Case management ..............................................................................
When a task or issue arises, people are assigned to address it. Case manage-
ment functionality in a GRC platform provides an environment for tracking
the work done on a case and supporting other forms of collaboration. A case
ties GRC and CPM together when, for example, someone in finance makes
several journal entry reversals that could impact the actuals for the quarter.
Such an occurrence would automatically send the CFO or VP of Finance a
case alerting them about the compliance risk and providing them with overall
reporting visibility.
Workflow..............................................................................................
GRC platforms frequently support defined workflows for approvals, case
management, and other tasks that require participate of many people in a
series of well-defined steps. With the addition of CPM in the process, the
workflow can also be tied to all the steps in the month-end closing process
along with any GRC-related substeps.
Process modeling ...............................................................................
GRC platforms frequently support forms of business modeling that can be
used to describe the processes in a company. These models are then used to
analyze the efficiency of processes and to determine where and how to imple-
ment controls. In CPM, the business templates can tie into GRC to expedite
key processes such as month-end close. In addition, CPM has a predictive
engine that shows the root cause and effect of issues that can also be tied
into GRC business modeling.
Policy engine .......................................................................................
A policy engineis part of a GRC platform that allows declarative expression
of policies that are implemented in the systems to enforce certain activities
using mechanisms of the GRC platform and of enterprise applications. CPM
also has processes and documentation, such as how to close the books at
year end that are tied to GRC policy engine.
292 Part IV: Managing the Flow of Information
