CURRENT CHALLENGES
• GRC
programs do not support or manage execution - they focus on defining management intent, monitoring and reporting
– Policies and objectives are defined
– No
guidance on how it should be done in practice
• Results are risk management gaps and operational inefficiencies
– Significant
and expensive expertise required to translate GRC objectives into operational
methods
– Pressure
on managers to adjust real-world status data to reporting formats, obscuring
risk exposures
Expertool GRC.exe fills the gap: