SAS® Governance and Compliance Manager Features

Common repository

  • A common repository interlinks all critical governance and compliance elements (e.g., risks, controls, policies, laws and regulations, KRIs, loss events, issues, action plans, assessments, scenarios and audit missions) to provide a 360-degree view.

Customizable interface

  • A custom page builder includes the ability to surface user-specified task lists, shortcuts, dashboards, URLs and stored process-driven content.
  • Customizable solution home page.
  • Drop-down, customizable menus.
  • Ability to save views, including table actions.
  • Table filtering for fields with enumerated values.
  • Unlimited number of levels provided for primary and secondary menus.

Risk management

  • Supports common risk management stages: identification, assessment, response, monitoring.
  • Supports best practices adopted from common frameworks (e.g., ISO 31000, AS/NZS ISO 31000, COSO ERM and ISO 27001).
  • Automated, customizable alert engine for monitoring trends in risk exposure.
  • Visualization capabilities (e.g., risk heat maps, dashboards, interactive graphs) for easy identification and monitoring of critical risks.
  • Ability to create impact objects linked to risks.
  • Approval workflow for risks, controls and impacts.

Comprehensive policy management

  • Provides web-based, self-service policy respondent capabilities.
  • Supports all policy lifecycle stages, including:
    • Capturing and monitoring policy violations.
    • Evaluating, approving, creating and updating of policies.
    • Mapping policies to regulations, risks and objectives.
    • Attestation of new policies or updates to existing policies.
    • Documenting, managing and monitoring policy implementation via processes and controls.
    • Retiring existing policies.

Incident management

  • Captures risk- and compliance-related incidents (e.g., event, event causes, controls that failed, event effect or consequences, insurance and noninsurance recoveries, remediation actions).
  • Includes customizable incident management workflows.
  • Provides the ability to save incidents during creation.

Audit management

  • Supports all key stages required by auditors to provide reliable assurance to stakeholders, including:
    • Prioritizing audit resources.
    • Defining and managing audit plans and missions.
    • Performing manual control testing as part of audit mission.
    • Approval and monitoring of remediation actions undertaken by business units.
    • Defining and monitoring of alerts to proactively identify emerging risks and changes to risk exposures across business units.