The basic functional components of a GRC platform include:
- Data modeling – Data modeling supports the establishment of a consolidated GRC framework and entity hierarchy within which detailed business records are managed. This core component is used across all GRC platform. The flexibility of the data modeling architecture is essential in integrated GRC deployments.
- Content management – This component is basically applicable to individual business records. Content management supports authoring, rich-text editing, cross-referencing, tagging, workspace/file collaboration with control of version, change history or edit. This core component is featured in compliance with i.e policy management, contract management, and audit management solution areas.
- Project management – Project management capabilities are utilized to manage project schedules, activities and work papers related to multiple GRC efforts, most notably audit and case management. These capabilities are very important when it comes to IT project portfolio management and are becoming more useful for the management of regulatory projects.
- Workflow management – This is component is crucial because it automates responsibility and facilitates enterprise communication, collaboration, notification, accountability and assurance, and review. It is used across all GRC domains.
- Regulatory change management: This basically incorporates external regulatory feeds from multiple content providers in order to be updated with the latest change in the regulations that take place in this dynamic business world.
Some other components that important for supporting the core architecture are:
• Configuration – Configurability is essential to meeting unique customer requirements related to the data model, data input and visualization, and reporting.
• Data integration – GRC platforms mostly provide seamless integration across third-party systems via a web-based application program interface (API) as well as automated common-data-format (.xml, .csv) uploads.
• Data security – GRC platform vendors typically offer a role-based security architecture that supports enterprise, entity, record and field-level security.
• Contextualization – When there is integration in GRC implementation, the ability to provide different navigation and input screens becomes very important for organizations because they are likely to use a more intuitive platform.
• Performance – The organization must start evaluating architecture performance by establishing performance standards based on the composition of users. Many GRC platforms lack “snappiness” even when not under heavy load. Knowing the vendor’s largest implementation and comparing it with the size of yours will help ensure that the platform meets your load requirements.