Build a GRC roadmap using six-step methodology
Build a GRC roadmap - how to execute on systems controls across the organisation.
About the session
This 45-minute session presented by Scott Elequin, former SmartDog President and SafePaaS CEO Adil Khan will guide you through a six-step methodology to build a GRC roadmap for your organisation in just six weeks.
Scott plays the role of IT Applications Director who is facing many GRC challenges in SafeEnterprise, the organisation he works for. Adil, being the expert, will advise Scott and guide him through the process of how he can address those challenges following six steps.
The six-step methodology to execute on controls
This session elaborates on the following steps in more detail to help you build a GRC roadmap for your organisation:
1. Define your requirements
- Gather information on your current controls.
- Make sure that you understand what these controls do, and how they operate.
- Identify any external controls that you are currently required to do that are not being managed in Oracle’s GRC Solution.
2. Define your Scope and Identify Constraints
- Document your application architecture.
- How does EBS integrate with applications eg. Workday for HR Hierarchies and payroll/expenses for cost center accounting.
- Identify any mandated system changes or requirements that may impact your solution, or your ability to deploy your solution.
3. Build a Catalog of Additional Improvement and Potential Controls
Additional external requirements that should be managed within your controls environment that are not necessarily SOX:
- GDPR
- HIIPA
- SOC 1&2
- External Reporting Requirements Mandated by Ownership
As you are defining the above, gather business requirements for future operational controls
- Financials
- Order-to- Cash
- Procure-to-pay
- People-to-paycheck
- External Controls
Build a prioritization scorecard of by impact/cost/complexity/business area
4. Build Out your Systems MVP Plan based on #1 and #2
- Long Term (3 to 5 years) Define Future solution based on #1, #2 and #3 above
- Short Term (1 year) Define execution plan based on #1 and #2 above
5. Publish Execution/Implementation Plan – Short Term
6. Publish long-term Build the Plan/Roadmap – Long-term business objectives and expectations
For a more detailed discussion around your individual requirements contact us here at SafePaaS.