Any definition of GRC is incomplete without understanding the role, value and unique attributes of audit. In particular it is important to understand that while audit needs to be considered as an integrated element of GRC, it also needs to be understood as a complement to your GRC initiatives.
The audit function will touch every aspect of the GRC landscape as the Audit team seeks to validate, support and enhance the various activities that are underway within your enterprise.
So what is the benefit to your audit program of a shared GRC Platform? The answer lies in the data. This idea is more fully articulated in the white paper, Seamless Collaboration. The modern audit paradigm is really a collaboration with the business, not simply a review.
We have clients who have made significant strides toward lightening the burden of audit on the business. The reason they have been able to achieve this is that information on business processes, risks and controls are organized and managed in a consistent way.
The audit teams are able to access data through the GRC platform and in some cases, make determinations with almost no additional requests for information from the business. The data is there for them and they can see when an area of the business is being managed and controlled according to the policies and standards of the company and when it is not.
In today’s regulated environment, the business is often asked for information – sometimes the same information – on an almost continuous basis. So any progress toward lightening this burden will create efficiencies and be greatly appreciated by the business process owners. Some of our clients call this ‘self-audit’ and it is a significant reason why audit should be an integrated component of the overall GRC landscape. You can read more about this type self-audit in by downloading the white paper, Seamless Collaboration.