Datasheet
Systematic application of a GRC solution leads to a process that constantly
deepens management’s understanding of what is going on in a business and
increases their confidence that risks are being managed. Figure 1-7 shows
how this leads to a closed-loop system of constant improvement of GRC
processes.
With such a process of continuous improvement in place, companies get the
most important benefit that they are seeking from GRC—the peace of mind
that comes from knowing that financial information is accurate, risks are
being managed, regulations are being complied with, and that the probability
of nasty surprises is as low as it can be.
1. Risk Identification
• Identify risks
and controls
6. Prevention and Continuous
Monitoring
• What-if analysis
• Deficiency prevention
5. Testing and reporting
• Control testing
• Progress
monitoring
• Report on
exceptions and
deficiencies
Risks
Controls
Financial IT GRC
Global
Trade
Environment,
Health, and
Safety
2. Automated Risk Analysis
• Implement risk rules
based on controls &
organizational goals
4. Remediation and Mitigation
• Resolve identified
control violations
• Document mitigating
controls
3. Detect
• Detect violations
• Remediation
Figure 1-7:
A closed-
loop
process
of GRC
improve-
ment.
37
Chapter 1: The ABCs of GRC
05_333174 ch01.qxp 4/4/08 7:15 PM Page 37