Integrated GRC processes refer to the merging of different tools or frameworks for governance, risk management, and compliance into one cohesive system. Risk management can be siloed in a couple of ways that integrated GRC processes aim to alleviate. For example, different types of risks (such as information security risks or project risks) are assessed using different frameworks, and the tools designed for those frameworks are naturally separated to serve each framework’s needs in the best possible way. On the other hand, even within the same tool or framework, risk management may be tightly compartmentalised within specific units that do not communicate with each other about their status, leaving only senior management with a complete picture of the organisation’s overall risk situation.
The primary goal of Granite’s platform upgrade is to enhance collaboration between different tools and offer new opportunities for more comprehensive management. One of the ways this is being implemented is through the latest update, known as relations.
From Reactive to Proactive
The proactivity of risk management often depends on the organisation’s maturity level. Many organisations engage in risk management and information security processes, but at lower maturity levels, responsibilities are assigned to a small group of people, and managing separate tools requires many manual and labour-intensive processes. Risks are identified only after they materialise, deviations are recorded without leveraging the knowledge of the entire organisation, and there’s room for improvement when it comes to planned processes.
Versatility has always been Granite’s strong suit. The system is flexible and adaptable to the individual needs of customers, which has been evident in the broad ability to customise various tools and even create new ones beyond our off-the-shelf solutions to meet the demands of different organisations or specialised industries. This adaptability was kept in mind when designing the platform upgrade as well.
As client needs have evolved, Granite has identified a need to provide a more comprehensive platform for all GRC tools and offer opportunities for developing risk management as the organisation’s maturity level grows. The integrated platform model enables transparency and real-time information across the entire organisation. For organisations at the beginning of their maturity journey or so-called one-person businesses, a more siloed approach can still be a functional model, so Granite’s tools can continue to be used as standalone units without relations between them.
Relations in Practice and Reporting Opportunities
When relations enable visibility across different tools in the system, it becomes possible to monitor the real-time status of risk management in relation to other GRC tools. For example, during the processing of a new information security deviation, it’s easy to check not only for other similar findings in the area of information security deviations but also for any related information security risk recorded on the subject. A recognised information security risk can be directly linked to the deviation form, allowing users to conveniently view reports and data from the related tool, as well as a comprehensive overview of the state of information security regarding deviations and risks. On the information security risk side, relations provide a cross-sectional view of which identified and recorded risks have materialised through the deviation reporting tool, allowing for better and more up-to-date risk assessment and probability evaluation.
Ease of use, adaptability, and the ability to develop processes as the maturity level and the organisation’s risk management competence grow make Granite a suitable GRC system for a wide range of needs. This is also the core of the new relation features – when the system serves the specific needs of the organisation as effectively as possible, without forcing the organisation to adapt to the constraints of the system, it leads to better results and maximises the benefits derived from the system.
Would you like to learn more about how relations could improve your organisation’s GRC processes? Book a timeslot for a meeting with our experts here!