The business world is experiencing unprecedented levels of market uncertainty and volatility, combined with economic shocks and corporate scandals.
In the Eye of the Storm Viewpoint
In order to manage through these challenges, organizations are seeking to get a better measure of how objectives, obligations and operations interrelate, and how the business should be monitored and controlled through information and technology. The term GRC (governance, risk and compliance) is used to describe "the capability that enables an organization to reliably achieve objectives while addressing uncertainty and acting with integrity; including the governance, assurance and management of performance, risk, and compliance" (Open Compliance and Ethics Group).
For GRC to work properly, it must be part of a framework that integrates business architecture, process, people and technology.
- Business architecture: GRC starts with understanding the strategy, objectives and policies of the business; this enables performance and reporting metrics to be set.
- Process: an enterprise operates through processes, therefore these must be included so that governance and compliance goals can be set, and risk thresholds identified.
- People: compliance can be more easily established if roles and responsibilities are clearly defined; well-defined roles make risk management easier.
- Technology: an integrated system is required that not only ensures operational transactions align with controls, but also manages the execution of processes, administers role permissions and access, and handles how information flows.
|GRC and Business
||Oversight role and the process by which companies manage and mitigate business risks; includes enterprise performance, integrated reporting, reliable and timely information
||Evaluate all relevant business, regulatory and external risks and controls ; implements preventative actions and monitors actions
||Assure compliance reporting and adherence to recognised and regulatory standards; monitor process and workflow management, integrated reporting, ensure role permissions and access align with policies
In terms of GRC controls and reporting, SYSPRO can offer the following solutions:
|Business architecture analysis and documentation
||Quantum Architecture, Process Modeling
|Process compliance and risk management
||Process Modeling, Workflow Services, Executive Dashboards, Fixed Assets, Inventory Forecasting and Optimization
|Risk control and compliance oversight
||Role-based security, e-Signatures, Executive Dashboards
|Compliance reporting and monitoring
||Executive Dashboards, Reporting Services, e.net Solutions, statistical General Ledger accounts
||Reporting Services, e.net Solutions, statistical General Ledger accounts
||Analytics, Executive Dashboards, E-Signatures, Commitment Accounting, Assets module
Industry Week Article