GRC & Chill: Kickstarting Your Risk Management with Quantification
In this episode of GRC & Me, Megan Phee talks to Netflix's Senior Information Security Risk Engineer, Tony…
When implementing a compliance program, simply documenting corporate controls does not necessarily mean your organization will be able to reduce operational risk or potential damaging losses. There are often vast differences between how compliance executives and CXOs view a particular business process versus how it actually operates on a day-to-day basis.
When employees can easily bypass policies and procedures because no systematic controls are in place on your business processes, your organization is at an increased risk of not following internal board directives, violating regulations, and ultimately government fines. Given the current highly regulated environment, a new approach is required to effectively deal with compliance challenges.
To effectively manage Governance, Risk and Compliance (GRC) compliance officers need to understand the processes within their department or organization.
Once they understand the core business activities that occur, they can then quantify the risks in each process, document and embed controls within the business, and establish intelligence metrics to track compliance. This approach to GRC not only decreases risk, it also lowers the cost of preparing for external and internal compliance audits and enables faster adoption of new regulations, internal directives, and guidelines.
A process driven approach to GRC has several core elements.
- Collaboration on a technology platform to map risks and controls into enterprise process models to more efficiently manage compliance.
- Compliance officers and business stakeholders model key business process activities and embed corporate controls as systematic, technology driven checks within the process.
- Using process intelligence to measure results, detect compliance exceptions, and guide dynamic process improvement.
- All information is stored in a central repository to support data delivery and reporting, eliminating the chaos created by spreadsheets, email, and shared drives.
- Access to information is transparent such that requests from regulators and auditors do not cause panic and disrupt normal business activities.
- Internal dashboards are created from compliance and process information to give department heads and company leadership a holistic view of the GRC landscape at the company.
The process driven approach decreases risk and at the same time makes every GRC project a potential process improvement project. This is a new way to think about governance, risk, and compliance as a driver of process efficiency and excellence.
The LogicGate platform was specifically designed to build GRC solutions using a process driven approach.
LogicGate allows compliance officers and department managers (who know their lines of business and processes the best) to create and modify GRC applications that connect people, processes and data across the organization – empowering them so they are no longer at the mercy of corporate IT or application vendors for support as their business changes.
To learn more about process driven GRC on LogicGate.
