top of page

    Corporate Governance (Governance, Risk and Compliance – GRC – Software)

 

  • When considering the implementation of a governance, risk and compliance (GRC) management software platform, it may be productive to develop a GRC management software assessment framework, itemizing the specific points the GRC management software platform should address, based on any perceived weaknesses in the existing GRC framework of the enterprise, such as; engaging all relevant stakeholders within the enterprise (from data input administrators to end users to executive management) to solicit their input as to what they may feel is necessary to improve the GRC data dissemination and mining process; identifying any existing deficiencies in the data gathering capabilities of the existing GRC framework (such as: existing manual operations that could be automated, eliminated or streamlined; missing critical data; duplication of data gathering efforts, with resulting duplicate data; implementation of data mining capabilities for gathering data from data-heavy sources, such as emails, reports and the like); performing a cost-benefit analysis to determine whether any potential cost savings from the increased efficiency of the new GRC platform might be outweighed by the total expense of implementation over an appropriate amortization period; planning to allow agile scalability of the new GRC platform once-implemented, throughout the anticipated life of the new GRC platform; standardizing all processes relating to the management and usage of the new GRC platform; verifying that there is a robust corporate framework in place of controls, corporate policies, data usage guidelines, risk framework, security policies, user policies, and the like, to support the internal usage of the new GRC platform throughout the enterprise.

  • Procurement, recommendation, research, sourcing, specification, testing and use of various governance, risk and compliance (GRC) management software platforms (used by business entities to improve their risk profiles through tasks such as: assessing, cataloging and mitigating business-specific risks; delivering training sessions to management and personnel; disseminating compliance tools and risk information to employees; due diligence exercises; ensuring compliance with corporate policies; performing compliance audits; providing for efficient business continuity planning; third-party risk assessment compliance; testing risk management methodologies; and the like), such as: AdaptiveGRC; Apptega; C1Risk; Diligent; Enablon; Fusion Framework System; Galvanize HighBond; IBM OpenPages; LogicManager; MetricStream; Nasdaq BWise; Navex LockPath; Navex RiskRate; OneTrust; Oracle GRC; QT9 QMS; Riskonnect; RSA Archer; SAI Global Compliance 360; SAP GRC; ServiceNow GRC; StandardFusion; SureCloud; VComply; Workiva; ZenGRC.

    Progress_Page_Last_Updated_220827_1549

bottom of page