Full risk governance requires great clarity of purpose, transversality of action, speed and precision of intervention.
In an increasingly “data driven” world, it is also essential to be able to support daily operations through tools characterized by ease of use, efficiency, pragmatism that find the right balance in modern ICT solutions.
Looking in this direction, Augeos proposes the platform GRC – Governance, Risk Management & Compliance (hereinafter: GRC). A modular and highly flexible technological solution, which can host – even simultaneously – different configurations:
- La gestione del rischio operativo (Risk Shelter)
- La gestione del rischio di conformità (NormageoS)
- La gestione del rischio informatico (Augeos IT Risk Management)
- La governance del rischio in senso ampio e generalizzante (Risk Executive Dashboard)
Being a shared platform of several solutions allows GRC to manage in a completely homogeneous and centralized way all the functional aspects of transversal nature, necessary so that the different configurations in place can ensure information consistency and functional integrity.
More specifically, GRC offers transversal and homogeneous features regarding:
- La profilazione (anche tramite di procedure di SSO) e la gestione della struttura organizzativa
- La possibilità di configurare procedure di sincronizzazione / allineamento da fonti terze parti
- Le gestione delle tassonomie, dei questionari e dei workflow
- La gestione di ruoli e permessi
- La schedulazione di procedure automatiche periodiche (batch)
These features can also be managed in a multi-company configuration, allowing GRC to host different risk management solutions in multiple companies on the same installation.
Profiling and management of the organizational structure
GRC hosts registries that allow you to manage users.
To better adhere to the real organizational structure present in a company, it is also possible to proceed with the management of registries dedicated to business units.
With reference to each of them can be assigned a working group composed of users. Within a group it is possible to designate precise responsibilities, in order to facilitate the management of turn-over.
The organizational structure can also be managed according to a multi-level hierarchy that can be exploited by the system in the definition of responsibilities, escalation mechanisms, delegation functions.
The user, regardless of the structure of membership and the configuration in use, accesses GRC always and only from a single entry point by:
- Login attraverso username e password
- Meccanismo di Single Sing-On (ad es.: ADFS, SAML2, …)
Synchronization and alignment procedures
Since functional registries such as users and organizational structure are often operationally managed on third-party solutions, GRC allows you to manage the synchronization and alignment of these objects through special procedures that can be easily configured according to the characteristics of the information flow.
More specifically, “plug-ins” are used for the acquisition and reworking of flows acquired by third parties in order to make the contents adhere to GRC’s personal specifications.
Taxonomies, questionnaires, workflow
Most of the business objects managed on GRC within the various modules (Risk Shelter, NormageoS, Augeos IT Risk Management, Risk Executive Dashboard) are characterized by being based on complex registries, where it is essential to manage semantic attributes useful for reporting, classification, structured management within a workflow.
For these reasons GRC provides basic functionality for the creation and maintenance of:
- Tassonomie, ossia strutture classificatorie ad albero che permettono di definire su più livelli aggregazioni semantiche coerenti
- Questionari, ossia sequenze strutturate di domande-risposte che permettono di poter supportare gli utenti per gli scopi più disparati (ad esempio, la selezione di un oggetto di una tassonomia di cui al punto precedente)
- Workflow, ossia flussi di lavoro su un determinato oggetto di business strutturati sottoforma di sequenza di stati a ciascuno dei quali può essere assegnata una specifica terminologia, permessi ad hoc, mail escalation, etc…
Managment of roles and permissions
A uniform platform requires homogeneity also and above all in the management of roles and permissions to be assigned to users. GRC centralizes the maintenance of this information in a single console, thus making any changes within the entire operational perimeter of the individual configurations consistent.
To make it easier for the maintainer to manage this information, a syntax created specifically for GRC is used to be operated both at the graphical interface level and – possibly – in structured excel.
Scheduling of automatic procedures
GRC also provides the possibility to schedule automatic procedures (batch) in order to facilitate the completion of certain operational tasks (for example, triggering escalation processes when certain conditions are met).
Through a special web interface, it is possible to create and configure these processes with extreme ease, which even in case of rather long and cumbersome executions are not obstacles to the traditional operation of end users thanks to special technical measures.
GRC can be configured as a multi-company platform. In this case, the features described in the previous paragraphs are managed in such a way as to allow them to be shared across all the companies envisaged.
However, it remains possible to provide for a dedicated management for the individual company for certain configurations, so as to allow to manage the cases of heterogeneous groups that contain within them legal entities of a different nature (for example, Banks, Financial, Service Companies, etc…).