GRC Tooling

GRC tooling: Configuring your GRC tools effectively for Managing risks assessments, audits, frameworks, reporting and workflow’s!

Powerful Governance tools like BWISE, Dell Technologies (RSA), IBM or even ServiceNow. Often – via workflow, in conjunction with both 1st and 3rd line parties are often a challenge to configure – in order to use effectively

Our vision on the use of GRC tooling is illustrated below:

In our vision, a GRC tool should have at least for kinds of repositories:

  • A Risk Repository: containing all kinds of risks like compliance risks, business risks, operational risks, HR risks, ICT risks, continuity risks, etc
  • A Control Repository: containing all kinds of controls similar to the risks mentioned above
  • A Regulatory Requirements Repository: All Regulatory Requirements which apply to your business and ICT environment

These mentioned Repositories should be connected in a substantial Framework and be connected and align to each-other….e.g.: