Products & Solutions / Governance, Risk, & Compliance

GRC – Risk Assessment and Monitoring

Accurately measure and track our risk exposure on an ongoing basis

Too often, risk management is handled by separate teams in multiple departments, resulting in disjointed processes, duplication of effort and conflicting analyses that cannot easily be reconciled due to inconsistencies in data, metadata, sampling, definitions, methods, etc. The answer lies in establishing automated, well-defined, controlled and documented risk management procedures that let you assess the adequacy of internal controls, quickly detect and report all violations, and ensure that business units take timely and appropriate corrective actions.

" Typically a board-level initiative, an ERM program must draw on data from many other GRC activities to present a comprehensive view of risks and their controls as inputs to business decision making."

— Gartner Inc.

Critical Capabilities of Enterprise GRC Platform Vendors, French Caldwell, Nov. 30, 2010

How SAS® Can Help

Adopting a consistent, transparent approach to risk assessment is critical. We approach the problem by providing software and services to help you:

  • Improve the quality of your GRC data by collecting and verifying data from multiple operational systems, consortiums, external sources and other GRC applications.
  • Promote consistent process descriptions, implement common remediation actions, and build a foundation of common risk, performance and control definitions throughout the organization using a comprehensive GRC data model and a common library of risks and controls.
  • Identify potential risk exposures early so you can address them proactively before they turn into crises with comprehensive, continuous risk monitoring capabilities that let you monitor risks based on trends in various operational systems and generate early warnings in the form of e-mails, issues and action plans.
  • Evaluate your risk exposures holistically based on their nature, frequency and potential impact and continuously update your exposure risk ratings based on actual loss frequency, severity and trends by using a single system to identify, assess, monitor and manage all financial and operational risks.
  • Integrate multiple qualitative risk and compliance streams from a variety of industry frameworks – e.g., COSO, AS/NZS, ISO 31000, SOX, ISO 27001, etc.
  • Increase your operating efficiency and reduce operating expenses by using a single system to address the compliance, risk management and auditing functions of your GRC program.

How SAS® Is Different

Only SAS offers a single environment that combines the most advanced analytics with core enterprise GRC functionality, along with a unified data management platform and robust, flexible reporting and presentation capabilities. With SAS, you get:

  • A common technology infrastructure with comprehensive GRC-specialized applications that support not only the core functional areas of audit, policy, risk and compliance management, but also emerging areas such as strategic and reputation risk management, thanks to advanced capabilities in text mining, content analysis and social media analytics.
  • A unified, transparent and consistent approach to risk assessment – with special emphasis on nonfinancial risks (e.g., transaction, strategic, legal and reputational risks) – that serves all constituents, including risk managers, compliance managers and auditors.
  • The ability to link and visualize 360-degree relationships among GRC data elements – risks, controls, policies, regulations, issues, etc. – so you can see your total risk picture and formulate systematic and holistic plans to address every issue.
  • A simple, yet powerful Web access portal that lets you readily analyze and report on virtually any aspect of your GRC program without the need of product enhancement, customization or reprogramming.
  • Control via a common management console that authenticates users, directs their access to data and processing, and maintains an audit trail of all activities and changes that may occur, thus eliminating issues of incompatibility among systems and shortening the learning curve.
  • A structured approach to risk management based on best practices (e.g., COSO, ISO 31000m, etc.), which enables your risk resources to focus on risk analysis and management rather than data preparation and consolidation.

Related Products and Solutions

  • SAS Enterprise GRC – SAS Enterprise GRC strengthens governance and trust with systematic management of risk. It detects and helps prevent violations, allowing you to align strategy with risk appetite. The solution builds a reliable view of risk compliance, facilitates collaboration between GRC teams and reduces the cost of risk management through automation.
  • SAS for Enterprise Risk Management – Only SAS delivers unified, quantitative risk management software that includes integrated, comprehensive data management; the most powerful predictive analytics available; user-friendly, self-service reporting; and a transparent environment that lets you manage the entire process – from identifying risk, to measuring, mitigating and monitoring it on an ongoing basis.

Ready to learn more?

Call us at 1-800-727-0025 (US and Canada) or request more information.