During analysis of each new DLR carried out under service GRC-POS-24, details of functional gaps in business operating models, impacts to PRSRs and entities with similar impacts are captured. This service then takes the input generated and helps clients design, build and implement business controls that are kept under change control.
Considering Fundamental Change in a Company (Target Operating Models)
There are various reasons why a company may need to go beyond the requirements of a particular piece of legislation to consider more fundamental changes to its operation.
Often it is not immediately apparent that fundamental change is required so each new set of requirements adds another layer of compliance effort and builds up an overhead in managing regulatory compliance that is not always well streamlined or optimal.
The Final Straw
Instead of reviewing the operating model each time changes are required to make sure it continues to be effective and efficient, the organisation waits until it is no longer able to maintain a level of control that is acceptable at a cost that is acceptable. A risk incident or serious breach may raise the issue of control fundamentals that are failing and only then does the squeaky wheel get the oil it needs.
Short Term Pain Long Term Gain
We advocate the development of detail requirements per legislation, standard and policy (regulation is what we call these three elements) that are logically grouped into workstreams so that the process of developing a Target Operating Model is made considerably more effective by looking at the entire regulatory landscape for the company for each workstream to see differences in risk, procedures, systems and other variables. This takes a lot of effort to build up but once in place is very little effort to maintain and every new regulation that gets added has this input generated as a standard.
Target Operating Model Questionnaires
For specific legislation that is pervasive and a major paradigm shift, we assist companies in developing a set of questions that look at the structures and processes of the company that underpin each of the requirements of the legislation. It requires a particular way of viewing each requirement to illicit the right thinking about the changes required. We then facilitate the process of developing a Target Operating Model as part of the implementation plan for a regulatory change initiative.
Protection of Personal Information Questionnaire
We have produced such a questionnaire specifically aimed at the Data Protection or Protection of Personal Information legislation and have built it into one of our TP-RCS modules for use during the facilitation workshops conducted for developing a Target Operating Model – see our Regulatory Risk Solution for more details.
Request for Information
Should you wish to find out more about this or any of our other Portfolio of GRC Services or Solutions, please don’t hesitate to give us a call or email us. Our details can be found below or under Contact on the main menu.