What is GRC?

As explained by the Managing Partner, founder and CEO Robin Basham, GRC “is the enterprise program and supporting platforms that collectively enforce governance, risk management and compliance with legal, operational, financial, and information requirements, as determined necessary by the entity's industry, board, consumer and investor communities."

EnterpriseGRC Solutions® Professional's real world experience, thought leadership, methods, and tools add to your absolute solution for a mature and ongoing program of GRC. EnterpriseGRC Solutions® practice is involved with SIM®, ISACA®, ITSMF®, and various organizations focused on audit automation. One way that EnterpriseGRC Solutions® differentiates our market services in controls assessment, is delivering free tools for IT Regulatory (SOX) reporting that allow reduced dependency on external consulting, retains proprietary knowledge and lowers volume and time on testing.

Four point GRC Approach

Facilitated Compliance Management™ provides a Common Methodology in Delivering A Successful GRC.

A clear win for any IT Service organization can be found in providing mapped CobiT and ISO/IEC 17799:2005 programs.Aligning service delivery to regulatory driven compliance models enables sustained client value. The simplest possible view of controls mapping might include:

  • Business Process - Service
  • Business Control Requirement - Regulation
  • Control Process – Control Framework Identifier
  • System Enablers – Technology policy
  • People Enablers – Business Policy
  • Standard and Frequency of Measure – Compliance Metrics
  • Compliance Reporting – Representation of Compliance

Facilitated Compliance Management™

Every client has unique goals and capabilities. Typical engagements include Policy Baseline, Configuration Management, Control Assessment, Enterprise Risk Management

  • Policy Mapping is the Foundation of Actionable, Auditable Control
  • RunBooks Identify Expected and KEY Services and Systems, resulting in Establishing a Technology Baseline Supporting Critical Automated Business Controls
  • RiskWatch iterates the gap between Policy, Standards and Business Realities
  • Assessment Reviews, CMDB – Configuration Management Alignment To Security Policy and Service Standards (such as the selected control frameworks)

Doing Right Things Right

Organizations face challenges that drive the need for IT governance:

  • Keeping IT running
  • Delivering value to customers
  • Managing IT costs
  • Master complexity
  • Align IT with business
  • Ensure regulatory compliance
  • Manage security

EnterpriseGRC Solutions® has custom tools that facilitate mapping client policy to ISO 27002:2013, NIST 800-53r4, CIS CSC 6.1, ISO 9001, CobiT 5, COSO, PCI DSS 3.2, HIPAA (HITRUST), and FedRamp.

EnterpriseGRC Solutions® is proud to offer accredited courses toward ISACA® Certification in CobiT and Intermediate to Advanced Governance Topics. For more information, please use our Contact form.

For a more technical look at Facilitated Compliance Management™, GRC, MDA (Model Driven Architecture, UCF (Unified Compliance Framework), and SOA (Service Oriented Architecture), there is training area showing the UML behind our methodology.

Note that as of October 17th, 2011, products created by Phoenix Business and Systems Process, Inc., to include Facilitated Compliance Management TM, are now owned and distributed exclusively through EnterpriseGRC Solutions Inc. ®

Audit systems once, use results across all business requirements