1. Information flows sequentially, and there are technical obstacles for each step.
2. The whole process relies on manual operations. Information is typically exchanged by e-mail. Data is stored in Microsoft Excel spreadsheets. Validation and consolidation require considerable effort and time. The whole process is prone to errors.
3. Whole teams spend weeks or months gathering the [...]
Popularity: 21% [?]
1. Control environment:
The foundation for all other elements, influencing the control consciousness of the people within the organization and encompassing every aspect of how the organization is structured and works.
(Translation: This is the big picture. If your control environment is healthy and is already functioning well, then sowing the seeds of compliance will be straightforward. [...]
Popularity: 9% [?]
1. Document the control environment.
What are you doing? What are your processes? Where are the risks?
2. Test: Implement the process and access controls needed to address the risks identified.
3. Remediate: Resolve exceptions found by the controls.
4. Analyze: Use the information gathered to gain a deeper understanding of the business.
5. Optimize: Improve both GRC and business [...]
Popularity: 26% [?]
Risk planning: For each business activity, what are we trying to achieve, what are the assumptions and constraints, and what risks do we want to monitor?
Risk identification and analysis: For each business activity, we identify the risks. For each risk we look at the nature of the risk, its probability of occurrence, and the quantitative [...]
Popularity: 25% [?]