This white paper presents a low risk, high impact approach to gaining control of regulatory compliance. The procedures, tasks, and behaviors that bear upon compliance can be overwhelming. Yet organizations that can master these activities, operate more efficiently, compete more effectively, and build their brands. Learn how Governance, Risk, and Compliance technologies can help.
AAchieving Efficieent GGovernance, Riskk and CCompliannce (GRCC) Throuugh PProcess aand Autoomationn
AA Low-Risk, High-Impaact Approaach too Gaining CControl of Regulatory CCompliancee Before It Overwhelmms YYour Organnization
An Epicor Whitte PaperWHITE PAPER
Executive Summary
Now more than ever, organizations of all sizes and descriptions are struggling to comply with regulations and manage the risks and penalties of failing to operate within the rules. Establishing, maintaining and proving compliance requires both money and time that executives and shareholders would rather invest in top-line growth. The myriad of procedures, tasks, and behaviors that bear upon compliance can be overwhelming. Yet organizations that can master the management all of these activities-and demonstrate that they have done it-operate more efficiently, compete more effectively, and build their brands and good names in the marketplace. Fortunately, newly available software platforms that have become known as Governance, Risk, and Compliance (GRC) technologies can help. This paper discusses the drivers behind the growing awareness of GRC information technology and introduces the elements of an effective automated GRC system. It also presents a suggested method for a low-risk, high-impact approach to launching GRC automation.
Achieving Efficient Governance, Risk and Compliance (GRC) Through Process and Automation i WHITE PAPER
Table of Contents
Introduction to Governance, Risk and Compliance 3 The Risk of Inadequate Compliance Management Systems 3 A Profusion of Point Solutions 4 Pinpointing Organizational Challenges 5 All Within Reach: Getting to GRC 6 Familiar Tools and Philosophies Fall Short 7 How Enterprise Applications Can Drive GRC 7 Enhanced Control with an Integrated Solution 8 Improved Financial Reporting 8 Financial Visibility - Budgeting, Planning and Forecasting 9 Supply Chain Visibility 9 Better Expense Management 9 Timely Visibility of Changes 10 Elements of an Effective GRC Software Solution 10 The Benefits of Effective GRC Automation 13 Conclusion 14 About Epicor 14 About Polivec 15
Achieving Efficient Governance, Risk and Compliance (GRC) Through Process and Automation i i
Introduction to Governance,
Risk and Compliance
Taken individually, these three terms convey a range of meaning. But when grouped together, they have come to indicate a recently conceived category of technology and consulting services collectively referred to as GRC. An article in CFO Magazine suggests that the GRC category has its origin in software vendors that offer solutions to address Section 404 of the Sarbanes-Oxley Act. GRC was born when these companies recognized that they could alter their SOX applications, morphing them into more-complex and more broadly focused products that could address two related areas heavily 1affected by SOX: corporate governance and risk management. The article goes on to say that GRC software ".at its core, remains a tracking system, capturing data on various compliance requirements as they affect a specific company and chronicling how the company does (or does not) satisfy those requirements." This straightforward description of GRC software serves as an effective basis for understanding its potential and its impact from a variety of perspectives. It is important to realize, however, that GRC is not just about a streamlined, computerized index of rules. It is about behavior. A successful GRC platform is a powerful tool that enables a company to operate within the spirit and the letter of those rules. The behaviors and processes that the successfully implemented GRC platform catalogs and tracks become a part of the company's culture and of the work ethic of its employees.
The Risk of Inadequate Compliance Management Systems
GRC touches every person and every function in an organization in some way. Whether GRC becomes an intolerable burden that increases company overhead or an enabler of efficiency and success depends upon its actual, day-to-day impact on the employees' work and whether that impact is enabling or debilitating. For most organizations, the latter is apparently still the case. In its 2007 GRC Strategy Survey, the Open Compliance and Ethics Group (OCEG) found that 65 percent claimed fragmented GRC caused serious business problems through duplication of efforts, r... [download for more]
