Provide a Current Regulatory Universe (RU) Register
This service helps clients by taking the thousands of records, associated with their many current regulations and extracted DLRs, and providing the processing of this data into a multitude of different views – such as heat maps per business unit for inherent and residual risk, content groupings e.g. Data Privacy and AML, jurisdictions, etc. This service supports various types of GRC Risk Management Plans in conjunction with GRC-POS-12.
Provide a GRC Library
We help clients consolidate into a central library all regulations and other digitised GRC external reference documents, along with their internal governance documentation, to create a sizeable knowledge base with considerable value including instant access to information from smart categorization and filing, search engine capabilities and version control.
Provide Governance Documentation Mapping to High-Risk DLRs
Governing Bodies of companies need to demonstrate to Regulators that their regulations have been internalised and to do this our service audits the links between all high-risk DLRs in the regulations and the internal governance documentation of the company through a mapping process. This service works in conjunction with GRC-POS-05 and GRC-POS-09.
Provide a GRC Monitoring Programme (GMP)
The GRC Monitoring Programme (GMP) is like the service manual for your car, made up of a set of digitised Preventative Maintenance Routines (PMRs), derived from all the controls, and a schedule of how often they must be performed and by who, in order to achieve an error-free experience. Our GRC Standard has a PARA Monitoring Cycle of Plan-Action-Review-Attest and this is the Plan step that generates and maintains the GMP.
Provide Reviews of the GRC Monitoring Programme (GMP)
One of the main reasons for needing to do reviews of the GMP is that a selective monitoring approach is often used by clients due to limited resources. PMRs are prioritised based on various risk criteria that are assessed periodically and this service then creates various types of GRC Risk Management Plans (e.g. CRMPs) based on these changing priorities.
Provide Control of GRC Disruptors
There are four primary GRC disruptors that our service is designed to help clients manage in an integrated way – risk events, complaints, changes to operating models and external regulatory obligations. This is part of the Action stage of the PARA Monitoring cycle as these disruptors can happen at any time and the business needs to be set up to tackle them as an integral part of the broader GRC Standard.
Provide Automated GRC Monitoring
The other half of the picture for an error free experience mentioned in GRC-POS-11 is the dashboard. This service provides for the incremental development of automated monitoring for each client. It represents the culmination of all the digitisation efforts and integration and automation engineering that is applied to deliver the GRC monitoring “nerve centre”.
Provide Automated GRC Reporting
An extension of Automated GRC Monitoring in GRC-POS-14 is the outputs that are flagged and reported on when certain thresholds are breached. Our design provides for the customisation of these thresholds and the details and manner in which breaches are then handled using a severity rating and escalation standard.
Provide a GRC Integration Hub
Automated monitoring (GRC-POS-14) relies heavily on access to the many sources of application data required for providing the feeds. It requires a rules based approach that can be applied at the source of the processing and this introduces significant complexities that interface technology can provide incrementally through this service.
Provide Integration of Enterprise Solutions
Due to the enterprise nature of our GRC monitoring solution and the fact that it deals with every operating model in a company, together with the rules that drive them, an essential service is to integrate existing client enterprise solutions within the different operations that are necessary for delivering a complete solution. This is an extension of GRC-POS-16.
Provide Integrated GRC Task Planning & Control
There are numerous services that generate tasks that are crucial for delivery of required outcomes. This Task Planning & Control service is part of our underlying platform and provides the functionality for each service to manage the tasks that are required. It uses a unique GRC component breakdown structure so that it is possible to provide a status on efforts and the history relating to each of these components.
Provide Integrated GRC Forum Planning & Administration
There are various strategic forums the GRC functions support in the company that are crucial for setting direction and generating important outputs in the form of deliberations, decisions and actions. This service provides a common framework for how GRC functions and the governance structures work together for inputting, processing and outputting vital information to govern the company.
Provide a GC Desktop Assistant
Services GRC-POS-06 and GRC-POS-07 covered the digitisation of Governance Controller (GC) details and their ASCPs. This is part of the key data in our desktop assistant we call MY COMPLY that this service helps clients set up. It provides a go-to, expert system for helping GCs manage all aspects of their job and includes notifications, task reminders and other essential information directly related to their responsibilities.
Provide a GRC Forms Factory
To ensure consistency of approach, our GRC Standard has hundreds of forms and templates used throughout the many services in our portfolio. Attestation forms, reporting layouts, and PMR, ASCP and business control specification templates are but a few examples. This service helps clients introduce a Forms Factory with these items under strict change control.
Request for Information
Should you wish to find out more about any of the products or services covered on our website, please don’t hesitate to give us a call or email us. Our details can be found at the bottom of this screen or under Contact on the main menu.