I knew that if operational risks are not managed with appropriate controls and right level of monitoring they may lead to potential financial losses due to errors and frauds. This may also lead to compliance failures which in turn will result in penalties and reputational damage. I’ve firewalled the company against malicious external cyber-threats. Now, I want to make sure we are just as well protected against compliance breaches.
The fact is: Governance, risk and compliance must all work in harmony to really protect a business.
I spoke to Lena, our Chief Compliance Officer.
Capgemini had already been in touch with Lena to discuss her Governance, Risk and Compliance (GRC) requirements. Following a recommendation from the CIO, Lena subsequently engaged Capgemini to assess our business environment.
Although such an assessment involves numerous business streams, it only took them a few months. The assessment also required little upfront investment.
The results of the assessment fully vindicated my decision to ask for solutions addressing governance, risk and compliance management.
We’ve since used GRC services and capacities. The services are split into five streams: Concurrent audit services that include Continuous Transaction Monitoring (CTM), Continuous Control Monitoring (CCM), application access control and Segregation of duty analysis, regulatory compliance management and IT risk and compliance management. The services have proved incredibly useful in tracking risks in our business and monitoring the performance of the controls on a near real-time basis.