Why a GRC Framework? | Governance Risk and Compliance - YouTube

Please watch our new animation and demo

by clicking on the i in the top right corner

of this video

Governance is about how an organisation has to be run in an efficient and responsible manner

and how they report their policy towards all stakeholders. Processes and goals of the organisation have to be aligned.

Compliancy is an integral part of this: the organisation has to run here policy within the existing Rules and regulations that apply to them.

This sounds simple, but is often difficult, because products and services and rules and regulations are often subject to change.

Finally every organisation has to identify all risks through risk management

and register the related management measures and then report on these.

The importance of embedding GRC in an organisation can have to do with, that an organisation wants to:

Steer performances

Improve the quality of their products and services

Prevent damage

And eventually be in control!

The difficulty is that most organisations don't see the interrelation between governance, risk management and compliancy.

Because of the many internal and external reports, rules and regulations and all responsibilities that arise,

an organisation easily loses the overview.

Most of the time GRC continues to be three separate fields of study

By structuring and relating governance, risk management and compliance, their impact on the business operations becomes clear.

These three pillars are combined in Rules GRC. It offers insight in the interrelations and their relation with the business processes.

This way an organisation gets more insight and overview and reporting and communicating on GRC becomes easy.

Let's take a look at the steps we will go through to succesfully embed GRC in the organisation.

First of all you Inventorise all information around processes, rules and regulations, policy, risk and managementmeasures

and then structure this information and relate everything to each other using the Mavim Rules application.

Subsequently you analyse, quantify and report on this information

When this has been done, you can communicate this information to the rest of the organisation.

By creating a publication for your intranet or SharePoint portal

all stakeholders can find information that is important for them.

The stakeholders can give feedback on the published information

whereupon this feedback can be used to monitor and improve.

Let's take a look at a demonstration of step 3 till 5. The information has already been published to the intranet

where the stakeholders can find the information.

Here we see the GRC startpage. From this startpage we can navigate to the processes, rules and regulations,

risks and management measures and management reports.

Let's navigate to the processes of the organisation. Next we will go the the primary process closing agreement.

We can also visualise this process in a chart. Here we see the process visualised in a process chart.

When we click on one of the activities of the process,

the description screen on the right gives us extra information on this activity.

Furthermore in the bottom right corner we see the relationship screen

screen where we can find all related information to this activity.

For example you can see which officials are involved in this process, which applications are used,

which risks could occur and which iso norms are related.

If you would like more information on these related topics, you can easily click on these topics.

We can also click on the risk related to this activity.

Here we see a short description of the risk, the short and long term effects

and we can see what the chance, impact and management measures are of this risk.

We can also view extensive reports where we see which risks are related to which processes.

In this process/risk chart we see all the primary processes of the organisation with the related risks,

type of risk, the chance, the impact and the management measures.

If you would like more information about a certain topic you can easily click on this topic.

For example we can click on one of the risks and subsequently we get insight in all meta information around this risk.

When we go back to the start page we can also directly navigate to the risks.

We can also view extensive reports where we can see which risks could take place in our organisation and see which processe are related

with the gross chance and impact, management measures and the nett chance and impact, the action log and the action holder and the follow-up date.

Let's go back to the startpage.

We have just seen how the processes, risks and management measures and underlying rules and regulations have been connected to each other.

This gives us the possibility to create several extensive management reports in a dashboard.

This gives us insight in which risks are related to processes.

Here you can also see a total overview of the identified risks within the organisation.

From this report you can also easily navigate to the related processes.

Subsequently the stakeholders can give feedback on the published information.

Here we see several forms that the stakeholders can use, like a feedback form, a risk self assessment form or a control comment form.

The end users can give their feedback here. This feedback is sent back to the Mavim Rules database,

where the Rules administrator can improve and communicate this information.

We have now taken a short look at the Mavim Rules GRC Framework.

If you would like to see more in depth video's on for example IT governance, Qaulity and Process management,

please feel free to take a look at our other video's.