Products & Solutions / Governance, Risk & Compliance

Governance, Risk and Compliance with SAS® Enterprise GRC

Build trust by connecting the enterprise

SAS Enterprise GRC strengthens governance and trust with systematic management of risk. It detects and helps prevent violations, allowing you to align strategy with risk appetite. The solution builds a reliable view of risk compliance, facilitates collaboration between GRC teams and reduces the cost of risk management through automation.


  • Combine all GRC elements in a single platform.
  • Make better decisions.
  • Get fewer unpleasant surprises.
  • Improve GRC process efficiency and effectiveness.
  • Reduce risk-related losses.

Read more


  • Common repository
  • Customizable interface
  • Risk management capabilities
  • Corporate performance management capabilities
  • Comprehensive policy management capabilities
  • Incident management capabilities.

Read more


SAS Enterprise GRC home page with integrated dashboard.


How SAS® Is Different

SAS Enterprise GRC enables you to build a reliable view of your risk exposures and compliance obligations – a process that is error-prone and time-consuming when GRC components are not integrated. Only SAS Enterprise GRC:

  • Creates a common, integrated repository of all critical GRC components (e.g., risks, controls, policies, audits, etc.).
  • Facilitates collaboration among various GRC teams.
  • Reduces the cost of risk management and compliance by reducing duplication of data and processes.
  • Links all critical GRC elements, enabling you to easily visualize and assess what impact of a business decision in one part of the organization will have on other parts of the organization.


  • Combine all GRC elements in a single platform.
    • Repositories for risks, controls, laws and regulations, policies, assessments, loss data, scenarios and audits are combined into a single framework that facilitates collaboration among risk managers, compliance officers, auditors and business owners.
    • The solution also enables the implementation of best practices defined in frameworks such as ISO 31000, AS/NZS Risk Management Standard, etc.
  • Make better decisions.
    • Gain a comprehensive, 360-degree view of your potential compliance and risk exposures and obligations.
    • Easily view and explore connections among GRC elements.
    • Integrate KPIs and KRIs so you can monitor strategy execution and business objectives proactively.
  • Get fewer unpleasant surprises.
    • Combine your GRC framework with your strategy definition and execution processes.
    • Get early warning of emerging risks, associated issues and action plans for handling them via a comprehensive alert engine.
  • Improve GRC process efficiency and effectiveness.
    • Automate common GRC processes to enable continuous monitoring of controls, KRIs and risk exposures.
    • Reduce the chance of duplicate processes (e.g., risk assessments) by enabling collaboration among risk managers, compliance officers and auditors.
  • Reduce risk-related losses.
    • Capture and monitor all risk-related losses in a single repository with fully customizable workflows.
    • Learn from past losses by linking them with failed controls, causes, assessments and KRIs.


Common repository
  • A common repository interlinks all critical GRC elements (e.g., risks, controls, policies, laws and regulations, KRIs, loss events, issues, action plans, assessments, scenarios and audit missions) to provide a 360-degree view of all GRC elements.
Customizable interface
  • A custom page builder includes the ability to surface user-specified task lists, shortcuts, dashboards, URLs and stored process-driven content.
  • Customizable solution home page.
  • Drop-down, customizable menus.
  • Ability to save views, including table actions.
  • Table filtering for fields with enumerated values.
  • Ability to create impact objects for risks.
  • Ability to link impacts to risks.
  • Approval workflow for risks, controls and impacts.
  • Unlimited number of levels provided for primary and secondary menus.
Risk management capabilities
  • Supports common risk management stages: identification, assessment, response, monitoring.
  • Supports best practices adopted from common frameworks (e.g., ISO 31000, AS/NZS ISO 31000, COSO ERM and ISO 27001).
  • Automated, customizable alert engine for monitoring trends in risk exposure.
  • Visualization capabilities (e.g., risk heat maps, dashboards, interactive graphs) that enable easy identification and monitoring of critical risks.
Corporate performance management capabilities
  • Integration of GRC processes with strategy definition and execution processes using the integration functionality of SAS Enterprise GRC and SAS Strategy Management.
  • Supports integration with other corporate performance management solutions.
Comprehensive policy management capabilities

Supports all policy lifecycle stages, including:

  • Evaluating the need for a new policy.
  • Creation of a new policy.
  • Mapping policies to laws and regulations, risks and governance objectives.
  • Approval for new policies or updates to existing policies.
  • Attestation for new policies or updates to existing policies.
  • Managing the communication process for each policy.
  • Documenting, managing and monitoring policy implementation via processes and controls.
  • Regular assessment of policies.
  • Capturing and monitoring policy violations.
  • Updates to existing policies.
  • Retiring existing policies.
Incident management capabilities.
  • Captures risk- and compliance-related incidents, including: event; event causes; controls that failed; effect or consequences of the event; insurance and noninsurance recoveries; remediation actions.
  • Includes customizable incident management workflows and link instance screen.
  • Configurable change reason prompts.
  • Ability to save incidents during creation.
  • Link editing ability.


SAS Enterprise GRC home page with integrated dashboard.

View Screenshot

SAS Enterprise GRC 360-degree interactive graph.

View Screenshot

System Requirements

Client environment
  • Windows (x86-32): Windows XP Professional, Windows Server 2003 family, Windows Vista*, Windows Server 2008
Server Environment
  • AIX: Version 5.3 and 6.1 on POWER architectures
  • HP-UX Itanium: HP-UX 11iv2 (11.23), 11iv3 (11.31)
  • Linux for x64 (EM64T/AMD64): RHEL 4 and 5, SuSE SLES 9 and 10
  • Microsoft Windows (x86-32): Windows XP Professional, Windows Server 2003, Windows Vista*
  • Microsoft Windows on x64 (EM64T/AMD64): Windows XP Professional for x64, Windows Server 2003 for x64, Windows Vista* for x64, Windows Server 2008
  • Solaris on SPARC: Version 9, 10

* NOTE: Windows Vista editions that are supported include Enterprise, Business and Ultimate.

Database requirements
  • Oracle 9 and 10
  • DB/2 9
  • PostgreSQL 8.2.9
  • SQL Server 2008 R2
Supported Web browsers
  • Internet Explorer 6 on Windows XP Pro
  • Internet Explorer 7 on Windows XP Pro and Windows Vista*
  • Firefox 2.0 on Windows XP Pro, Windows Vista* and Linux for x86 (SuSE and RHEL)
Midtier application servers supported
  • BEA WebLogic Server
  • IBM WebSphere Application Server
  • JBoss Application Server
Language support

In addition to English, the following languages are supported:

  • Chinese (Simplified, Traditional and Hong Kong SAR)
  • Japanese
  • Korean
  • French
  • German
  • Spanish (Castilian)
  • Italian
  • Polish
  • Russian
  • Portuguese

Ready to learn more?

Call us at 1-800-727-0025 (US and Canada) or request more information.