CERRIX implementation goes further than just tool implementation
Implementing the CERRIX GRC & Audit tool is easy but a good implementation is not only implementing a GRC Platform, its evaluating your entire risk and compliance management system as a whole and involving audit during that process so that alignment is created.
The CERRIX GRC & Audit tool should support your risk, compliance & audit activities in such a way that it provides efficiencies in the day to day risk, compliance and audit tasks, but even more important, it should give you the correct information on which risk managers and board members can make sound decisions.
“Implementing the CERRIX GRC and Audit platform goes further than just a tool implementation.”
We at CERRIX believe that tool implementation is not about configuring a tool and filling it with data. Its about aligning and motivating all 3 lines to work together in a structured and consistent manner supported by the CERRIX platform to produce relevant risk, compliance and audit data on which management can make sound business decisions to continually improve their business.
– Maurits Toet (Manager Operations, CERRIX)
How does CERRIX implementation work
In order to achieve this we must first understand you as a client. We want to know your business objectives and your current maturity level in relation to risk management, compliance and audit. Also understanding the cultural aspects and challenges of your organization helps us get insight in your current situation.
Based on our preliminary findings we sit together with our clients to set a clear scope and define goals for implementation that are achievable within the set time-frame of the project. The organization of the project should always involve all stakeholders (so 1st, 2nd and/or 3rd line) in order to achieve alignment.
Based on these goals we create a realistic timeline for implementation. It’s important to realize that there are preconditional actions and implementation actions and they also should be prioritized in alignment with each other.
For example, it makes no sense to execute risk assessments as part of the project when there is no clear risk policy and risk assessment procedure or guideline available. This will only create inconsistent risk data that will lead to incorrect business decisions and the ultimate failure of the project.
There are a couple main things to consider in relation to preconditional actions:
- What cultural actions are required to reach the set goals (mainly mid/long term actions)?
- What policies, procedures & guidelines are required to reach the set goals?
- What governance actions are required to reach the set goals?
- What actions in terms of training and education are needed to reach the set goals?
There are also a couple of main things to consider in relation to implementation actions
- What are the reporting requirements of your organization? This is important because it will be a key-factor in the configuration of the CERRIX GRC and Audit platform.
- How can I structure my implementation in such a way that it consistently delivers output that I can simply import into the system.
- What quality control actions are required to reach the set goals?
Our work environment is focused on Agile and DevOps
Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.
You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.