SAPLIB

1. Information flows sequentially, and there are technical obstacles for each step.

2. The whole process relies on manual operations. Information is typically exchanged by e-mail. Data is stored in Microsoft Excel spreadsheets. Validation and consolidation require considerable effort and time. The whole process is prone to errors.

3. Whole teams spend weeks or months gathering the data, making sure that it’s correct and consolidating it. Because this whole process is based on manual operations, many companies invest in third party assurance by hiring expensive auditing companies. Costs can reach two million euros per an annual report.

4. Sustainability solutions often aren’t integrated into other existing systems. According to a survey of 150 companies in the U.S. and Europe by AMR Research, less than one-third use their ERP systems to help manage CSR issues. Yet these enterprise-wide systems should be the very foundation of balancing environmental, social, and business objectives.

Popularity: 16% [?]

1. Control environment:

The foundation for all other elements, influencing the control consciousness of the people within the organization and encompassing every aspect of how the organization is structured and works.
(Translation: This is the big picture. If your control environment is healthy and is already functioning well, then sowing the seeds of compliance will be straightforward. If your control environment is sick and needs help, you are probably looking at a big change management project.)

2. Risk assessment:

The identification and analysis of risks to the achievement of the organization’s business objectives.
(Translation: In order to know your business, you need to know your risks and know them well.)

3. Control activities:

The policies and procedures that help the board and management ensure that their control decisions are carried out in relation to identified risks.
(Translation: You’ve identified your risks, your control environment is good, and now you need to set up the policies and procedures that will help senior executives make their decisions.) (more…)

Popularity: 9% [?]

1. Document the control environment.
What are you doing? What are your processes? Where are the risks?

2. Test: Implement the process and access controls needed to address the risks identified.

3. Remediate: Resolve exceptions found by the controls.

4. Analyze: Use the information gathered to gain a deeper understanding of the business.

5. Optimize: Improve both GRC and business processes as insights are gathered.

Popularity: 23% [?]

Risk planning: For each business activity, what are we trying to achieve, what are the assumptions and constraints, and what risks do we want to monitor?

Risk identification and analysis: For each business activity, we identify the risks. For each risk we look at the nature of the risk, its probability of occurrence, and the quantitative and qualitative aspects of the risk.

Risk response: Is there anything we can do to reduce, mitigate, or even remove the risk? How much will this cost? What is the potential ROI of taking this step? Who’s responsible for making sure that the response happens?

Risk monitoring: In this step, we continuously track and monitor each of the risks and analyze any risks that, despite our efforts, turn into incidents.

Popularity: 23% [?]