The business world is experiencing unprecedented levels of market uncertainty and volatility, combined with economic shocks and corporate scandals.
In order to manage through these challenges, organizations are seeking to get a better measure of how objectives, obligations and operations interrelate, and how the business should be monitored and controlled through information and technology. The term GRC (governance, risk and compliance) is used to describe "the capability that enables an organization to reliably achieve objectives while addressing uncertainty and acting with integrity; including the governance, assurance and management of performance, risk, and compliance" (Open Compliance and Ethics Group).
For an organisation to be able to do this corporate governance systems should be implemented so that governance, risk and compliance (GRC) becomes part of the framework that integrates business architecture, process, people and technology:
- Business architecture: GRC starts with understanding the strategy, objectives and policies of the business; this enables performance and reporting metrics to be set.
- Process: an enterprise operates through processes, therefore these must be included so that governance and compliance goals can be set, and risk thresholds identified.
- People: compliance can be more easily established if roles and responsibilities are clearly defined; well-defined roles make risk management easier.
- Technology: an integrated system is required that not only ensures operational transactions align with controls, but also manages the execution of processes, administers role permissions and access, and handles how information flows.
GRC and Business
|Governance||Oversight role and the process by which companies manage and mitigate business risks; includes enterprise performance, integrated reporting, reliable and timely information|
|Risk Management||Evaluate all relevant business, regulatory and external risks and controls ; implements preventative actions and monitors actions|
|Compliance||Assure compliance reporting and adherence to recognized and regulatory standards; monitor process and workflow management, integrated reporting, ensure role permissions and access align with policies|
In terms of GRC controls and reporting, SYSPRO can offer the following solutions:
|GRC Requirement||SYSPRO Solution|
|Business architecture analysis and documentation||Quantum Architecture, Process Modeling|
|Process compliance and risk management||Process Modeling, Workflow Services, Executive Dashboards, Fixed Assets, Inventory Forecasting and Optimization|
|Risk control and compliance oversight||Role-based security, e-Signatures, Executive Dashboards|
|Compliance reporting and monitoring||Executive Dashboards, Reporting Services, e.net Solutions, statistical General Ledger accounts|
|Integrated reporting||Reporting Services, e.net Solutions, statistical General Ledger accounts|
|Governance monitoring||Analytics, Executive Dashboards, E-Signatures, Commitment Accounting, Assets module|