The 7-PModel for Governance, Risk and Compliance (part 2)

In part 1 we listed seven main Governance, Risk and Compliance concerns that organizations are facing, and introduced the 7-P Model. In this blog we provide the answers to these concerns. Please note that now all the dots are connected and that the fragile transfer and connection points from part 1 are replaced by anti-fragile points.

The sevens answers to the concerns, listed in part 1, are:

Prudence
Create trust by providing timely and accurate information.
Augment transparency by offering compliance proof services to regulators and enable real time regulatory oversight.
Cooperate in certified self-control and meta-oversight constructs.
Provide impact proof about the effect of new regulations.

Provision
Set standards and use a ‘comply or explain approach’ for external provisioning services.
Engage in pre-competitive collaboration on standards, vocabularies and semantics. Engage in GRC as a Service initiatives and fuse them with your internal system.
 
Policy
Create a GRC-intelligence position and enable ex-ante risk and impact assessment.
Develop and simulate scenarios. Model the business in context and from a goal oriented perspective incl. the defined risk tolerance.
Design for compliance.
Create one version of the truth and make re-use the norm. Manage the policy lifecycle by collaboration and embedded role separation. Capitalize on brainpower. Create a knowledge base to provide insight and support training objectives. Define ethic principles and integrate them in the control and certification cycle. Treat contracts as regulatory mandates and apply the same standards to them.

Robust transfer and connection point
Make procedures and controls executable.
Offer GRC as a service.
Infuse context aware decision intelligence.
Plan coherent control and report activities. Enable virtual organization and collaboration

Production
Execute preventive controls (manual and automatic) based on the infused intelligence and dynamic decision support.
Support collaboration, role separation and dynamic workflows. Apply monitoring rules, create alerts and offer integrated views.
Apply mass customization. Treat every request as a unique case. Create an audit trail, record the decision context with the applied controls, their origin and used rationale.

Robust transfer and connection point
Manage all case related facts in a unified case dossier including their decision context.
Apply strict security and retention rules for dossiers. Enable gathering and merging of data based on metadata.

Proof
Provide role based dashboards and alerts.
Support continuous auditing, assessment and monitoring from multiple perspectives per case and cross-case. Generate reports based on reporting templates.
Support role based collaboration for monitoring, reporting, analysis, recommendation and remediation.
Use the case dossier for liability issues and smash cost of legal discovery.
Offer access to the knowledge base and provide information services for regulatory oversight.
Support ex-post impact and risk assessment and propose remediation

Performance
Connect the dots and augment your GRC-capability.
Lever your logic to achieve transparency, sustainability & accountability within a risk aligned business performance.
Use a non-invasive business technology to support the business for various GRC-frameworks and to optimize invested capital in knowledge and systems. Use a robust platform. Apply a growing live approach. Start with removing a major bottleneck and optimize by re-use. Reduce legacy and cut compliance costs.

Profit
Result: You have built a GRC-intelligence position and created a high performance GRC-organization. This allows you to move more risks to tiers with lower financial thresholds, lower claim cost and free capital. You are compliant by design and can become a trusted partner of authorities. Your actionable GRC-capability and reputation grow by continuous improvement and engagement. New regulations offer new opportunities.

 For more information you may download 'Playing Jazz in the GRC-Club, the 'Future Perfect' of Governance, Risk and Compliance.

 If you like this post, please share it with your friends and colleagues. Thanks!