Companies are burden with multiple compliance regimes. Different project teams dealing independent and not using an integrated approach, where the enterprise could benefit from reusing information and saving cost by having a central repository.

There are plenty of books helping you to understand GRC from different angels, here my recommendations:

This video explaining first tackles the continuous improvement based on the PDCA cycle from Deming, afterwards I explain the theoretical approach on how to implement an integrated compliance regime with the C3 approach (Construct, Compliance, Control).

Construct -- C3
As the centre of a compliance regime is the the process description the presentation and the practical exercise is focusing on process flow and their POLDAT objects (Process, Organisation Unit, Data, Application and Technology).

Compliance -- C3
This part of the presentation is dealing with harmonizing multiple compliance regimes, e.g. ISO 20000, SOX, MiFID, Basel II,..
This is not always an easy task as multiple stakeholders and project teams are involved, but the benefit of having a centralized repository is huge for the whole enterprise.

Control -- C3
T he control topic is dealing with assigning tasks, audit questions to people in order to ensure your compliance assessment will be performed. This is explained based on ISO/IEC 20000.

Hopefully you found my video informative and if you need the presentation material please Login or Register below.

Looking forward to your comments.