Real-World GRC Convergence: Platform Considerations

Email     |     Share  
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11
Next Real-World GRC Convergence: Platform Considerations-8 Next

GRC Convergence Platform

Key cross-domain elements of a GRC convergence platform also include:

  • Workflow management automates business logic and facilitates enterprise communication, collaboration, notification, accountability and assurance, and review. It is used across all GRC contexts and includes a business rules engine, tasking and notification, and distributed communication.
  • Reporting and analysis capabilities should include several types of reporting formats that provide flexible query analysis and data download capabilities, information summaries, drill-down dashboard reporting, and heavy-text and editable reporting (e.g., via Microsoft Word).
  • Advanced analytics and modeling capabilities include varying degrees of advanced analysis or integration with various operational, transactional and analytical tools used to consolidate analysis within the GRC taxonomy and drive enterprise action planning. Types of advanced and external analytics capabilities include regulatory change management, data analysis, and data modeling and integration.

Integration of multiple governance, risk and compliance (GRC) disciplines on a single platform is a laudable goal, and the effort to achieve it by both vendors and their customer organizations is increasing. Notably, within the enterprise GRC (eGRC) space, integration occurs most often among the internal audit, financial controls and enterprise risk assurance functions. Conversely, the compliance function has been less inclined to integrate, due in part to the specific subject-matter expertise required for each of the compliance functions, which makes the broader risk and control sets documented by other groups less relevant to compliance teams.

Still, the Institute of Internal Auditors' (The IIA) position paper, "The Three Lines of Defense In Effective Risk Management and Control" (January 2013), offers valuable insight into why it makes sense to bring these functions together, at least on an aggregated level, even if subsets of information are contained in other source systems. According to the paper, convergence will enable the three lines (operational/business-line managers, risk and compliance functions, and internal audit) to coordinate activities, map assurance functions and perform independent validation.

But significant barriers to the comprehensive and successful integration of GRC technology across numerous groups remain. For example, many organizations continue to depend on multiple GRC technologies to fulfill different and specific departmental needs, and most organizations use different platforms for IT GRC and eGRC. Other obstacles include the lack of a unified GRC framework or a common language, the complexity of existing technologies, the lack of effective change management, and a lack of demonstrable return on investment (ROI).

Achieving convergence in the face of these obstacles requires technology capable of unifying an organization's policies, processes and infrastructure. In this slideshow, Protiviti has identified the key elements of a technology platform capable of doing so.

 

Related Topics : A Big Market for Big Data Jobs, Midmarket CIO, IT Management Automation, SharePoint, Technology Markets

 
More Slideshows

Fake news How Can We Fix the Fake News Problem?

Is fake news a security issue? Some say yes, as it can be used as a social engineering tool to spread disinformation and conceivably to get unsuspecting users to click on malicious links. ...  More >>

IT security skills 7 Top Skills for Security Pros

Executives at several top tech firms outline the skills they need now and in the near future, including IaaS and IoT security expertise. Other skills listed may surprise you. ...  More >>

142x105itbeusasecurity2.jpg 9 Predictions for Cybersecurity’s Role in Government and Politics in 2017

Experts predict how cybersecurity will affect and involve our government, policies and politics in 2017. ...  More >>

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.