This playbook focuses on managing process risks and takes a deep dive into one discrete aspect – the Business Impact Analysis (BIA) for each business process.
This playbook provides three play sheets that outline key actions, which should be adapted to fit the organizational structure, risk tolerance levels and key concerns identified by your organization. Without the BIA, organizations have no reliable way to identify what is critical versus non-critical causing them to spend the same level of time, attention and resources to protect the less critical areas. By taking an approach that considers both compliance requirements and a range of internal and external factors, the organization has a methodology to identify what is critical so that risks can be properly treated relative to what they might impact.
OCEG talks often about the goal of Principled Performance – that state of being in which an organization can reliably achieve its objectives while addressing uncertainty and acting with integrity. The OCEG GRC Capability Model (the “OCEG Red Book”) establishes core governance, risk management and compliance capabilities and processes to ensure the Principled Performance outcome.
Effectively managing business process disruption and related risks is an essential aspect of GRC capability that drives successful attainment of Principled Performance. It is a key “play in the game” so we have developed this Principled Performance Playbook to address the issue and provide the reader with some essential guidance and tools to get started. Just like a sports team’s playbook, this document outlines the steps to take – or plays – and sets up the structure for assignment of the various tasks to those in your organization.
How you implement these steps depends on many factors, including the level of centralization you have for business processes, the size and scope of your operations and the number of products and services that are essential to your attainment of business objectives.
Information & Billing:
+1 (602) 234-9278
Principled Performance, OCEG, GRC360, ActiveLearning, EventDay and LeanGRC are registered trademarks of OCEG.
Protector Skillset, Protector Mindset, Protector Code, GRC Professional, GRCP, GRC Fundamentals, GRC Audit, GRCA, GRC Audit Fundamentals, Data Privacy Fundamentals, Integrated Data Privacy Professional, IDPP, Policy Management Fundamentals, Integrated Policy Management Professional, IPMP are trademarks of OCEG.