Новая публикация
The Magic Quadrant for Enterprise Governance, Risk and Compliance Platforms
http://info.metricstream.com/gartner_magic...sm_linkedin_ann http://www.gartner.com/technology/reprints...ct=121005&st=sb "...
The primary purpose of the EGRC platform is to automate much of the work associated with the documentation and reporting of the risk management and compliance activities that are most closely associated with corporate governance and strategic business objectives. The primary end users include internal auditors and the audit committee, risk and compliance managers, legal professionals, and accountable executives. The key functions of importance to these groups are:
Risk management: Supports risk management professionals with the documentation, workflow, assessment and analysis, reporting, visualization and remediation of risks. This component focuses on general ORM; however, it may collect data from specialized risk analytics tools to provide a consolidated view of ERM. Many industry-specific risk management requirements may not be supported. For example, many banks require highly specialized capabilities for Basel II compliance. Only a few EGRC platform vendors support the ORM needs of banking, and most vendors prefer to integrate the platform with specialized solutions from other vendors.
Audit management: Supports internal auditors in managing work papers, and scheduling audit-related tasks, time management and reporting.
Compliance and policy management: Supports compliance professionals with the documentation, workflow, reporting and visualization of controls objectives, controls and associated risks, surveys and self-assessments, attestation, testing, and remediation. At a minimum, compliance management will include financial reporting compliance (Sarbanes-Oxley [SOX] compliance), and also support other types of compliance, such as ISO 9000, Payment Card Industry, industry-specific regulations, SLAs, trading partner requirements and compliance with internal policies. This function includes a specialized form of document management that enables the policy life cycle from creation to review, change and archiving of policies; the mapping of policies to mandates and business objectives in one direction, and risks and controls in another; and the distribution to and attestation by employees and business partners.
Regulatory change management: Supports the ability to respond to changes in regulations. When a rule is changed or a new one emerges, it enables a business impact analysis and supports the management of the change to related controls, risk assessments and policies.
..."
