Products & Solutions / Governance, Risk & Compliance

Governance, Risk and Compliance with SAS® Enterprise GRC

Build trust by connecting the enterprise

SAS Enterprise GRC strengthens governance and trust with systematic management of risk. It detects and helps prevent violations, allowing you to align strategy with risk appetite. The solution builds a reliable view of risk compliance, facilitates collaboration between GRC teams and reduces the cost of risk management through automation.

Benefits

  • Demonstrate an effective implementation of the GRC framework.
  • Enhance the quality of decision making across the organization.
  • Reduce the likelihood of unpleasant surprises for all stakeholders.
  • Enhance the efficiency and effectiveness of GRC processes.
  • Reduce risk-related losses.
  • Reduce the risk of regulatory compliance violations.
  • Provide more reliable assurance to stakeholders.

Read more

Features

  • Integrates GRC with business strategy
  • Enhanced compliance and assurance capabilities
  • Continuous monitoring and benchmarking

Read more

Screenshot

SAS Enterprise GRC assessment of risk exposures


Screenshots

How SAS® Is Different

  • Creates a common and integrated repository of all critical GRC components (e.g., risks, controls, policies, audits, etc.).
  • Facilitates collaboration between various GRC teams, which will be difficult when the GRC components are in multiple systems.
  • Reduces cost of risk management and compliance by reducing duplication of data and processes.
  • Links all critical GRC elements, enabling you to easily visualize and assess the impact of a business decision in one part of the organization over other parts of the organization.

Benefits

  • Demonstrate an effective implementation of the GRC framework. SAS Enterprise GRC integrates your repositories of risks, controls, laws and regulations, policies, assessments, loss data, scenarios and audits. It facilitates collaboration among risk managers, compliance officers, auditors and business owners. Organizations can implement best practices defined in frameworks such as ISO 31000, AS/NZ Risk Management Standard, etc.
  • Enhance the quality of decision making across the organization. SAS Enterprise GRC provides an integrated view of potential risk exposures and obligations, and integrates key performance indicators (KPIs) and key risk indicators (KRIs) for effective monitoring of strategy execution and business objectives.
  • Reduce the likelihood of unpleasant surprises for all stakeholders. SAS Enterprise GRC integrates your GRC framework with strategy definition and execution processes, and provides a comprehensive alert engine to provide early warnings about emerging risks.
  • Enhance the efficiency and effectiveness of GRC processes. SAS Enterprise GRC automates your common GRC processes by continuously monitoring controls, KRIs and risk exposures, and reduces duplication of GRC processes (e.g., risk assessments) by enabling collaboration between risk managers, compliance officers and auditors.
  • Reduce risk-related losses. SAS Enterprise GRC uses a single repository for capturing and monitoring all risk-related losses and facilitates learning from past losses by linking losses with failed controls, causes, assessments and KRIs.
  • Reduce the risk of regulatory compliance violations. SAS Enterprise GRC lets you integrate disparate compliance systems into a single enterprise compliance platform. In addition to reducing the cost of compliance, you can document and monitor key compliance aspects (e.g., laws and regulations, policies and procedures, risks, controls, regulatory actions, and violations of laws and policies). Notifications of changes in laws applicable to business operations allow your organization to stay current on regulatory requirements.
  • Provide more reliable assurance to stakeholders. Because SAS Enterprise GRC enables automation of audit activities through Computer Aided Audit Tools (CAATs), auditors can provide provide more reliable assurance to stakeholders. You can also identify emerging risks early to help deploy audit resources more effectively.

Features

Integrates GRC with business strategy
  • Rich visualization capabilities (e.g., risk heat maps, dashboards and interactive graphs) help identify and monitor risks.
  • A customizable alert engine automates the monitoring of trends in risk exposure and provides early-warning alerts so that proactive measures can be taken.
  • Interlocking of critical GRC elements enables easy visualization of the connections among GRC elements.
  • GRC processes can be integrated with strategy processes as well as other corporate performance management solutions.
Enhanced compliance and assurance capabilities
  • Provides support for a policy's entire life cycle – from creating new policies to retiring outdated ones.
  • Enables capturing of risk- and compliance-related details, such as the nature and cause of any event, controls that failed, results, and the insurance and non-insurance recoveries and resulting remediation.
  • Supports internal auditors by identifying business units with critical risk exposures and proactively identifying emerging risks and changes to risk exposures across all business units.
  • Captures and monitors issues related to governance, risk management and compliance processes.
  • Enables the definition and monitoring of one or more action plans for identified issues.
Continuous monitoring and benchmarking
  • Enables continuous monitoring of GRC-related information in operational systems across the organization, including control performance, KRIs, KPIs and GRC information in other specialized GRC applications.
  • Based on the monitoring, you can define alerts for emerging risks and substandard GRC processes.
  • Provides a library of operational risk data consolidated from various public sources to identify new risks, benchmark losses with peers, develop scenarios and perform capital modeling.

Screenshots

Screenshot
SAS Enterprise GRC assessment of risk exposures

View Screenshot

Screenshot
SAS Enterprise GRC risk dashboard

View Screenshot

Screenshot
A compliance dashboard in SAS Enterprise GRC

View Screenshot

Screenshot
Analyse the risk profile of strategic decisions

View Screenshot

Screenshot
Visualise a 360 degree view of the GRC environment

View Screenshot

Screenshot
Monitor and analyse risk exposures through risk heat maps

View Screenshot

System Requirements

Client environment
  • Windows (x86-32): Windows XP Professional, Windows Server 2003 family, Windows Vista*, Windows Server 2008
    Server environment
  • AIX: Version 5.3 and 6.1 on POWER architectures
  • HP-UX Itanium: HP-UX 11iv2 (11.23),11iv3 (11.31)
  • Linux for x64 (EM64T/AMD64): RHEL 4 and 5, SuSE SLES 9 and 10
  • Microsoft Windows (x86-32): Windows XP Professional, Windows Server 2003, Windows Vista*
  • Microsoft Windows on x64 (EM64T/AMD64): Windows XP Professional for x64, Windows Server 2003 for x64, Windows Vista* for x64,Windows Server 2008
  • Solaris on SPARC: Version 9, 10; Solaris for x64

*NOTE: Windows Vista Editions that are supported include Enterprise, Business and Ultimate.

Database requirements
  • Oracle 9 and 10
  • DB/2 9
  • PostgreSQL 8.2.9
Supported Web browsers
  • Internet Explorer 6 on Windows XP Pro
  • Internet Explorer 7 on Windows XP Pro and Windows Vista*
  • Firefox 2.0 on Windows XP Pro, Windows Vista* and Linux for x86 (SuSE and RHEL)
Midtier application servers supported
  • BEA WebLogic Server
  • IBM WebSphere Application Server
  • JBoss Application Server
Language support

In addition to English, the following languages are supported:

  • Chinese (Simplified, Traditional and Hong Kong SAR)
  • Japanese
  • Korean
  • Arabic
  • Dutch
  • French
  • German
  • Hebrew
  • Italian
  • Polish
  • Russian
  • Spanish (Castilian)
  • Portuguese
  • Ukrainian

Ready to learn more?

Call us at 1-800-727-0025 (US and Canada) or request more information.