GRC and Sustainability

GRC Compliance Model

One of the most commonly accepted frameworks to achieve a unified GRC (Governance Risk and Compliance) approach is the GRC Capability Model as defined in the OCEG (Open Compliance and Ethics Group) Red Book. The model views GRC as a single activity with a set of detailed practices and components and is the cornerstone for any corporate sustainability initiative.

The BPS Resolver Integrated GRC platform provides the technology to support many key elements of the OCEG GRC Capability Model and helps organizations achieve a common language and collaborative environment. The OCEG framework is broken down by Practices that are summarized below (see OCEG for more detail). Each GRC Practice is mapped to BPS Resolver’s feature set in the table that follows.

OCEG GRC Element BPS RESOLVER GRC Features
CULTURE AND CONTEXT Our offering allows the organization to focus on defining a balanced set of measurable business objectives that are aligned with vision and values:
Culture plays an integral role in GRC performance within an organization. GRC is no longer being viewed as an “add-on” to normal business activities but rather as a business philosophy that is infused into the culture and its operations.
  • Powerful tools to identify and document key organizational structures, cross functional teams, key human capital and technology assets, as well as business processes, products and physical assets.
  • The ability to cascade high-level business objectives, policies and requirements to assurance roles such as internal audit.
  • Analytical reporting and assessment tools that support “tone at the top” rollups of the overall risk environment.
  • The ability to set various indicators within the platform and help establish targets to ensure business objectives are met within defined tolerances.
ORGANIZE AND OVERSEE BPS RESOLVER recognizes the importance of this practice and features a number of product capabilities that help promote GRC program transparency and accountability
For an organization to have a successful integrated GRC program it must communicate clear mission and objectives, define organizational roles and determine the implementation scope of the GRC system.
  • A leading organizational modeling facility allows users to develop templates for communicating organization’s objectives, vision and values.
  • A single application with configurable modules fits the organization’s implementation scope – phased vs. enterprise wide – while providing embedded project management and reporting and logging facilities.
  • Key roles benefit from features such as: risk analysis and aggregation, compliance risk assessment, controls and internal application management and all related assurance activities such as Internal Audit.
ASSESS AND ALIGN BPS RESOLVER supports assessment and alignment through a number of features:
Assessing risks and aligning the GRC program with business processes is a central component of any GRC initiative. Defining a GRC process model and ensuring that it integrates with the existing business planning activities can accomplish this. The GRC system should offer a portfolio of initiatives, tactics and activities that relate to organization’s moving parts and operational model.
  • Strategic planning and collaborative group decision tools for distributed teams
  • Activities can be balanced and prioritized against corporate goals and regulatory requirements.
  • Definition and categorization of risks and their impacts, as well as interrelationships across multiple aspects of the organization.
  • Cross reference assessment programs to any part of the risk management or GRC framework.
  • Define, schedule and link key risk data collection and assessment activities.
  • Each set of activities can be rolled up into projects or initiatives that are tracked and visualized as a portfolio.
  • Remediation and change management tools that are integrated to ensure that findings are actionable and that change is driven in an organized and prioritized fashion
PREVENT AND PROMOTE BPS Resolver is the system of record that stores the information people need to refine a proactive approach to managing risk in their operations
By developing an integrated implementation and management plan GRC activities can be optimized to promote and motivate desirable conduct. These can also prevent undesirable events and activities using a mix of controls and incentives.
  • Create multiple planning templates that promote best practices and awareness, as well as aligning risks and controls with business policies and resources.
  • The system provides a clear mapping of controls and risk coverage and how they relate to operational processes.
  • Review, revisit and expire old policies and promote ones that address current risks and objectives.
  • Link information to existing and proposed standards and guidance that affect the company’s GRC requirements and track the activities related to these requirements.
DETECT AND DISCERN BPS Resolver has some of the most widely used risk identification and visualization features
Being proactive in detecting potential risks, losses and undesirable conduct is key for any organization. By providing streamlined methods of gathering data and analysis techniques, organizations can detect and diffuse potential concerns.
  • Consolidate and visualize enterprise data risk data with simple to use reporting and mining tools.
  • Analyze control and assessment findings, loss incidents and more through a rich library of reports and dashboards.
  • Enterprise workflow technology ensures optimal information delivery and real-time
  • Notification capabilities helping maintain and prioritize focus.
  • Risk identification system gathers information from distributed groups and consolidates results
  • Create and manage information about detective controls across the company.
RESPOND AND RESOLVE Strong process and project management functionality within BPS RESOLVER support this practice:
Process failures and loss events can occur in any organization. Having a nimble process, data, and the tools to analyze and understand root causes is crucial in order to resolve and prevent similar issues in the future. Users need to have confidence in the GRC system and process so that they can easily report and respond to issues effectively while ensuring the privacy and confidentiality of the data during the investigation and analysis phases.
  • Capture and categorizes compliance exceptions, audit findings, control failures, risk indicators, incidents and loss events based on the client’s specific set of corporate taxonomies.
  • Streamline and manages the creation of action plans with full issue tracking capabilities while ensuring appropriate confidentiality of information through the use of a sophisticated roles and user privileges manager.
  • Audit trails and detailed reporting provides the analytical insight to aid the organization in refining processes and corrective controls in order to resolve and mitigate future concerns.
  • BPS RESOLVER is built to aid both internal investigations and those conducted by regulators and external auditors.
  • Templates to support crisis response and disaster recovery scenarios.
MONITOR AND MEASURE The architecture of the BPS RESOLVER product promotes rapid responses to changes in the context in which it operates, ensuring that risk exposure is minimized and key controls provide proper coverage
Organizations need to periodically evaluate and modify the GRC system to ensure it contributes to evolving business objectives while remaining effective, efficient and responsive to the changing environment.
  • Assessment capability is used to survey business stakeholders providing feedback on the effectiveness of the GRC program as it relates to them.
  • Standardized reports that help identify areas that have too heavy or too light a control paradigm.
  • Facilities that enable test of design workflows.
  • Support for advanced Extract, Transfer and Load (ETL) technology capable of importing and synchronizing external data (such as regulatory changes and new policy and guidelines) into the GRC framework.
  • The most comprehensive internal assurance (internal audit management) and reporting tools available to enable feedback to the board and management on the effectiveness of the GRC program.
  • Support for the principals and procedures available in the OCEG Burgundy Book.
INFORM AND INTEGRATE
At the center of the Capability Model is the ability to capture, document and manage information accurately across the organization as well as external stakeholders. The flow of information needs to efficiently cross functional areas and provide value to its targeted audience.
  • A consolidated repository linking templates, risks, controls, assessments, and key artifacts across the organization.
  • Flexible and secure workflow, notifications and data views promotes transparent flow of the data while ensuring that the appropriate stakeholders have access to the information they need.
  • Organization modeling facilities that ensure the right person gets the right information at the right time.
  • Over 100 reports and notifications refined through hundreds of engagements with top tier clients

We guarantee that you will be impressed with our references

To request more information about BPS Resolver’s GRC solutions, contact us now. To speak with a BPS Resolver representative, call us at 1-888-891-5500.

Read More About: