SAS Enterprise GRC
SAS Enterprise GRC strengthens governance and trust with systematic management of risk. It detects and helps prevent violations, allowing you to align strategy with risk appetite. The solution builds a reliable view of risk compliance, facilitates collaboration between GRC teams and reduces the cost of risk management through automation. Benefits Demonstrates an effective implementation of the GRC framework. Enhances the quality of decision making across the organization. Reduces the likelihood of unpleasant surprises for all stakeholders. Enhances the efficiency and effectiveness of GRC processes. Reduces risk-related losses. Reduces the risk of regulatory compliance violations. Provides more reliable assurance to stakeholders. How SAS® Is Different Creates a common and integrated repository of all critical GRC components (e.g., risks, controls, policies, audits, etc.). Facilitates collaboration between various GRC teams, which will be difficult when the GRC components are in multiple systems. Reduces cost of risk management and compliance by reducing duplication of data and processes. Links all critical GRC elements, enabling you to easily visualize and assess the impact of a business decision in one part of the organization over other parts of the organization.
- IT.01 - Audit and Assurance Management
- IT.03 - Brand and Reputation Management
- IT.04 - Business Continuity Management
- IT.05 - Compliance Management
- IT.07 - Control Activity, Monitoring, and Assurance
- IT.16 - Information/IT Risk & Security
- IT.22 - Policy Mgmt, Communication & Training
- IT.26 - Risk Management
- IT.26 - Regulatory Intelligence and Monitoring
- IT.27 - Strategy, Performance, and Business Intelligence
- IT.28 - 3rd Party/Vendor Risk & Compliance
- A1. Identification
- D1. Detective Actions & Controls
- I1. Info Management
- M1. Context Monitoring
- O1. Commitment
- P1. Proactive Actions & Controls
- R1. Responsive Actions & Controls
- A2. Analysis
- M2. Performance Monitoring
- O2. Roles
- P2. Codes Of Conduct
- R2. Internal Investigation
- A3. Planning
- D3. Inquiry
- I3. Technology
- M3. Systemic Improvement
- O3. Accountability
- P3. Policies
- C4. Objectives
- M4. Assurance
- R5. Remediation
- P7. Risk Financing
SAI Global GRC Software
SAI Global’s GRC Platform provides a flexible software solution to manage and profile risks, compliance obligations, incidents and cases, policies, and learning across the organization. Specific applications include configurations for environmental, health and safety use and for bribery and corruption risk management. A full utilization of SAI Global's software enables integration with SAI Global's Learning & Communication Platform and a single view across highly decentralized global operations. This inevitably results in better use of human capital, reduced costs, increased transparency and improved business results. A partial list of solution components, deployable as standalone elements or integrated, include risk assessment and profiling; obligations management; case and incident management; policy management; registries to manage gifts, hospitality, entertainment, facilitation payments and conflicts of interests; audit management; integration with hotline; and a fully configurable GRC Dashboard that integrates with learning and communication.
- IT.02 - Board and Entity Management
- IT.05 - Compliance Management
- IT.11 - Environmental, Health, and Safety
- IT.14 - Global Trade Compliance/International Dealings
- IT.15 - Hotline/Helpline
- IT.19 - Issue and Investigations Management
- IT.22 - Policy Mgmt, Communication & Training
- IT.23 - Privacy Management
- IT.26 - Risk Management
- IT.26 - Regulatory Intelligence and Monitoring
- IT.28 - 3rd Party/Vendor Risk & Compliance
- (C) Context
- M1. Context Monitoring
- P1. Proactive Actions & Controls
- R1. Responsive Actions & Controls
- D2. Notification
- M2. Performance Monitoring
- P2. Codes Of Conduct
- R2. Internal Investigation
- D3. Inquiry
- P3. Policies
- R3. 3rd Party Inquiry & Investigation
- M4. Assurance
- P4. Education
- (O) Organize
- (A) Assess
- (I) Interact
Good Practice in Investigations: It's so obvious..... we don't do it blog
I presented at an interesting meeting of CISOs of a range of investment banks in the UK and my colleague mentioned guidance during the meeting that recommended good practice in the preservation of scenes, exhibit handling and preservation of the chain of evidence.
Bribery Act of 2010, United Kingdom resource National Laws
The Bribery Act applies to both public and private corporations, and to individuals.
Why is GRC important? blog
I have been blogging about what GRC is, advocating the definition developed by the Open Compliance and Ethics Group, OCEG (see this and subsequent posts). But, I haven’t really talked about why the concept of GRC has value.
OCEG One Minute Poll: Who Investigates? resource OMP - One Minute Poll OCEG Reviewed
A quick research poll of the OCEG worldwide membership. March 2008
Investigations group
Welcome to the Investigations community group. This group addresses GRC issues that arise in the conduct of investigations regarding compliance and ethical conduct.
