In Part 1: Governance Risk and Compliance of the series (https://www.linkedin.com/pulse/part-1-governance-risk-compliance-mohammad-saneen-a/ ) we saw what is GRC and why it is necessary for an organization.
In the modern world, organizations are growing bigger with different divisions spread across different parts of the world. This also increases the number of interconnected issues and the growing number of employees increase the complexity in identifying the ownership and accountability of risk and demonstrating compliance. Let me list down some similar issues organizations can come across in the current era:
Duplication – The increasing number of records and issues being reported in Organizations makes it difficult for practitioners to identify the occurrence of any replicated issues. The increase in duplicated records reduces the efficiency of different tasks throughout the organization.
Questions and queries – During compliance check or a gap assessment, similar questions are repeatedly asked to the same individual over time which may not identify the real point or issue.
Workflow- A properly defined Risk Management workflow/process may not be in place or the employees may not be aware of the existence of such a process due to lack of communication.
Risks- The most vital factor that organizations cannot avoid would be in addressing risks, prioritizing risks and reporting the risks along with a timely response to the issue. All this get’s complicated as the size of the organization increases as well as the number of interconnected issues.
Compliance – Regulations, and requirements for compliance with different standards are growing and organizations are facing issues in being compliant with multiple standards and regulations. The violation of any corporate regulation may threaten the bottom line of an entire organization. As the organization becomes bigger, it would be difficult to maintain this compliance.
Ownership/Accountability – It is not just the management but each and every employee should be aware of their roles and responsibilities in addressing any issue or task. There should be proper records or proof to showcase the ownership and accountability of an issue or risk.
Third party – An organization may be connected to different third parties. There would be different third-party agreements like SLA (Service Level Agreement) which should be addressed and managed. Third parties also come with different risks which should be addressed and resolved as per their criticality. Organizations also struggle in calculating the performance of different services provided by third parties.
From the above points, it is clear that organization’s struggle in different areas which when addressed manually could take more time and resources and still give inaccurate results. A centralized platform for establishing proper GRC (Governance Risk and Compliance) processes would be a solution to all of the above. This is where RSA Archer Steps’ in. RSA Archer is a popular tool which has been named as a Leader in the 2016 and 2017 Gartner Magic Quadrant for IT Vendor Risk Management.
RSA Archer eGRC Solutions allow you to build an efficient, collaborative enterprise governance, risk and compliance (eGRC) program across IT, finance, operations and legal domains. It provides the organization with a pool of solutions that can be customized accordingly. The below diagram shows the different solutions offered by RSA Archer which provided solutions for all the issues which we mentioned earlier.
Organizations can implement these solutions to achieve GRC and hence address all the issues mentioned at the beginning of the article.
So Suppose after this an organization is going to implement RSA Archer, what prerequisites are needed for the implementation of this solution?
Well, the organization should have the following technical prerequisites :
• Web Application
• Instance Database
• File Repository
• Configuration Database
Web Application – As RSA Archer is a web-based application and needs Microsoft Internet Information Service (IIS) and Microsoft .NET Framework
Instance Database – To store information at particular instances we need an Instance database.
File Repository – You need a repository to store the company files like text and images (logos etc.)
Configuration Database – Stores the different configuration details that can be client or application specific
There are other requestees excluding the above vital requestees. After setting up the RSA Archer, solutions are made and the tool is configured to satisfy the need of the organizations. Suppose we have a bucket and a mug is placed inside and then we have water inside the mug.
The Bucket is the solution and each solution (eg: Business Resiliency) contains some mug ie, applications (Business Impact Analysis) and that contains water which is the records. The records contain different fields and data which are populated and arranged accordingly.
In this series of articles, we have seen what GRC is and why GRC is necessary. We have also come across RSA Archer and how RSA Archer can help an organization achieve GRC.RSA Archer Platform is a good choice to go ahead in establishing effective governance, risk and compliance (GRC) across the entire organization covering all it needs to address different problems like duplication, audit management, issue management etc…