GRC - Governance, risk & compliance
Demands continuously increase on organizations to demonstrate how they govern and lead in order to achieve goals, meet requirements and comply with legislation. There are many examples of new regulations, such as GDPR, NIS Directive, Information Security Act etc..
Common areas within business management are strategic management and business plan, safety, work environment, quality management, information security, risk and continuity, environment and sustainability.
Digitalization is a growing area with the aim of streamlining operations, but simultaneously many threats and vulnerabilities might be discovered. Cyber-attacks that can disrupt entire businesses, handling sensitive information, sensitive control systems for e.g. electricity and water supply. Modern Governance systems need to be able to control the growing digital world.
There are several different frameworks and concepts in the area, including:
- COSO - Two leading frameworks, Enterprise Risk Management and Internal Control
- FISK - Regulation for Internal Governance and Control, is applied within public authorities
- GRC - Governance, Risk & Compliance. An industry area without a linked framework. Used by Gartner in market analysis, it is often applied in private business.
- ISO standards - Management systems in several areas, eg quality management, risk, information security.
Key activities for Governance & GRC
The iFACTS method is inspired by the frameworks above and is based on six main domains for business management & governance:
- Strategy - Based on vision, mission, long-term goals and assignments, strategies are designed for how the value-creating work is to be carried out.
- Governance - Includes policy, law and standards, contractual commitment.
- Objectives - These emerge on the basis of the strategy and business plan for each part of the organization. Includes both value-creating goals and requirements.
- Events - that occur and can affect goal fulfilment, such as incidents, deviations or threats & vulnerabilities.
- Risk management - Usually expressed as potential events that can affect goal fulfilment.
- Control - the purpose of control and audit is to provide reasonable assurance that objectives will be achieved.
Within each domain, processes have been defined and digitalized - an information model is created for the entire organization.
- All steps gathered in one integrated workflow
- All stakeholders in the business share the same data
- Eliminate manual processes via Excel for increased efficiency, traceability and transparency
- All stakeholders are involved in the process (board, management, operations, control)
- Portals for quick overview
- Implement step-by-step with the presently most important area. A full picture of the organization's operational management emerges at the decided pace.
- Easy start and early value creation
- High degree of scalability and flexibility
iFACTS has been a leading software solution for governance, risk and control since 1996. iFACTS software supports decision making based on relevant facts.