Full risk governance requires great clarity of purpose, transversality of action, speed and precision of intervention.
In an increasingly “data driven” world, it is also essential to be able to support daily operations through tools characterized by ease of use, efficiency, pragmatism that find the right balance in modern ICT solutions.
Looking in this direction, Augeos proposes the platform GRC – Governance, Risk Management & Compliance (hereinafter: GRC). A modular and highly flexible technological solution, which can host – even simultaneously – different configurations:
- The operational risk management (Risk Shelter)
- Compliance risk management (NormageoS)
- IT Risk Management (Augeos IT Risk Management)
- Risk governance in a broad and generalizing sense (Risk Executive Dashboard)
Being a shared platform of several solutions allows GRC to manage in a completely homogeneous and centralized way all the functional aspects of transversal nature, necessary so that the different configurations in place can ensure information consistency and functional integrity.
More specifically, GRC offers transversal and homogeneous features regarding:
- Profiling (also through SSO procedures) and management of the organizational structure
- The ability to configure synchronization/alignment procedures from third-party sources
- The management of taxonomies, questionnaires and workflows
- La gestione di ruoli e permessi
- The management of roles and permissions
- Scheduling periodic automatic procedures (batch)
These features can also be managed in a multi-company configuration, allowing GRC to host different risk management solutions in multiple companies on the same installation.
Profiling and management of the organizational structure
GRC hosts registries that allow you to manage users.
To better adhere to the real organizational structure present in a company, it is also possible to proceed with the management of registries dedicated to business units.
With reference to each of them can be assigned a working group composed of users. Within a group it is possible to designate precise responsibilities, in order to facilitate the management of turn-over.
The organizational structure can also be managed according to a multi-level hierarchy that can be exploited by the system in the definition of responsibilities, escalation mechanisms, delegation functions.
The user, regardless of the structure of membership and the configuration in use, accesses GRC always and only from a single entry point by:
- Login through username and password
- Single Sing-On mechanism (e.g.: AD FS, SAML2, …)
Synchronization and alignment procedures
Since functional registries such as users and organizational structure are often operationally managed on third-party solutions, GRC allows you to manage the synchronization and alignment of these objects through special procedures that can be easily configured according to the characteristics of the information flow.
More specifically, “plug-ins” are used for the acquisition and reworking of flows acquired by third parties in order to make the contents adhere to GRC’s personal specifications.
Taxonomies, questionnaires, workflow
Most of the business objects managed on GRC within the various modules (Risk Shelter, NormageoS, Augeos IT Risk Management, Risk Executive Dashboard) are characterized by being based on complex registries, where it is essential to manage semantic attributes useful for reporting, classification, structured management within a workflow.
For these reasons GRC provides basic functionality for the creation and maintenance of:
- Taxonomies, i.e. tree classification structures that allow to define on several levels coherent semantic aggregations
- Questionnaires, i.e. structured sequences of question-answers that allow users to be supported for a variety of purposes (e.g., the selection of an object from a taxonomy mentioned in the previous point)
- Workflows, i.e. workflows on a given business object structured in the form of a sequence of states each of which can be assigned a specific terminology, ad hoc permissions, mail escalation, etc…
Managment of roles and permissions
A uniform platform requires homogeneity also and above all in the management of roles and permissions to be assigned to users. GRC centralizes the maintenance of this information in a single console, thus making any changes within the entire operational perimeter of the individual configurations consistent.
To make it easier for the maintainer to manage this information, a syntax created specifically for GRC is used to be operated both at the graphical interface level and – possibly – in structured excel.
Scheduling of automatic procedures
GRC also provides the possibility to schedule automatic procedures (batch) in order to facilitate the completion of certain operational tasks (for example, triggering escalation processes when certain conditions are met).
Through a special web interface, it is possible to create and configure these processes with extreme ease, which even in case of rather long and cumbersome executions are not obstacles to the traditional operation of end users thanks to special technical measures.
GRC can be configured as a multi-company platform. In this case, the features described in the previous paragraphs are managed in such a way as to allow them to be shared across all the companies envisaged.
However, it remains possible to provide for a dedicated management for the individual company for certain configurations, so as to allow to manage the cases of heterogeneous groups that contain within them legal entities of a different nature (for example, Banks, Financial, Service Companies, etc…).