The solution has become a part of the problem

Bottom-line - Organizations keep asking themselves: What is my GRC ROI? 

 
Integrated GRC - Convergence between governance, risk and compliance

Adopting an integrated approach for managing their governance, risk and compliance activities has become a top priority for those organizations who have witnessed time and revenue leakage in pursuing independent GRC initiatives. However most of these same organizations end up interpreting Integrated GRC in a wrong way and thus they fail to achieve expected benefits out of it. Integrated governance, risk and compliance is not a single, monolithic GRC structure with a single, one-way bottom-up reporting line. Rather, it is a mutual, two-way approach towards eradicating duplicated effort, complexity and cost and about greater communication, collaboration, and cooperation.

An integrated GRC brings together the focus on complex and disparate risk and compliance activities and directs organizational efforts more efficiently, in alignment with organizational strategy and culture. Also a more comprehensive view of risk management and regulatory compliance simplifies business processes and systems and improves control over them.

Integrated GRC offers several benefits to the organizations pursuing them, most notable ones are:

 
•Identifying and managing risks more quickly
•Reduced costs through reduction in duplication and identification of synergies
•Greater collaboration among stakeholders both external and internal
•Greater focus on key business processes and activities
•Identifying and responding to opportunities/ threats more quickly
•Improved control and assurance environment
•Improved financial and non-financial reporting
•Supporting business units more effectively

More to be continued in our next blog... 

ERP or Enterprise Resource Planning refers to a software architecture which is used to manage internal and external resources by the integration of business management practices and modern technology. It attempts to integrate all the department and respective functions of a company into a single computer system that can serve all the different needs of the departments’. ERP is a combination of three important components- Business Management Practices, Information Technology and Specific Business Objectives.

The Ideal ERP System
An ERP system is ideally supposed to chain all the below organizational processes together with a central database repository and a fused computing platform-

1.Manufacturing
2.Financials
3.Human Resource
4.Supply Chain Management
5.Projects
6.Customer Relationship Management
7.Data Warehouse

ERP Security model: The ERP market has matured to a point where increased competition to the existing vendors and hence resulting in reduced sales for them. As a result, ERP vendors are forced to bundling new functionality, such as CRM and Web services-based architecture, to provide enhanced security features for their customers. Unfortunately, security remains an afterthought. The ERP security framework guides management in integrating information security into the ERP system. This security framework is both product and vendor independent. The ERP security framework ensures that information security forms an integral part of the design implementation and operation of an ERP system, so the information provided by the system is reliable.

The process used to provide a solution to the security problem is as follows:

1) A generic security framework is analyzed to determine the aspects that are applicable to ERP systems.
2) The shortcomings of this security framework are identified in the context of an ERP system.
3) An ERP security framework is developed that conforms to corporate and IT governance requirements.

Managing the security of ERP information into and out of any organization has never been more critical – or more challenging. As businesses grow, their information systems support whole communities of users: customers, suppliers, partners and employees, who all count on the secure exchange of a wide variety of information to place orders, pay bills and keep records up to date. On the whole, such an ERP system should be installed by organizations that can meet future needs and security should be one of the prime focus areas for any organization that wants to have a good successful implementation.