Connect with Us

Managed GRC

What exactly is GRC? Governance is the overall management approach to driving and controlling the whole organization, with appropriate information and control mechanisms; Risk management encompasses all risks that are relevant to the organization, and the response to each of those risks; and Compliance ensures the organization conforms to laws, standards, industry directives, contractual commitments, and internal policies.

Organizations cross-border and cross-industry are facing mounting challenges in keeping pace with the rapidly evolving compliance and IT risk management landscape. The ever-increasing proliferation of mobile, cloud, and software-as-a-service platforms pose challenges for multinational corporations and disparate teams to remain responsive and flexible in their governance, reporting, and compliance (GRC) approach while remaining compliant. Compounding this challenge is the growing number of compliance programs organizations must remain compliant with that contain duplicative control requirements across a broad spectrum of programs and standards and how to map those to the organization’s existing controls and control gaps.

The pressure on enterprises and organizations to improve their governance, risk, and compliance (GRC) posture continues to increase. Whether in finance, healthcare, telecoms, manufacturing or other industry sectors, businesses must increasingly demonstrate their ability to manage and conform to a variety of standards and regulations. However, this does not have to mean proportionally greater time, effort or expense for your enterprise. It is possible to achieve satisfactory or better than satisfactory performance in all three areas with a solution that correctly addresses the complex and changing requirements, yet without placing any undue burden on the organization. Brier & Thorn can provide such a solution, not only for larger corporate entities, but also for small and medium businesses (SMBs) that must now also meet GRC objectives.

By helping your enterprise to find these measurable, quick wins, as well as providing new GRC capabilities and functionality in the future, Brier & Thorn can contribute to your short-term and long-term GRC success.

Brier & Thorn provides managed GRC services which includes the GRC platform itself, which so many companies struggle with in implementation and continuous “care and feeding” in order to keep it functional. Brier & Thorn brings the technology, infrastructure, and resources needed through a full spectrum of delivery models from co-sourcing to operating as an extension of the our client’s IT risk management, internal audit, and compliance functions within their organization.

Brier & Thorn will partner with clients to ensure governance, risk and compliance processes in their enterprise balances both business and technical needs. While technology now allows the automation of a large part of GRC activity, proper management continues to be an essential component which Brier & Thorn provides as a managed service.

Drawing on our risk management experience across the US, Europe, and Asia in IT, connected and autonomous vehicles, and fixed and rotary wing aircraft, Brier & Thorn has been helping multinational corporations navigate the complexities of compliance regimes in the different countries they operate through a co-sourced compliance model since 2010.

Together, with its partnership with Metricstream as its GRC platform, Brier & Thorn provides:

  1. Sector-specific GRC hosting as a stand-alone solution, or as part of a broader support solution that includes maintaining your organization’s application security and GRC processes;
  2. Pre-packaged, sector-specific GRC solutions for rapid deployment or upgrading of existing solutions within the organization’s infrastructure or hosted in the cloud;
  3. Continuous monitoring and compliance management;
  4. Periodic system reviews and controls testing for effectiveness and compliance; and
  5. Application security and GRC technology maintenance co-sourcing.

Brier & Thorn’s GRC managed service provides a solution to these challenges by offering a fully functional GRC system using the Metricstream platform in a cloud environment including Access Control, Process Control and Risk Management. Organizations can choose which components they require and consume as a service thus avoiding capital expenditure whilst ensuring a finely tuned and fully functioning implementation.

This service is especially targeted towards organizations that don’t have the internal resources that an enterprise GRC platform necessitates to keep it fully functional so the company can make AD-HOC risk-based decisions ensuring that the organization’s strategic vision is executed through a continuously updated risk lens.

Our managed sustainable compliance services rapidly provide your organization with mature GRC capabilities that allow you to stay ahead of the growing sector-specific compliance requirements, optimize risk services and reduce costs.

Brier & Thorn’s IT Risk Management platform in the Metricstream GRC tool empowers organizations to adopt a focused and business-driven approach when managing and mitigating their IT risks. Using this platform, organizations can streamline IT risk identification, IT risk assessments, and risk treatment.

Metricstream also provides sophisticated analytics and reports that transform raw risk data into actionable IT risk intelligence, providing clear visibility into the top risks and improving decision-making. Furthermore, it allows organizations to implement standard risk assessment methodologies to create a sustainable and scalable risk management process.

MetricStream’s IT risk management app provides:

  1. Centralized asset, process, and risk repository: Define and maintain business entities such as IT risks, assets, processes, and controls. Establish relationships between these data entities along with associated details such as description, category, hierarchy, ownership, visibility, and validity.
  2. IT Risk assessment and analysis: Assess, quantify, monitor, and manage IT risks in an integrated manner using industry standard IT risk assessment frameworks. Perform multi-dimensional risk assessments with support for both top-down and bottom-up approaches to risk assessment. The process supports advanced assessment by providing risk scores and ranking them using a simple risk matrix based on configurable risk scoring methodologies. Use advanced risk scoring logic and solve variations in risk assessment methodology across business units and roll up to an assessed entity or organization. Define the logic for computing inherent and residual risk scores, and view and analyze these scores through flexible heat maps.
  3. Issue management and remediation: Identify and document issues from IT risk assessments through a closed-loop process of investigation, root cause analysis, and remediation. Prioritize and assign resources for investigation and remediation with an underlying workflow and collaboration engine. Define an action plan, and track the remediation process and issues to closure.
  4. IT Risk monitoring: Generate user-configurable risk reports, risk heat maps, and role-based executive dashboards, which aggregate IT risk data for complete visibility. Track risk profiles, control ownership, assessment plans, and remediation status through real-time graphical charts that can be accessed from anywhere in the organization. Gain a 360 degree view of the process through the app’s data browser and continuously monitor risk metrics and performance.

The benefits of the Metricstream platform include a one-point access to multiple risk frameworks and best practices, the ability to perform qualitative and quantitative risk assessments, assess risks by leveraging configurable risk scoring algorithms, monitor issues and recommendations to closure, gain enterprise-wide visibility into IT risk processes and data, and alignment of IT risks to business and enterprise risks.

Although there is often already justification in the fact that the enterprise will become more resilient, risk-managed, and compliant with mandatory requirements and regulations, Brier & Thorn knows the business side as well as the technology side of GRC implementation and can help organizations spot other more tangible benefits. These may be, for example:

  1. Reduction in time needed to turn your governance decisions into action, evaluate and react to risks, and demonstrate compliance;
  2. More effective management of your suppliers to simplify and reduce duplication across the enterprise, by evaluating risk and compliance;
  3. Reduction in risk, resulting in lower insurance premiums and more favorable bank loan interest rates; and
  4. A decrease in the occurrence of silos in your enterprise, increasing communication, efficiency, and overall enterprise performance.