GRC tooling: Configuring your GRC tools effectively for Managing risks assessments, audits, frameworks, reporting and workflow’s!
Powerful Governance tools like BWISE, Dell Technologies (RSA), IBM or even ServiceNow. Often – via workflow, in conjunction with both 1st and 3rd line parties are often a challenge to configure – in order to use effectively
Our vision on the use of GRC tooling is illustrated below:
In our vision, a GRC tool should have at least for kinds of repositories:
- A Risk Repository: containing all kinds of risks like compliance risks, business risks, operational risks, HR risks, ICT risks, continuity risks, etc
- A Control Repository: containing all kinds of controls similar to the risks mentioned above
- A Regulatory Requirements Repository: All Regulatory Requirements which apply to your business and ICT environment
These mentioned Repositories should be connected in a substantial Framework and be connected and align to each-other….e.g.:
