SAS Enterprise GRC
SAS Enterprise GRC strengthens governance and trust with systematic management of risk. It detects and helps prevent violations, allowing you to align strategy with risk appetite. The solution builds a reliable view of risk compliance, facilitates collaboration between GRC teams and reduces the cost of risk management through automation. Benefits Demonstrates an effective implementation of the GRC framework. Enhances the quality of decision making across the organization. Reduces the likelihood of unpleasant surprises for all stakeholders. Enhances the efficiency and effectiveness of GRC processes. Reduces risk-related losses. Reduces the risk of regulatory compliance violations. Provides more reliable assurance to stakeholders. How SAS® Is Different Creates a common and integrated repository of all critical GRC components (e.g., risks, controls, policies, audits, etc.). Facilitates collaboration between various GRC teams, which will be difficult when the GRC components are in multiple systems. Reduces cost of risk management and compliance by reducing duplication of data and processes. Links all critical GRC elements, enabling you to easily visualize and assess the impact of a business decision in one part of the organization over other parts of the organization.
- IT.01 - Audit and Assurance Management
- IT.03 - Brand and Reputation Management
- IT.04 - Business Continuity Management
- IT.05 - Compliance Management
- IT.07 - Control Activity, Monitoring, and Assurance
- IT.16 - Information/IT Risk & Security
- IT.22 - Policy Mgmt, Communication & Training
- IT.26 - Risk Management
- IT.26 - Regulatory Intelligence and Monitoring
- IT.27 - Strategy, Performance, and Business Intelligence
- IT.28 - 3rd Party/Vendor Risk & Compliance
- A1. Identification
- D1. Detective Actions & Controls
- I1. Info Management
- M1. Context Monitoring
- O1. Commitment
- P1. Proactive Actions & Controls
- R1. Responsive Actions & Controls
- A2. Analysis
- M2. Performance Monitoring
- O2. Roles
- P2. Codes Of Conduct
- R2. Internal Investigation
- A3. Planning
- D3. Inquiry
- I3. Technology
- M3. Systemic Improvement
- O3. Accountability
- P3. Policies
- C4. Objectives
- M4. Assurance
- R5. Remediation
- P7. Risk Financing
Protiviti Governance Portal
The Protiviti Governance Portal is a comprehensive software platform that integrates content and commonly accepted frameworks with world-class consulting expertise that provides organizations with the visibility and insight needed to manage and mitigate critical risk and compliance issues today and in the future.
- IT.01 - Audit and Assurance Management
- IT.05 - Compliance Management
- IT.07 - Control Activity, Monitoring, and Assurance
- IT.16 - Information/IT Risk & Security
- IT.22 - Policy Mgmt, Communication & Training
- IT.26 - Risk Management
- IT.26 - Regulatory Intelligence and Monitoring
- IT.28 - 3rd Party/Vendor Risk & Compliance
- A2. Analysis
- M4. Assurance
- R5. Remediation
- (A) Assess
- (M) Measure
FIVE TIPS TO GET MORE BUSINESS BENEFIT FROM OPERATIONAL RISK resource Articles Member contribution
"The list from the regulators is growing!" "Our leadership wants to know if we're creating value beyond shuffling compliance paperwork." "The regulators keep asking questions beyond our risk framework." "The bank is changing faster than we can keep up, changing products and integrating acquisitions." "Our o
USSC, Amendments to the Sentencing Guidelines - Reader Friendly Version of Amendments (Aprill 28, 2011) resource Standards and Guidelines OCEG Reviewed
This compilation contains unofficial text of amendments submitted to Congress on April 28, 2011, effective November 1, 2011.
USSC, Notice of submission to Congress of amendments to the sentencing guidelines effective November 1, 2010. (May 2010) resource Standards and Guidelines
75 Federal Register 27388 (May 14, 2010)
Bribery Act of 2010, United Kingdom resource National Laws
The Bribery Act applies to both public and private corporations, and to individuals.
Why is GRC important? blog
I have been blogging about what GRC is, advocating the definition developed by the Open Compliance and Ethics Group, OCEG (see this and subsequent posts). But, I haven’t really talked about why the concept of GRC has value.
