GRC will quickly progress into integrated internal control systems
These integrated internal control systems span several domains, fully connected to practically all workers, outside partners, and core applications.
It is obvious that the need for GRC tooling has increased over the last years. Companies are confronted with new threats like climate change, cyber-attacks with potential digital thefts, virus pandemics and quick shifts in business models. Logically, this also worries supervisors in highly regulated industries, who will continuously introduce new regulations and intensify their supervisory audits in their attempt to prevent a similar crisis will return.
Though these forces are often a drive to implement new GRC systems, we also note the awareness among boards and managers that risk management has become an essential element of general management.
“Technology is the only way forward to obtain efficiencies and powerful support”
We pledge to consistently provide our customers innovations. Recent advancements like AI and ML will ultimately also strengthen CERRIX and increase its capacity for automation and prediction.
– Paul Bruggeman (Managing Director, CERRIX)
We are convinced that successful GRC should be implemented upon these starting points
A GRC system is generally used by potentially all employees;
The 4-defense lines can benefit if they all use a single GRC tool;
Clear governance and alignment with business objectives is key;
Let the risk management policy propel the choices for GRC implementation;
Risk & Control taxonomies are important for granularity and risk aggregations;
Integrate with existing core systems and MS Office;
Accelerate the risk & controls management processes, actions should be taken whenever deviations are identified;
Utilize as much Human Intelligence, maybe supported with a bit of predictive risk intelligence;
A well thought configuration of CERRIX enables future expansions with regulations such as ESG, DORA etc.;
Replace manual processes as much as possible with automated streams;
We bring Risk Management into the nerves of your company
It is our duty to facilitate companies and institutions with a highly automated process enabling them to bring risk management into the nerves of the company. In our successful implementations, all employees of the company will be granted access to CERRIX. Clearly, not all of them will have access to full functionalities, but may be limited to report incidents, attend an risk awareness training, participate in a project risk assessment, must elaborate on a root-cause analysis or is responsible for follow-up reporting on identified issues.
Stakeholders like Compliance Officers, Chief Audit Executives, Quality Managers, Risk Managers but also Operational managers must co-operate and use the single GRC platform to ensure alignment in (derived) objectives, governance, way of working and reporting. This has always been our starting point in our journey for product development philosophy.