Rule engine ..........................................................................................
A rule engineis a way of expressing rules that govern the behavior of the GRC
platform. Rules can be used to determine how to handle events, what to do if
a control is violated, how to distribute reports, and so on. Expressing auto-
mation as rules allows a large number of people to participate in determining
the behavior of the GRC platform. In CPM, rules are set for activities, such as
cost allocation per headcount for each facility that resides in the rules engine.
When the value for a rule is above the threshold, a case is created and
assigned to the relevant user. The user is then referred back to the documen-
tation or policy engine for information on how to fix the broken process.
Controls ...............................................................................................
A GRC platform provides an environment for expressing the design of a
system of controls and implementing and tracking the information gathered
from them. Preventative or detective controls can be implemented in the GRC
platform or at the direction of the GRC platform in enterprise applications,
the network, or through other means. Any portion of CPM, whether it’s bud-
geting, booking of actuals, the consolidation process, setting of the overall
strategy, or monitoring and measuring profitability can be tied to a control
within GRC. For example, if a product profit margin is below 10 percent, a
control can be put in place in GRC, allowing the user to be alerted if the profit
margin becomes too thin.
Reporting .............................................................................................
GRC platforms usually are able to produce reports as part of their basic func-
tionality as well as exporting data to data marts or data warehouses for more
advanced analysis. The marriage of CPM with GRC reporting enables the pro-
duction of optimal analytics for performance as well as the ability to measure
the effectiveness of governance and compliance in the organization.
Standardized interfaces to components .........................................
A GRC platform usually implements many of its components, such as data-
bases, data warehouses, and document repositories using standardized inter-
faces that allow the implementation to be provisioned by any product that
implements the standard. CPM also ties into these key interfaces and enables
companies to leverage their underlying systems to extract master data and
leverage it for these components.