prevent violations, allowing you to align strategy with risk appetite. The solution builds a reliable view of risk compliance, facilitates collaboration between GRC teams and reduces the cost of risk management through automation. Benefits Demonstrates an effective implementation of the GRC framework. Enhances the quality of decision making across the organization. Reduces the likelihood of unpleasant surprises for all stakeholders. Enhances the efficiency and effectiveness of GRC processes. Reduces risk-related losses. Reduces the risk of regulatory compliance violations. Provides more reliable assurance to stakeholders.
- IT.01 - Audit and Assurance Management
- IT.03 - Brand and Reputation Management
- IT.05 - Compliance Management
- IT.07 - Control Activity, Monitoring, and Assurance
- IT.16 - Information/IT Risk & Security
- IT.27 - Strategy, Performance, and Business Intelligence
- D1. Detective Actions & Controls
- P1. Proactive Actions & Controls
- R1. Responsive Actions & Controls
- R2. Internal Investigation
- D3. Inquiry
- P3. Policies
- R5. Remediation
- P7. Risk Financing
- (A) Assess
- (M) Measure
- (I) Interact
SAI Global GRC Software
SAI Global’s GRC Platform provides a flexible software solution to manage and profile risks, compliance obligations, incidents and cases, policies, and learning across the organization. Specific applications include configurations for environmental, health and safety use and for bribery and corruption risk management. A full utilization of SAI Global's software enables integration with SAI Global's Learning & Communication Platform and a single view across highly decentralized global operations. This inevitably results in better use of human capital, reduced costs, increased transparency and improved business results. A partial list of solution components, deployable as standalone elements or integrated, include risk assessment and profiling; obligations management; case and incident management; policy management; registries to manage gifts, hospitality, entertainment, facilitation payments and conflicts of interests; audit management; integration with hotline; and a fully configurable GRC Dashboard that integrates with learning and communication.
- IT.02 - Board and Entity Management
- IT.05 - Compliance Management
- IT.11 - Environmental, Health, and Safety
- IT.14 - Global Trade Compliance/International Dealings
- IT.15 - Hotline/Helpline
- IT.19 - Issue and Investigations Management
- IT.22 - Policy Mgmt, Communication & Training
- IT.23 - Privacy Management
- IT.26 - Risk Management
- IT.26 - Regulatory Intelligence and Monitoring
- IT.28 - 3rd Party/Vendor Risk & Compliance
- (C) Context
- M1. Context Monitoring
- P1. Proactive Actions & Controls
- R1. Responsive Actions & Controls
- D2. Notification
- M2. Performance Monitoring
- P2. Codes Of Conduct
- R2. Internal Investigation
- D3. Inquiry
- P3. Policies
- R3. 3rd Party Inquiry & Investigation
- M4. Assurance
- P4. Education
- (O) Organize
- (A) Assess
- (I) Interact
Protiviti Governance Portal
The Protiviti Governance Portal is a comprehensive software platform that integrates content and commonly accepted frameworks with world-class consulting expertise that provides organizations with the visibility and insight needed to manage and mitigate critical risk and compliance issues today and in the future.
- IT.01 - Audit and Assurance Management
- IT.05 - Compliance Management
- IT.07 - Control Activity, Monitoring, and Assurance
- IT.16 - Information/IT Risk & Security
- IT.22 - Policy Mgmt, Communication & Training
- IT.26 - Risk Management
- IT.26 - Regulatory Intelligence and Monitoring
- IT.28 - 3rd Party/Vendor Risk & Compliance
- A2. Analysis
- M4. Assurance
- R5. Remediation
- (A) Assess
- (M) Measure
Regulatory Risk: 5 Steps for Coping blog
Admidst concerns about "regulatory risk," the GRC leaders must ask how to best help other business staff and line leaders successfully manage regulators, to minimize cost and improve compliance. One internal audience is the finance function. This article, from the Association of Finance Professionals, provides GRC leaders with a window on their finance colleagues.
MEGA GRC Suite
To maximize business performance within acceptable risk levels, the MEGA Governance, Risk and Compliance software solution helps executives coordinate their efforts and manage and communicate enterprise information in a consistent way. The solution helps establish an integrated and adapted corporate governance system based on the correlation of complex risks and processes to consistently address enterprise risk management, operational risk management, internal audit management and compliance management. The MEGA Governance, Risk and Compliance solution is based on a flexible and modular platform, which consists of powerful and user-friendly tools, built on a common repository, integrating standard best practices and methodologies, and providing each stakeholder the right view on his GRC area of interest. The MEGA solution is reinforced by 19 years of process expertise from an international team of consultants. MEGA consultants help you manage the changes addressed by your organization’s performance improvement project.
- IT.28 - 3rd Party/Vendor Risk & Compliance
- A1. Identification
- C1. External Context
- A2. Analysis
- C2. Internal Context
- A3. Planning
- C3. Culture
- (A) Assess
Regulatory Intelligence by Michael Rasmussen: an Axentis Thought Leadership White Paper resource White Papers Member contributionOCEG Reviewed
"The old paradigm of regulatory change management is clearly a recipe for disaster given the volume, pace of change
A Frame of Reference for Research of Integrated Governance, Risk, and Compliance (GRC) resource Research / Studies Member contribution
This research paper was presented at the 11th IFIP TC 6/TC 11 International Conference for Communications and Multimedia Security in Linz, Vienna. It provides a scientifically derived short-definition of GRC and a frame of reference for research of integrated GRC.
