The concept of a risk management system—what it is and consists of—is something that is often misunderstood or misinterpreted. A big challenge many companies face is evolving the management of their risk and dealing with it properly as it changes. While risk itself is a recurring instance for most companies, the problem is not just dealing with different risks, but having a universal definition of what they are and also specifically having a risk identification plan.
Wherever you are in the platform evaluation process, narrowing your choices down and selecting a new solution is never easy. This guide helps balance out the pros and cons of what your needs really are as you evaluate your current system and prepare to make a final leap to a new GRC platform.
Selecting an IA software platform is not always an easy choice. To begin with, there are many stakeholders involved: audit staff, management, process and control owners, the audit committee and the board. Then tack on a wide variety of auditable entities: business units, processes, organizational functions, applications, facilities, etc. Finding a single management platform that can bring all of these elements together in a way that fits the size, scope and methods of your IA department is no easy task.
I recently had the pleasure of co-authoring an E-Book with GRC consultant and “process whisperer” Dan Plato. Dan was one of our most dynamic speakers at Onspring Connect 2017 with his presentation on solution design best practices. We’ve packaged up those best practices, along with a set of templates and samples, into a guide that’s available free on our website.