Build a GRC roadmap using six-step methodology

Build GRC Roadmap

Build a GRC roadmap - how to execute on systems controls across the organisation.

Build a GRC roadmap


About the session

This 45-minute session presented by Scott Elequin, former SmartDog President and SafePaaS CEO Adil Khan will guide you through a six-step methodology to build a GRC roadmap for your organisation in just six weeks. 

Scott plays the role of IT Applications Director who is facing many GRC challenges in SafeEnterprise, the organisation he works for.  Adil, being the expert, will advise Scott and guide him through the process of how he can address those challenges following six steps.

The six-step methodology to execute on controls 

This session elaborates on the following steps in more detail to help you build a GRC roadmap for your organisation:

1. Define your requirements

  • Gather information on your current controls.
  • Make sure that you understand what these controls do, and how they operate.
  • Identify any external controls that you are currently required to do that are not being managed in Oracle’s GRC Solution.

Learn how to build a GRC Roadmap in six weeks.

2. Define your Scope and Identify Constraints

  • Document your application architecture.
  • How does EBS integrate with applications eg. Workday for HR Hierarchies and payroll/expenses for cost center accounting.
  • Identify any mandated system changes or requirements that may impact your solution, or your ability to deploy your solution.

3. Build a Catalog of Additional Improvement and Potential Controls

Additional external requirements that should be managed within your controls environment that are not necessarily SOX:

  • GDPR
  • SOC 1&2
  • External Reporting Requirements Mandated by Ownership

As you are defining the above, gather business requirements for future operational controls

  • Financials
  • Order-to- Cash
  • Procure-to-pay
  • People-to-paycheck
  • External Controls

Build a prioritization scorecard of by impact/cost/complexity/business area

4. Build Out your Systems MVP Plan based on #1 and #2

  • Long Term (3 to 5 years) Define Future solution based on #1, #2 and #3 above
  • Short Term (1 year) Define execution plan based on #1 and #2 above

5. Publish Execution/Implementation Plan – Short Term

6. Publish long-term Build the Plan/Roadmap – Long-term business objectives and expectations

For a more detailed discussion around your individual requirements contact us here at SafePaaS. 

You may be interested in our other GRC sessions

Keep GRC webinar

How to keep running Oracle GRC

RACI Matrix of responsibilities you need to support internally when development terminates product updates. 

The birth of Oracle GRC

The Evolution of GRC Software

The evolution of GRC. Why Advanced Controls are needed for ERP systems