Governance, Risk & Compliance: GRC
Propelling Compliance Monitoring and Existing Platform Consolidation with SAI360
Case study at-a-glance
- Background: A not-for-profit international regulatory authority that benchmarks and maintains the dependability of the bulk power system (BPS) in North America.
- GRC Challenge: The organization was seeking the right commercial GRC solution to help them effectively monitor the compliance of the 1,500 registered entities within their jurisdiction. Additionally, it was looking to replace several existing platforms across eight regional entities with the ultimate goal of consolidation into one solution.
- Solution: The organization chose the flexibility of the SAI360 Internal Audit solution to support the compliance function. The organization was looking to achieve improvements in reliability risk analysis, compliance oversight plan development, compliance monitoring for multiple registered entities and multiple standards, improved audit planning and auditor productivity, and enforcement processing.
- Benefits: Choosing SAI360 provides the organization with one version of the truth through consolidation. In addition, the group is able to achieve GRC solution goals of reliability, assurance, learning, and taking a risk-based and flexible approach.
Developing a seamless and flexible compliance plan
This not-for-profit organization started its journey for a consolidated GRC solution over 3 years ago. During this time, the organization developed key enterprise and operational risk programs that impact more than 1,900 bulk power system owners and operators.
The program is based on four pillars of continued success to:
- Address events and identifiable risks, thereby improving the reliability of the bulk power system
- Provide assurance to the public, industry and government for the reliable performance of the bulk power system
- Promote learning and continuous improvement of operations and adapt to lessons learned for improved bulk power system reliability
- Focus attention, resources, and actions on issues most important to bulk power system reliability
Additionally, the group developed an organizational compliance monitoring and enforcement process (CMEP) that would be supported by SAI360 technology. This would be supported through standards, entity registration, technical feasibility exceptions, compliance oversight plan development, compliance monitoring and enforcement processing.
Support for the end-to-end compliance management process
With the SAI360 Internal Audit Solution, the organization is able to attain:
- Secure access to all audit information, anytime, anywhere; online and offline
- Protection of sensitive data against unauthorized access
- Streamlined alignment with internally and externally and the overall audit plan
- Transparency in budgeting and cost allocation
- Simplified time registration, skill alignment and reduced reporting efforts
- Ease of communication between auditors and auditees
- Strict audit trail of all relevant audit activities and evidencing of findings
- Reduced efforts in follow-up of findings, ease of use for auditees and transparency of detailed status for auditors
- Compatibility with configurations for highly specific access management needs to enable integrations
Strong customer references and customized solution configuration
Ultimately, the organization selected the SAI360 GRC platform for integrated risk management due to our deep understanding of their requirements to oversee 1,500 registered entities, our ability to effectively support complex and large-scale implementations, and a strong customer referral. Next to this, the group appreciated the dedicated responses to all questions across the years and the collaborative global approach.