SAS® Governance and Compliance Manager Features
- A common repository interlinks all critical governance and compliance elements (e.g., risks, controls, policies, laws and regulations, KRIs, loss events, issues, action plans, assessments, scenarios and audit missions) to provide a 360-degree view.
- A custom page builder includes the ability to surface user-specified task lists, shortcuts, dashboards, URLs and stored process-driven content.
- Customizable solution home page.
- Drop-down, customizable menus.
- Ability to save views, including table actions.
- Table filtering for fields with enumerated values.
- Unlimited number of levels provided for primary and secondary menus.
- Supports common risk management stages: identification, assessment, response, monitoring.
- Supports best practices adopted from common frameworks (e.g., ISO 31000, AS/NZS ISO 31000, COSO ERM and ISO 27001).
- Automated, customizable alert engine for monitoring trends in risk exposure.
- Visualization capabilities (e.g., risk heat maps, dashboards, interactive graphs) for easy identification and monitoring of critical risks.
- Ability to create impact objects linked to risks.
- Approval workflow for risks, controls and impacts.
Comprehensive policy management
- Provides web-based, self-service policy respondent capabilities.
- Supports all policy lifecycle stages, including:
- Capturing and monitoring policy violations.
- Evaluating, approving, creating and updating of policies.
- Mapping policies to regulations, risks and objectives.
- Attestation of new policies or updates to existing policies.
- Documenting, managing and monitoring policy implementation via processes and controls.
- Retiring existing policies.
- Captures risk- and compliance-related incidents (e.g., event, event causes, controls that failed, event effect or consequences, insurance and noninsurance recoveries, remediation actions).
- Includes customizable incident management workflows.
- Provides the ability to save incidents during creation.
- Supports all key stages required by auditors to provide reliable assurance to stakeholders, including:
- Prioritizing audit resources.
- Defining and managing audit plans and missions.
- Performing manual control testing as part of audit mission.
- Approval and monitoring of remediation actions undertaken by business units.
- Defining and monitoring of alerts to proactively identify emerging risks and changes to risk exposures across business units.