Controls are the cornerstone of risk remediation. There are complex relationships between gaps in business operating models that raise risk levels and the Processes, Records, Systems and Roles (PRSRs) that are applied to controls to resolve these gaps. Our service captures the specification for each control and takes care of this integration complexity.
Business Control Optimisation & The Five Building Blocks
Having a smart solution for optimisation of business controls is crucial because of the costs to the bottom line that these add to a business and the risks the business is placed under when they don’t work.
When we talk about our solution reducing cost, complexity and risk, this is a key area for optimisation that can achieve such benefits. It requires foundational work to derive these benefits. Here we are talking about digitisation of your business controls using our GRC Standard with its bespoke methodology.
To manage the enormous volume of GRC data processed, we have designed a relational database using the key building blocks shown in the diagram.
Each building block fulfills a key role in delivering the meta data and relationship details for the thousands of fields that make up the full data architecture of our GRC solution. Elements of all of these building blocks are required to optimise business controls as described later. The starting point is to capture the data for the controls using our methodology and tools.
There are numerous variables that get managed to deal with business controls. What makes up its specification, which of these aspects (what we call data elements) need to be under change control due to their propensity to change and create a potential risk to the business, what are the effectiveness measures for determining if their design and use is meeting specified requirements, how often do they need to be reviewed, who does the reviews and what do they entail, etc., etc.
We provide our clients with the tools for capturing the data elements that make up the specification for a business control – more on this later.
We also provide our clients with standard templates for the development of design and operational effectiveness measures for each business control, along with preventative maintenance routines to be followed for keeping the business controls on track.
Also, what is part of our assurance model is the capturing of Governance Controllers responsible for 1st and 2nd Line of Assurance and their activities related to the operation and design reviews of the business controls they are responsible for, and Automated Standard Compliance Procedures to specify what these activities entail.
There are other details that also get captured during this digitisation process to form the foundation for future business control monitoring and maintenance.
Simplifying The Complex
Our design schematic for what a business control specification is made up of can be very daunting to apply if you are considering managing controls using a manual approach.
One of our primary objectives with T-GRCS is to digitise, integrate and automate GRC operations by harnessing technology and, in the process, enabling what is complex to be much simpler to achieve.
We provide the tools for our clients to be able to take a rigorous approach to optimise their business controls that requires more complex data processing and change management than would otherwise be possible.
In the process, it takes care of the intricate relationships between the key change factors impacting business controls, namely:
- Changes to regulations that create gaps in business operating models that are considered of high enough risk to put controls in place to mitigate them;
- Changes to the Processes, Records, Systems and Roles in the business operating models where the gaps arise; and
- Changes to the level of effectiveness of business controls due to operational failings or problems with design.
What follows are some insights into key templates that are part of the tools we use to digitise business controls for clients.
Business Control Specification Template
We have incorporated the essential aspects of what makes up a business control to be sure that the many disruptive changes that can occur are able to be managed in an automated manner once the data has been captured and fully integrated.
We have achieved this by grouping into three major areas all the data required. This is reflected in the previous diagram by the blue, green and purple colour-coding.
The first area deals with Risk & Change Control Details and covers the following:
- Business Control Primary Details;
- Detail Level Requirements;
- Operating Model Functional Gaps; and
- Change Control Details.
The other two areas cover Design Specification Details and Governance and Sustainability Details and also have specific content that is required.
There are 11 steps that are followed to capture this content in a logical and systematic manner for each business control.
This sets the baseline for being able to monitor business controls and manage changes that could cause residual risk creep in the organisation.
Request for Information
Should you wish to find out more about this or any of our other Portfolio of GRC Services or Solutions, please don’t hesitate to give us a call or email us. Our details can be found at the bottom of this screen or under Contact on the main menu.