GRC Explained

GRC Cornerstones

Governance, risk management and compliance are three distinct disciplines that have generally existed in silos within organisations.

However, many commonalities and interrelationships exist between these three disciplines and so organisations are now looking to manage the associated supporting measures, mechanisms and processes in a coherent way.

This unified approach, known as 'Governance, Risk and Compliance' or 'GRC', is creating efficiencies, supporting seamless and agile management, providing a transparent and holistic view of the organisation and ensuring accountability.

GRC drives commercial benefits that include:

  • More cost effective use of resources and asset utilisation for growth & business flexibility
  • Improved ability to efficiently analyse & address risks
  • Improved audit posture and reduced compliance reporting costs

As a result GRC directly impacts the bottom line of the organisation.

Flexeye believes that there are four key cornerstones within this domain, illustrated in the diagram above and described below.




GRC Communication

GRC dashboarding – The ability to provide a dynamic personalised view of the state of GRC to help support decision making.

Compliance reporting – The ability to roll up compliance reporting in a form that is acceptable to auditors to reduce the cost of compliance reporting.

GRC Control & Policy Management

Controls and policy mapping – The fundamental ability to map an organisation's specific controls and policies into defined control objectives.

Policy distribution and attestation – Supporting the distribution of relevant policies and managing the attestation process.

IT control self assessment and measurement – The ability to create, distribute and manage control assessments in the enterprise.

GRC Asset Management

GRC asset repository – The ability to define IT assets and group them according to the business processes they support and classifying them appropriately.

Automated general computer control collection – The ability to import or directly measure configuration settings, vulnerability, identity auditing information and other GCC control information.

GRC Remediation

Remediation & exception management – The ability to track the life cycle of identified gaps and authorised exceptions.

back

“Since Brookcourt came into the picture, we have experienced many benefits. Most notably, they provide us with a broader vision of options for technology and solution to meet the needs of our campus environment. The team from Brookcourt is helpful, professional and competitively priced. Simply stated, they’ve been brilliant!” Colchester Institute - Elearning Network Manager                      ”Our business has grown dramatically and Brookcourt Solutions has been able to scale their support accordingly. We have found the team to be extremely responsive and dependable, and their professionalism and knowledge has made them a true business partner." The Hospital Group - IT Support Manager                      "Since Brookcourt came on board, they have provided proactive account management and have proved willing to offer advice for the development of the service provided by Pace's IS function." Pace Petroleum - Manager, Information Services
© Copyright 2005. Brookcourt Solutions Ltd 
      Privacy 

Home | About us | Solutions | Cool Tech | Services | News | Contact us