ENSURING A FRAME OF REFERENCE
In order to support its clients in the implementation of a GRC program, ArtimIS generally uses a reference framework combining good risk management and internal control practices (AMF, COSO 2 & ISO 31000/2009 RM) with the specificities and the user experience of business solutions (ERP: SAP S4 HANA / Oracle or other specific applications).
Before launching into the definition and implementation of a GRC Program, it is important to define the governance, i.e. to define the organization, the sponsors, the key actors of the project, the contributors, but also to identify the processes to be covered in priority.
ArtimIS experts assist their clients in identifying the players needed for each line of defense:
First line of defense
Second line of defense
Third line of defense
Once the governance is defined (Organization, People, Processes, Applications, …) we need now to evaluate, define and implement the risk management and internal control system.
To do so, we can rely on the ISO 31000/2009 RM reference framework below: