One of the most important tools for helping Governance Controllers (GCs) do their job is an expert system for them to rely on that removes the human element as far as possible and reduces the risk of human error. To harness this tool, our service captures every duty of every GC in what the GRC Standard terms Automated Standard Compliance Procedures. These ASCPs work in conjunction with the Preventative Maintenance Routines (PMRs) for each control covered in GRC-POS-04.
People Dependency Challenges
There are lots of good reasons why you don’t want to rely too heavily just on the professionalism and dedication of your key role-players in the GRC operations of your company to drive what needs to be done to achieve an acceptable level of compliance and to limit your risk. This is because the risk landscape we have seen our clients grapple with over the past two decades has become far too complex with far too much room for human error.
Unless companies harness the power of technology to help simplify the management of this landscape, there is going to be a growing risk of things being overlooked with the potential of damaging consequences. Automated Standard Compliance Procedures are a key contributor to reducing cost, complexity and risk, given the considerable human element associated with GRC operations.
Plan-Action-Review-Attest Compliance Monitoring
We advocate the automation of many of the tasks that make up a company’s compliance framework. Our model uses the Three Lines of Assurance and the Plan-Action-Review-Attest (PARA) GRC Monitoring framework. Our service in this regard deals with helping clients structure their compliance model around these frameworks and automating the tasks involved by setting them up in their own compliance management system or adopting our system (see the T-GRCS system under GRC Software for more details). Either way, we provide the service for setting this up.
An Expert System for Governance Controllers
At the heart of this service is the identification of Governance Controllers – those managers tasked with every facet of GRC oversight in the organisation from internal audit, risk, legal, compliance, IT security, training, policies and standards and more – across the entire organisation. In conjunction with this control group, is the development of benchmarked Automated Standard Compliance Procedures for each role in this group that creates an “expert system” and ensures proper integrated control, consistency of standards and continuity.
Once the various components of the GRC Standard have been established, we can integrate them into a purpose-designed tool we call MY COMPLY. It is an application that resides on the desktop / mobile phone of every GC and drives their full set of accountabilities – what, when, where and how – with reminders and tracking functionality.
To harness this tool requires every duty of every GC to be captured using the GRC Standard approach to Automated Standard Compliance Procedures. Just like the PMRs, these ASCPs are typically set up during GRC change initiatives, such as the introduction of new or changes to existing regulations, and are designed to reduce the dependency on people. A key selling point is that subject matter experts that companies are dependent on to deal with complex new regulations can be backed up by ASCPs and PMRs to ensure continuity and ultimately replace these resources that are often only contracted in to deal with the new requirements and then move on.
Request for Information
Should you wish to find out more about this or any of our other Portfolio of GRC Services or Solutions, please don’t hesitate to give us a call or email us. Our details can be found at the bottom of this screen or under Contact on the main menu.