Articles

Meet the Archer GRC Tool

By December 13, 2017 One Comment

* By Marcos Santos

Overview 

GRC is the composition of the terms Governance, Risk & Compliance. An integration of Risk Management, Corporate Governance, auditing practices and controls enforcement knowledge areas to ensure compliance with laws, regulations and standards enforcement, centrally within the organization.

With the need to provide greater transparency to the board and shareholders, the approach was “spread out” across the organization. Different practices of governance, risk management and control often brought redundancy to the approach taken in other areas, which could lead to a loss of performance, productivity and even poor management of financial resources.

Below is how we can define the function of each knowledge area:

  • Governance: Policies, procedures, responsibilities for the organization to define its guidelines and objectives, coordinating people, processes and technologies to achieve them.
  • Risk: Can be defined as the effect of uncertainties on the company's objectives, it is then related to the probability of an event occurring and to the possible impacts of the event on business objectives.
  • Compliance: Explains how well the organization is in compliance with standards, laws, procedures and good practices, recommended or mandatory.

Thus, there is a need to integrate corporate initiatives into a single working model that avoids redundant controls, conflicts in decision making and facilitates alignment with business objectives.

About GRC ServiceNow - Learn more on here

GRC Archer

RSA's GRC Archer is a customizable and intuitive tool that supports Governance, Risk management and Compliance (GRC) for the company. The platform allows you to tailor the solution to your needs to build new applications and integrate with other external systems without the need for development and programming. It is composed of:

  • Application customization;
  • Workflows of business;
  • Reports and Dashboards;
  • Integration between systems.

The key components that are critical to the business “use cases” used by the solution are:

  • Understanding the business through a structured organizational and asset view. The organization must know what its assets are, how they are related and who is responsible for them;
  • Personalization from visualization to report generation, which allows users to easily customize without the need for developments and schedules, based on the evolution of business processes;
  • Centralization of information to generate relationships between processes. Sharing information between business processes enables management efficiency gains;
  • Integration with other systems for both data input and data output, optimizing analysis.

The solution allows centralized control over the GRC optics for 6 solution areas (IT & Security Risk Management, Business Resiliency, Regulatory and Corporate Compliance, Audit, Operational Risk and Third Part Governance).

IT Security Risk Management

The solution enables the establishment of policies and procedures regarding security, identification and resolution of disabilities, and detection and response to attacks.

The solution encompasses the following use cases:

  • IT Security Policy Program Management;
  • IT Security Corporate Obligations Management;
  • IT Controls Assurance;
  • IT Security Vulnerabilities Program;
  • IT Risk Management;
  • Payment Card Industry (PCI);
  • Security Incident Managent;
  • Security Operations and Breach Management.

Business Resiliency

Centrally enables an approach to business continuity, disaster recovery and crisis management.

The solution encompasses the following use cases:

  • Incident Management;
  • Business Impact Analysis;
  • Business Continuity and Disaster Planning;
  • Resiliency Management.

Regulatory and Corporate Compliance

It enables an approach to automation, management and centralization of controls that support business and regulatory requirements.

The solution encompasses the following use cases:

  • Policy Program Management;
  • Corporate Obligations Management;
  • Controls Assurance Program Management;
  • Controls Monitoring Program Management.

Audit

The solution allows for control of the entire audit cycle, enabling its enhancement through related activities and providing integration between controls and business-related risks. Provides more efficient targeting in risk-based audit plans.

The solution encompasses the following use cases:

  • Issue management;
  • Audit Engagements and Workpapers;
  • Audit Planning.

Operational Risk

Allows the organization an overview of risks. The solution enables quantitative and qualitative risk assessment, metric tracking and loss management.

The solution encompasses the following use cases:

  • Risk Catalog;
  • Risk Inventory and Top-Down Assessment;
  • Loss Event Management;
  • Key Indicator Management;
  • Bottom-Up Risk Assessment;
  • Operational Risk Management.

Third Part Governance

It deals with the relationship with suppliers. The solution automates and simplifies supplier oversight and facilitates regulatory compliance and best practice activities.

The solution encompasses the following use cases:

  • Third Party Catalog;
  • Third Party Risk Management;
  • Third Party Engagement;
  • Third Party Governance.

With this in mind, SAFEWAY brings the best solutions, customized and customized, to help your business work more efficiently and effectively, using all the potential available in the solution. 

GRC Overview

GRC is the composition of the terms Governance, Risk & Compliance. An integration of Risk Management, Corporate Governance, auditing practices and controls enforcement knowledge areas to ensure compliance with laws, regulations and standards enforcement, centrally within the organization.

With the need to provide greater transparency to the board and shareholders, the approach was “spread out” across the organization. Different practices of governance, risk management and control often brought redundancy to the approach taken in other areas, which could lead to a loss of performance, productivity and even poor management of financial resources.

Below is how we can define the function of each knowledge area:

  • Governance: Policies, procedures, responsibilities for the organization to define its guidelines and objectives, coordinating people, processes and technologies to achieve them.
  • Risk: It can be defined as the effect of uncertainties on company objectives, and is related to the likelihood of an event occurring and the possible impacts of the event on business objectives.
  • Compliance: Explains how well the organization is in compliance with standards, laws, procedures and good practices, recommended or mandatory.

Thus, there is a need to integrate corporate initiatives into a single working model that avoids redundant controls, conflicts in decision making and facilitates alignment with business objectives.

GRC Archer

RSA's GRC Archer is a customizable and intuitive tool that supports Governance, Risk management and Compliance (GRC) for the company. The platform allows you to tailor the solution to your needs to build new applications and integrate with other external systems without the need for development and programming. It is composed of:

  • Application customization;
  • Workflows of business;
  • Reports and Dashboards;
  • Integration between systems.

The key components that are critical to the business “use cases” used by the solution are:

  • Understanding the business through a structured organizational and asset view. The organization must know what its assets are, how they are related and who is responsible for them;
  • Personalization from visualization to report generation, which allows users to easily customize without the need for developments and schedules, based on the evolution of business processes;
  • Centralization of information to generate relationships between processes. Sharing information between business processes enables management efficiency gains;
  • Integration with other systems for both data input and data output, optimizing analysis.

The solution allows centralized control over the GRC optics for 6 solution areas (IT & Security Risk Management, Business Resiliency, Regulatory and Corporate Compliance, Audit, Operational Risk and Third Part Governance).

IT Security Risk Management

The solution enables the establishment of policies and procedures regarding security, identification and resolution of disabilities, and detection and response to attacks.

The solution encompasses the following use cases:

  • IT Security Policy Program Management;
  • IT Security Corporate Obligations Management;
  • IT Controls Assurance;
  • IT Security Vulnerabilities Program;
  • IT Risk Management;
  • Payment Card Industry (PCI);
  • Security Incident Managent;
  • Security Operations and Breach Management.

Business Resiliency

Centrally enables an approach to business continuity, disaster recovery and crisis management.

The solution encompasses the following use cases:

  • Incident Management;
  • Business Impact Analysis;
  • Business Continuity and Disaster Planning;
  • Resiliency Management.

Regulatory and Corporate Compliance

It enables an approach to automation, management and centralization of controls that support business and regulatory requirements.

The solution encompasses the following use cases:

  • Policy Program Management;
  • Corporate Obligations Management;
  • Controls Assurance Program Management;
  • Controls Monitoring Program Management.

Audit

The solution allows for control of the entire audit cycle, enabling its enhancement through related activities and providing integration between controls and business-related risks. Provides more efficient targeting in risk-based audit plans.

The solution encompasses the following use cases:

  • Issue management;
  • Audit Engagements and Workpapers;
  • Audit Planning.

Operational Risk

Allows the organization an overview of risks. The solution enables quantitative and qualitative risk assessment, metric tracking and loss management.

The solution encompasses the following use cases:

  • Risk Catalog;
  • Risk Inventory and Top-Down Assessment;
  • Loss Event Management;
  • Key Indicator Management;
  • Bottom-Up Risk Assessment;
  • Operational Risk Management.

Third Part Governance

It deals with the relationship with suppliers. The solution automates and simplifies supplier oversight and facilitates regulatory compliance and best practice activities.

The solution encompasses the following use cases:

  • Third Party Catalog;
  • Third Party Risk Management;
  • Third Party Engagement;
  • Third Party Governance.

With this in mind, SAFEWAY brings the best solutions, personalized and customized, to help your business work more efficiently and effectively, using all the potential available in the solution.

About GRC ServiceNow - Learn more on here

* Marcos Santos is a security consultant for [SAFEWAY]

Join the discussion One Comment

Leave a Reply