One concise procedure and test grid in GRC/ESG for everyone

  • How do you transform externally set policies, standards and guidelines

  • How to establish content audit content that can be automatically monitored?

  • Which GRC inputs should be prepared before automation?

  • Which GRC processes are affected?

  • What results should be delivered internally and for audits?

  • At which action level are there which options for which stakeholder?

  • Which knowledge modules and methods can be used?

 

How Inputs are prepared for automation:

Examples:

  • Requirement repositories (How to get from standard and policy to test content that can be automated)

  • Lists - inputs and rules for risk management

  • Control repositories

  • Control frameworks for the respective standards (incl. overlap to other guidelines)

 

Which ESG and GRC Flows to be adresses

Processes and sub-processes that are either automated as a whole or contribute to a value stream via input.

  • ISO 38500 basic processes

  • Audit processes and workflows according to ICS COSO or the ISO series of standards

  • Integrated risk management according to ISO 31000

  • Crisis management

 

GRC relevante Outputs

  • Audit catalogs and control objectives derived from them

    Risk registers / risk treatment plans / risk treatment plans

  • Evidence and report specifications and templates for the respective compliance context

  • Visualization concepts for control dashboards

    • Risk dispositive

    • Result control

    • Digital degree of development

  • Compliance fulfillment level

Technical Solution Options by Task Level

Which existing technologies and method sets can be used at the following level?

  • Data collection / monitoring

  • Workflow automation

    • Front end (service automation)

    • Value stream (internal processes)

    • Backend (robotic process automation)

  • Data analysis automation

  • Issue management and NC alerting

  • Creation of control boards and management dashboards

Value Added Services around the “Blueprint”

  • Training / consulting and coaching in the areas of

    • Compliance management frameworks (ISO / NIST / COSO / EU directives)

    • Service automation

    • Process automation

    • Data literacy and big data

  • Prebuilt components for closing process and procedural gaps

  • Libraries and templates for later digital use

  • As a specification / data and process model

  • User story collection - ready to implement

  • Coding & implementation

  • Provision of technical experts for "turn-key implementation"

 
 

Want to go deeper?

Book one hour Briefing - free of Charge