GRC is a discipline that aims to synchronize information and activity across governance, risk management and compliance in order to create efficiency, enable more effective information sharing and reporting and avoid wasteful overlaps. However, there are two very common challenges that every organization faces when using the very technical GRC system. For one, GRC reports are typically difficult to customize and require additional resources to identify the right information and then get in into the right hands. Secondly, most organizations experience a disconnect between the business and technical aspects of the solution, meaning business teams and IT don’t communicate and collaborate as effectively as needed to connect the dots and optimize the solution’s powerful capabilities.
itelligence has developed the unique SAP GRC Technical Architecture below to help you visualize and better understand how the overall structure works together. You can see in this diagram (Picture 1) that the rules (representing everyday usage) are stored in the ruleset, and are generated by risk. The risk is comprised by functions, which is the entity that identifies what a risk is. This detailed yet simple architecture connects the dots between the business and technical aspect of GRC, which is hard to come by.
In Part II of the GRC Technical Architecture blog, we take a deeper look at the various components of risk: ruleset, function, business process, and owner.