DevonWay is often asked if we offer software for Governance, Risk, and Compliance (GRC). The answer is yes: DevonWay software addresses the full range of GRC functionality, all on a unified SaaS platform. In fact, DevonWay offers an ideal GRC solution that lets you implement one step at a time.
GRC crosses multiple departments and requires them to work together. According to non-profit OCEG, GRC is the “integrated collection of capabilities that enable an organization to reliably achieve objectives, address uncertainty, and act with integrity.” GRC includes a wide range of areas such as internal audit, compliance, risk, legal, finance, IT, and HR, plus lines of business, the executive management, and the board.
Governance determines and manages business processes, strategies, and the corporate mission. Risk management is concerned with identifying, characterizing, and managing risks that the company faces in pursuit of its goals, while compliance management is concerned with adherence to regulations, laws, and best practices, as well as a company’s own policies, procedures, and standards. GRC provides a framework for integrating these three components to achieve an organization’s goals.
There are, effectively, three lines of defense:
- Business and infrastructure – The first line, from the worker in the field to Management, is responsible for following regulations, standards, and corporate processes, including managing risks and implementing controls on a day-to-day basis.
- Control functions – The second line, which includes Risk, Compliance, and Legal teams, provides oversight on compliance with policies and procedures and monitors risk and adherence to control frameworks. These teams are responsible for identifying potential non-conformances or near misses and developing a mitigation plan to correct existing or prevent future occurrences, for example through process improvements, training, and incident reporting.
- Internal audits – The third line provides an independent review and assesses the effectiveness of the first- and second-line functions with regards to compliance.
Here’s a breakdown of the areas of Governance, Risk, and Compliance and the DevonWay products that address them:
Governance – Alignment with Business processes and strategies
Risk – Identification and Evaluation of Risk
Compliance – Ensuring adherence to regulations, standards, policies and procedures, contracts, controls, monitoring, training, and managing regulatory examinations and inquiries
All DevonWay products work together across departments, organizations, and traditional software boundaries — all on a single, secure platform — and they work well with your other systems too. You can start with any DevonWay products and add on as and when needed, making DevonWay software an ideal option for GRC.
About the author
Dianna Ferrand is Director of the Project Management Office at DevonWay. Prior to DevonWay, she was Executive Director in the Legal and Compliance Department at Morgan Stanley and Head of Annual Reports Strategy and Management and served in various positions at PwC in Banking and Capital Markets Strategy. She holds a BS in Geological and Environmental Science from Stanford and an MBA from Loyola Marymount University.