SYSPRO ERP Governance
In order to manage through these challenges, the term GRC (governance, risk and compliance) is used to describe "the capability that enables an organisation to reliably achieve objectives while addressing uncertainty and acting with integrity; including the governance, assurance and management of performance, risk, and compliance" (Open Compliance and Ethics Group).
For an organisation to be able to do this corporate governance systems should be implemented so that governance, risk and compliance (GRC) becomes part of the framework that integrates business architecture, process, people and technology:
- Business architecture: GRC starts with understanding the strategy, objectives and policies of the business; this enables performance and reporting metrics to be set.
- Process: An enterprise operates through processes, therefore these must be included so that governance and compliance goals can be set, and risk thresholds identified.
- People: Compliance can be more easily established if roles and responsibilities are clearly defined; well-defined roles make risk management easier.
- Technology: An integrated system is required that not only ensures operational transactions align with controls, but also manages the execution of processes, administers role permissions and access, and handles how information flows.