This service helps clients integrate 3rd party alert service provider systems with the Future Changes RU Register. All alerts are categorised, filtered and prioritised based on pre-determined client criteria. A combination of other services can then be used to help process agreed changes that are then moved into the Current RU Register once delivery is completed.
Our GRC Standard has a very specific methodology for handling future changes to the status quo that is being managed by the GRC operations in a company to keep it on track. It is important that there is a clear delineation between what is happening on the ground to keep things running smoothly – what we call the status quo – and anything that could disrupt this state.
This service focusses on a big area of potential disruption and that is the alerts that are generated about changes to regulations. This includes all changes to external obligations covered in our definition of regulations that includes legislation and international standards. It requires our Future Changes approach to be integrated with the alert service provider’s system so that all alerts are categorised, filtered and prioritised in a Future Changes RU Register based on pre-determined client criteria.
Our GRC Standard requires the setting up of a Future Changes RU Register for this purpose especially to deal with the need for keeping future changes separate from current regulations so that they can be managed discreetly and not have the one impacting the other in an uncontrolled manner.
Part of our GRC Standard also involves having a Future Changes agenda item that is handled by the assigned Governance Controller (GC) at the relevant client forum and is one of a number of Automated Standard Compliance Procedures (ASCPs) we create as part of our standard for processing each change.
At this forum, the Future Changes RU Register provides a view of all new alerts that are relevant in order for decisions to be made about management action plans that need to be taken.
Once a decision has been taken that an alert must be processed, there are various services that the client may use in a logical sequence to deal with each change, including the following:
- GRC-POS-01 Digitise Regulations & Detail Level Requirements (DLRs);
- GRC-POS-24 Provide Gap Analysis & Risk Assessment of Digitised Regulations;
- GRC-POS-25 Provide a Register of Rulings for Digitised Regulations;
- GRC-POS-26 Design & Implement Digitised Controls; and
- GRC-POS-11 Provide a Digitised GRC Monitoring Programme (GMP)
Where an alert requires a management action plan to be implemented due to the risk it represents to the business, it remains in the Future Changes RU Register and has all the required data captured for solving the risk. This includes the business controls, preventative maintenance routines, operational and design effectiveness monitoring, etc.
Once GRC operations and business are happy that the solutions are in place and working, the GRC data in the Future Changes RU Register is then transferred over to the Current RU Register and becomes part of the status quo. In this way, full change control is managed strategically to prevent unneccessary and unforseen disruptions occuring when alerts come in and need to be dealt with.
Request for Information
Should you wish to find out more about this or any of our other Portfolio of GRC Services or Solutions, please don’t hesitate to give us a call or email us. Our details can be found at the bottom of this screen or under Contact on the main menu.