Enterprise modeling as a basis for a successful GRC implementation

Because of the increasing business linkages in the global market, Governance, Risk & Compliance (GRC) moves more and more into the focus of entrepreneurial activity. Often the term GRC is equated with the sub-tasks of controlling or with installing individual IT-based island solutions in the business. The reason is to cover individual legal or corporate guidelines and rules (such as SOX and Basel II). Essentially, this approach leads only to disproportionate costs while obtaining current but incomplete statements on target fulfillment, risk and compliance. One of the reasons for this is that a departmental transparency and enterprise-wide integration of all relevant processes in a complete GRC solution are necessary and in general these are found in very few cases.

Successful GRC implementations therefore need a detailed method-development with business models in order to achieve the necessary transparency. Only then, optimally tuned processes and therefore professional requirements on a GRC solution can be worked out. Supported by a method perfectly matched, GRC components can be analyzed, conceptualized and implemented into an integrated solution.

Visualize business processes, document risks and hazards and derive controls

Horus supports sustainable business modeling with an optimally adapted approach method and model types that are specifically oriented towards business modeling.

During the actual as-is analysis information such as goals, strengths, weaknesses, risks and key figures identified are graphically displayed and set in relation to each other. This information is incorporated in dedicated available model types (process model, risk model, organization model, object model, metrics model or rule model) of the Horus Business Modeler, and is set into relation. Horus provides a consistent documentation and supplies approaches for quality assurance and optimization of analyzed business processes by analysis and simulation. The subsequent target concept is based on the results of the as-is analysis, and with the involvement of industry-specific reference models such as the Horus Knowledge Bases, optimizations can be carried out and the development of an efficient GRC system is ensured. Risks and dangers for a company are made transparent so that the necessary controls can be derived and documented for the setup of a GRC system.

Understanding weaknesses and risks, defining controls and implementing them in a business context: The Horus GRC Manager

In the prevention of risks and compliance violations lies the key to significant cost savings and successful action on the market. To achieve this it is necessary to understand risks and make them transparent in the company. That is the only way to collect further information on risks regarding the different views on GRC. By using the Horus GRC Manager, the relevant information is stored in an overview and the resulting controls can be recorded, assigned, and monitored.

The complexity of a GRC-concept design can be minimized with the Horus Method and Horus tools and therefore it holds no additional risks for corporate governance. Confidence and acceptance of the company are not only guaranteed with the management and employees, but also with customers, suppliers and investors.

 

Read the White Paper: Governance, Risk Management and Compliance (GRC): Business Process Transparency as a central component of a future-oriented GRC Solution