Enterprise Governance, Risk and Compliance (GRC)
Regain confidence through strengthened internal controls, greater transparency and improved efficiency
" As regulations and the associated audits increase, internal audit organizations are challenged to maintain productivity. They look for a platform to enable them to more effectively manage work papers, plan and schedule audits, manage audit resources, and improve the ability to work effectively with other business units, risk management and compliance organizations, and external auditors."
— Gartner Inc., Critical Capabilities of Enterprise GRC Platform Vendors
French Caldwell, November 30, 2010
How SAS® Can Help
SAS provides bankers with the ability to drill down into data, processes and controls to get the facts, report on issues and all of their related items, and validate the integrity of the governance framework. This can significantly reduce the likelihood of repeated law violations, undetected or underestimated risk exposures, significant breaches of customer or public trust, or widespread nonconformance with internal policies. With SAS, you can:
Improve data quality by:
- Collecting and verifying data from operational systems, consortiums, external content providers and other specialized GRC applications.
- Building a foundation of common definitions for key risk, performance and control indicators, and their data elements, via a comprehensive GRC data model.
Better quantify risks and control effectiveness throughout the enterprise by:
- Defining, creating and validating GRC indicators.
- Promoting consistent process descriptions via a shared risk and control library and common remediation actions.
- Managing process and procedure changes for risk mitigation by specifying issues, their action plans and associated workflows.
- Integrate multiple qualitative risk and banking compliance streams via established industry frameworks, such as COSO, AS/NZS and ISO 31000.
- Capture and manage loss events and their associated effects, recoveries, allocations, causes and failed controls using incident management procedures.
- Satisfy compliance-related needs (e.g., stay current with regulatory changes, manage policy life cycles, continuously monitor compliance, capture all policy violations, etc.) and meet Sarbanes-Oxley Act (Section 302) requirements with a single policy lifecycle system that lets you test controls and related procedures for effectiveness.
- Better manage the audit process and minimize time spent on consolidating multiple Word and Excel files by using a single system for your auditing functions.
How SAS® Is Different
Only SAS approaches enterprise GRC with a complete, end-to-end solution that includes common definitions and organization of all core elements; sourcing, validation and aggregation of data; and powerful analytics and reporting within a transparent framework. In addition, SAS provides:
- The ability to link and visualize 360-degree relationships among GRC data elements (e.g., risks, controls, policies, regulations, issues, etc.).
- Integrated, continuous monitoring capabilities within the GRC platform.
- Established risk/compliance frameworks and a highly general relationship structure.
- Extensive risk modeling, data mining and analytic capabilities.
- A much wider GRC footprint than is available from other vendors.
- A database of publicly reported operational risk.
Related Products and Solutions
- SAS® Risk Management for Banking
- SAS® OpRisk Management
- SAS® Fraud Management
- SAS® Enterprise GRC
- SAS® Banking Analytics Architecture
SAS® Risk Management for Banking
SAS Risk Management for Banking supports a bank's risk management activities by delivering functionality for all major risk types, as well as data management and reporting. The solution allows business units to calculate risk measures independently and separately, as well as firmwide, using models and correlated aggregation techniques. The solution's integrated risk applications can be used together, individually or in any combination, enabling you to start in one area (e.g., market risk) and then expand usage to other areas (e.g., credit risk, firmwide risk or ALM) as needed.
SAS® OpRisk Management
SAS OpRisk Management is an end-to-end solution built on the industry-leading SAS Business Analytics Framework. The solution includes a Web-based application for collecting, managing, tracking and reporting risk information; an advanced modeling engine; and the world's largest and most comprehensive database of publicly reported operational losses.
SAS® Fraud Management
Performing "after the fact" analysis of questionable transactions is a reactive approach to fraud detection that doesn't offer any real protection from loss. Only SAS delivers a full-service enterprisewide fraud management system that offers real-time scoring of accounts by looking at all card transactions – including purchases, payments and nonmonetary transactions. No other system on the market provides this breadth of coverage.
SAS® Enterprise GRC
SAS Enterprise GRC provides an integrated platform for standardizing and managing strategic and operational risks, as well as consolidating information from all financial risk management systems (credit risk, market risk, etc.) into an enterprisewide view of risk. The solution links your GRC functions to strengthen governance and foster trust by aligning GRC principles with business objectives and strategy execution.
SAS® Banking Analytics Architecture
Inconsistent, incomplete and inaccurate data spread across multiple operational systems, such as deposits, loans and wealth management, often results in banking executives making business decisions based on "gut feel" rather than reliable analysis. What if you could consolidate data across the institution and make it easily accessible for analytics and reporting, so you could ensure consistency, reduce costs and data preparation time, as well as enable users to make fact-based decisions? You can.
Ready to learn more?
Call us at 1-800-727-0025 (US and Canada) or request more information.