Wiley SAP GRC For Dummies 978-0-470-33317-4 用户手册
产品代码
978-0-470-33317-4
Systematic application of a GRC solution leads to a process that constantly
deepens management’s understanding of what is going on in a business and
increases their confidence that risks are being managed. Figure 1-7 shows
how this leads to a closed-loop system of constant improvement of GRC
processes.
deepens management’s understanding of what is going on in a business and
increases their confidence that risks are being managed. Figure 1-7 shows
how this leads to a closed-loop system of constant improvement of GRC
processes.
With such a process of continuous improvement in place, companies get the
most important benefit that they are seeking from GRC—the peace of mind
that comes from knowing that financial information is accurate, risks are
being managed, regulations are being complied with, and that the probability
of nasty surprises is as low as it can be.
most important benefit that they are seeking from GRC—the peace of mind
that comes from knowing that financial information is accurate, risks are
being managed, regulations are being complied with, and that the probability
of nasty surprises is as low as it can be.
1. Risk Identification
•
•
Identify
risks
and
controls
6. Prevention and Continuous
Monitoring
•
Monitoring
•
What-if
analysis
•
Deficiency prevention
5. Testing and reporting
•
•
Control testing
•
Progress
monitoring
•
Report on
exceptions and
deficiencies
Risks
Controls
Financial
IT GRC
Global
Trade
Environment,
Health, and
Safety
2. Automated Risk Analysis
•
•
Implement
risk rules
based
on
controls &
organizational goals
4. Remediation and Mitigation
•
•
Resolve
identified
control violations
•
Document mitigating
controls
3. Detect
•
•
Detect violations
•
Remediation
Figure 1-7:
A closed-
loop
process
of GRC
improve-
ment.
37
Chapter 1: The ABCs of GRC
05_333174 ch01.qxp 4/4/08 7:15 PM Page 37