Governance, Risk and Compliance (GRC)
Governance, Risk and Compliance (GRC) is a vital practice to support every organisation. In many cases there are legal and regulatory requirements and even if this is not the case, the principles are underpinned to most functions throughout a company of any size. However, over time and as a business grows, the ability to accurately track and monitor the mass of data required becomes more difficult. Using this data to benefit your organisation requires precise strategies. It must be fuelled by the correct resources in different departments, and it must then be communicated to the correct stakeholders for future planning and change management considerations.

85% of organisations surveyed stated that they would benefit from automated tools and technology for their GRC activities.
*Based on research conducted by Deloitte
Introduction to GRC tools
For an organisation beginning the procurement journey or wishing to replace their current provider, it is important to understand what a GRC tool may offer.
- Risk Analysis
Focussing generally on risks and incidents to track mitigation and remediation or acceptance. - Policy Management
Document management that incorporates the policy life cycle, mapping policies to business objectives and considering risks and controls. - Compliance Database
Managing the functions that support compliance tasks. Monitoring the creation, workflow and representation of control objectives relating to any form of compliance you require (PCI DSS, ISO 27001, SOX etc). - Audit Functions
Support internal audit teams and provide time and task management reporting services. - Analytics and Reporting
Supporting data analytics with the ability to visualise or export results pertaining to any given metric required.

A GRC tool must harness your organisation’s information through a holistic approach. Answering the ‘demand’ (provided by your organisation when establishing what you require) by creating, monitoring, reviewing/analysing and communicating the appropriate information to the relevant stakeholders in a timely manner.
Read other chapters in the series:
Part 2: Important factors and considerations >>
Part 3: Popular Governance, Risk and Compliance tools >>
Should you require assistance in procuring, migrating or using a service please contact Xcina Consulting. We provide our clients with pragmatic advice and guidance to ensure they achieve a robust and defensible position. For more information contact us at info@xcinaconsulting.com.