Governance, Risk, and Compliance
Firms are rapidly adopting the view that an effective system solution for governance, risk, and compliance must go beyond risk assessment surveys, loss event databases, and op risk capital calculations. GRC issues and requirements exist everywhere and in every process – from human resources to front office to accounting to financial control to settlements. The demands of effective management of GRC drive the need for a strategic enterprise view, and an enterprise-spanning software solution. Specifically, there are four base elements that underpin any effective GRC solution:
Organizational Management and Accountability Definition
- Define and maintain complex, matrixed organizational structures and reporting lines
- Manage and define roles, staff assignments, responsibilities, and accountabilities
- Manage role-based user access privileges
- Maintain not just an audit trail of changes, but a full history of previous states
Business Process Management
- Document business processes
- Link processes to operational risk and SOX elements
- Design and automate workflows
- Automatically assign work items to appropriate individuals
- Define notification and escalation rules
- Mine completed process artifacts to identify operational risks and build risk exposure indicator metrics
Data Collection and Monitoring
- Integrate GRC processes with legacy source systems and relevant data formats
- Manage software system inventory and relationships
- Manage data source definition and automate monitoring of data feeds
- Attach supporting documents of all types to GRC data elements (loss events, risks, controls, issues, etc.)
- Track versions of key documents over time
- Satisfy document retention requirements
Centerprise’s GRC framework begins by addressing all of these requirements, providing a firm (and firm-wide) foundation for the functional GRC processes that depend on them.
Enterprise OpRiskCenter is a modular yet integrated solution built on the Centerprise GRC framework, and providing comprehensive support for Internal Loss Data Management, Risk and Control Self-Assessment, Sarbanes-Oxley (SOX) 404, and Issue and Action Plan management.
Where highly company-specific GRC requirements exist, customized solutions to address these requirements can be built rapidly and cost-effectively via extensions to the Centerprise GRC framework.