In true sense, regulatory compliance is challenging and taxing, therefore, reducing the effort of complying is essentially cost effective. The US Sarbanes-Oxley Act has transformed into a global necessity; simply a maze of new rules and regulations on accounting and disclosure, internal controls and risk management.
Whilst, boards and audit committees have to deal with new requirements in fulfilling their roles. These new legislation are designed to combat money-laundering and terrorist financing. The never ending staff turnovers creates gaps in knowledge to know the intricacies business processes; thereby, presents the possibility of governance and compliance failures.
It is imperative for organization to implement a unified solution regarding GRC. The term relates to a number of integrated business activities that are related, overlapping and integrated. Some of these include activities within an organization (e.g. internal audit, compliance programs, enterprise risk management (ERM), operational risk, incident management, business continuity, information assurance, legislation, regulation and best practice).GRC is made up of: (1) people; (2) processes; (3) corporate culture; (4) information processing systems; (5) the community in which they all exist.
Underpinning infrastructure of: (1) transparency: (2) organizational stakeholders all have access to corporate information that may affect their interests. There is no ‘hidden’ information of any sort and that reputational harm is not about to be made public.
SI-RM has developed an innovative approach to managing GRC that provides individual accountability and traceability of all actions, maintains a comprehensive document retention and production process and can optionally be optimized for any given organization by using advanced mathematical modelling. SI-RM uses a flexible compliance documentation management and workflow solution (Work Force Director (WFD)) which will help any regulated business to simplify and reduce the cost of maintaining the significant document sets required in large banks. This product has been used to excellent effect in five global banks including the largest of US banks. The SI-RM team consists of risk specialists, a number of whom have been regulators, so we know the rule, the process and how to address the issues. We can provide support, advice and assurance to help you manage your regulatory risks. We understand that to be effective, a compliance plan needs: to operate at a strategic level; maximizing your competitive advantages; minimizing costs; minimize disruptions to the business.
With IT Governance, we use (1) COSO, (2) ISO 27001, (3) ITIL and (4) CobIT. These are four compatible frameworks, operating at different levels of detail and scope, that provide a set of controls and governance for IT:
(1) COSO – Organization wide controls;
(2) CobIT – satisfies and extends COSO controls relating to IT;
(3) ITIL / ISO 20000 – can satisfy and extend CobIT controls relating to Service Management (Problem Management, Change Control, Release Control, etc.);
(4) ISO 27001 -IT Security Controls to meet and extend CobIT Security.