Implementing GRC Lines of Defense to Improve Your Business Processes DEVELOPED BY WITH CONTRIBUTIONS FROM

When business operators use repeatable processes and unified software to manage risk and compliance, the benefits are huge. Every part of the business becomes more
agile, resilient, risk intelligent and confident. This illustration shows how to improve business processes, gain risk intelligence, and contribute to planning for performance.

Start Planning Improve Business

for Performance s
Operations
sk ce Monitoring
Ri eran
l
To
ies Risk Assessment Identify changes in regulations, external risk drivers, vendor relationships, products and processes
teg
ra W Evaluate any impacts to objectives, strategies, processes, products, services and controls
St
Identify risks
IE g c ts
Assess risk consistently across the organization
REV
ac
turin
Communicate changes to stakeholders to make informed decisions about risk ING Produ
nd As the first line of defense, Operational
S uf R
esa Managers need to know that they can Capture management’s assertions and the testing of internal controls
OP an
taking and necessary risk treatment
ITO Ne
w
tiv S
M N s
jec improve their of performance. Monitor and proactively manage the impact of regulatory changes O n
ES inesscy
Provide an actionable risk profile to management and the board
b M io
O als N lat
Go SI s
Bu ilien
Identify Key Risk Indicators (KRIs) SK gu
BU es RI s
Re en
tal
es R m
on
CEO rti lan vir
Pa ssP En cy
a
(Chief Exec. Officer) ird sin
e v
Pri r
Fragmented, manual risk assessments are Th Bu a bo one
y
Changes in third party suppliers, products, L g
inefficient, and result in inconsistent and ti-Merin s
incomplete results. The right technology processes, technologies, and regulations are Anund artie
some of the many things to monitor and La ed P
enables timely and risk intelligent decision ni
evaluate their risk De
making that keeps performance on track.
CAE What impact will this new
(Chief Audit Executive) CRO product line have to
(Chief Risk Officer) manufacturing? Will it slow
down sales? Let’s also pull a report on
We are looking at going into a pending proposals for changes
new geographic market so we in environmental and
Are our third parties using third What are our recovery time need to keep an eye on relevant health/safety requirements in
parties? objectives? Will they meet our risk and regulatory changes there. all regions where we operate.
customer’s expectations?

Gain Risk
Intelligence
T Audit Readiness
U DI
AM LA
Demonstrate the strength of your risk and compliance governance
TE
We can see the root-cause analyses on the
N A
E largest, most frequent losses. t
di s
Respond to audit and regulatory findings faster with stronger oversight
TIV TER Au ding

EC
U
EAM IN te
d
e
Fin Produce information to easily address auditor queries

EX T pl
SK om s
C dit
(Business Unit RI Au t De
c
v
n We were so organized and
Managers) du hai Without a clear and repeatable approach to
Pro ly C uity prepared for this audit. It didn’t
pp tin risk management, and systems that don't take much time and there aren’t
Su Con livery
s. e allow you to respond quickly with meaningful any audit findings!
Bu uct D
o d reporting, audits can eat up business unit
Pr We are expanding into a new time and resources.
market and need to keep an eye
on relevant risk and regulatory
Managers should be prompted to take changes.
action on any outstanding issues. Our business managers have responded
adequately to losses to prevent them from
With business operations data in one
reoccurring in the future.
system, we're able to get actionable
information and a view of what needs to
be addressed across the business.
All of the reports that you
requested are ready for your
review. Do you need additional
details? Just click on the graph to
drill down into the detailed data.

Contact info@oceg.org for comments, reprints or licensing requests ©2015 OCEG visit www.oceg.org for other installments in the GRC Illustrated Series