The Policy framework module provides GRC Suite users with a single repository of all internal (or group) policies. Specific details of policies such as name, version, approval dates, next review date, policy owner, regulatory references, etc are stored and updated.
To ensure compliance with local regulatory requirements and/or expectations from a parent company, an “Entity-level Control” assessment module is available in the GRC Suite. This module will allow policy owners to assess the design of their policies and the extent to which they are operationally and by design effective in their organization.
Grace Connect Policy Management supports all policy during their entire lifecycle, such as:
– Identifying policy violations;
– Mnitoring policy review needs, logging updates to be processed according to a review cycle;
– Monitoring changes arising from the regulatory environment (e.g. new circulars or laws);
– Notifying all stakeholders in scope, in case of a new policy or a policy change.
There are various ways to look at an organization, especially depending on its size, complexity of products, and operating processes. The GRC Suite is designed to integrate a process view enabling users to map out its risks, controls, incidents, BCM business impact analysis, data quality issues, or audit findings linked to business processes.
The purpose of the GRC Suite is not to design processes, it is to ensure that GRC related modules are linked to processes. This will allow users to have a consolidated view on all related items cutting through a process. For smaller organization, a view per department is designed by default.
The Event Tracker is a unique module you will not find anywhere else. It embeds time management into the Grace Connect GRC Suite. The Calendar view ensures that all agreed deliverables (“Tasks” or “Audit findings”) are completed by their respective due dates (thus avoiding unnecessary overdue items).
This module is also designed to track all key Governance, Audit and Risk Committees as well as other meetings key from a GRC point of view. For example, Calendar items such as the approval of polices, presentation of risk dashboards, or compliance reports can easily be logged throughout the respective GRC suite module and reported through the Event Tracker and Calendar.
Tasks and audit findings flagged as high priority are directly linked to the calendar ensuring that business owners are organizing their work before the delivery date.
The graph below illustrates the full capacity of the GRC Suite – actions (“Tasks”) initiated in any modules are stored and tracked centrally and are accessible through a single point of control within the tool. This holistic view on Tasks provides users and management a clear insight on effort, workload, and remediation.
Silo-oriented organizations often rely on stand-alone monitoring of their actions, as they are originated for a specific purpose. The GRC Suite is designed to use all information to enable a comprehensive but effortless tracking of actions and timely resolution.
