|
|
|
GRC Architecture
A governance, risk and compliance (‘GRC’) architecture is based on the five key principles of sound Risk
Management:
- An unambiguous mission statement which provides the vision and direction of the organisation, -
‘What we want to become’- from which are derived
- Clear, measurable strategies which set out how the organisation is to achieve its mission i.e.
‘How we’re going to get there’
- The creation of effective GRC policies providing the detailed rules ensuring the safe
implementation of strategy i.e. ‘What we have to do’
- Processes and systems developed within this risk management architecture become the mechanism
by which policy is implemented in the context of strategy i.e. ‘How we do it’
- Assurance: the management information, around key performance and risk indicators, which evidence
‘How we know it’s happening’
These five components are mutually dependent. Change to any one may have consequential impact on
one or more of the others.
KnowCo consultants have developed GRC architectures to suit the size and business strategy of their
clients, and pragmatic, efficient programmes of work to implement them. We have defined a GRC
maturity model to support the process.
|
|
|
|
|
GRC Maturity Model
We define four levels to the GRC maturity model, which are determined using a combination of
quantitative (hard) and qualitative (soft) factors, rated along scales of 1-16 for both.
The GRC-maturity model level for an organisation is determined through a combination of the scales.
Contact us for further information on our GRC maturity model
|
|