GRC Governance, Risk and Compliance
Released on: March 10, 2011, 09:29 am
Author:
QueryCLick LTD
Industry: Internet & Online
GRC is a recent acronym that has quickly spread among the
senior management community around the world. Initially this was
sparked by the fallout from a number of major corporate governance
scandals, including those affecting Enron, Tyco and WorldCom; all of
which led to the enactment of the US Sarbanes-Oxley Act and the concept
of a more holistic view of Governance, Risk and Compliance. Interest
has also grown rapidly in the UK as legislation and compliance
requirements have increased.
Traditionally, most organisations ensure compliance with legislation, regulations
and standards by instructing each department to determine the requirements for
compliance and specify actions and controls to achieve this. Organisations will
therefore have a number of organisational departments for business continuity
(possibly aligning with BS25999), for IT security (in many cases aligning with
ISO27001), for quality management, etc.
They will certainly have risk management carried out by these various departments,
all identifying risks and controls and also individually reporting on these.
Managing all of this and pulling it all together into a coherent picture upon which
business decisions can be made and priorities can be based in an efficient and
effective way is a complex challenge.
commissum’s Principal Assurance Consultant André Coner noted that as the number of
legislation, regulatory and compliance requirements increases, the number of
departments involved also increases, each defining their own controls and measures.
This silo approach causes each department to “re-invent the Wheel”, wasting valuable
time and increasing costs while introducing duplication, redundancy and confusion.
commissum’s approach to Unified
Governance, Risk management and Compliance creates a common source of
information. It creates a common model of the organisation; a unified methodology
for managing risk, controlling deficiencies and measurement.
Commissum provides a truly unified approach
to this challenge. This approach, using our unique GRC tool suite is the foundation
for comprehensive Governance, Risk and Compliance Management in organizations of all
sizes in any industry. Our GRC tool suite centrally maps all relevant information
from supported GRC disciplines, consistently and without redundancies. The solution
is modular, providing different departments with targeted support in complying with
their individual GRC processes while still providing a unified GRC approach for the
business as a whole.
Our GRC tool suite currently includes the following modules:
Information Security Management
IT Service Management
Business Continuity Management
Risk Management
Quality Management
Compliance Management
With 20 years of experience, commissum is adept at offering practical advice and
recommending cost-effective solutions, to deliver a joined-up, coherent approach to
protecting an organisation's information assets through unified GRC.
About commissum
With 20 years of experience, commissum is adept at offering practical advice and
recommending cost-effective solutions, to deliver a joined-up, coherent approach to
protecting an organisation's information assets.
Contact Details: Commissum,
Quay House,
142 Commercial Street,
Leith,
Edinburgh,
EH6 6LB,
Scotland,
United Kingdom
Tel: 0845 644 3217
Fax: 0845 108 2062
http://www.commissum.com
Back to previous page
Home page
Submit your press release
2022
