Protiviti's Enhanced GRC Solution Enables Sustainable Compliance Management

Wednesday, August 5, 2009 - 01:00

Protiviti Inc., a global business consulting and internal audit firm, announced the release of the Governance Portal version 3, a software solution to manage governance, risk and compliance (GRC). The Governance Portal integrates Protiviti's proprietary content and consulting expertise with commonly accepted governance frameworks to establish a comprehensive platform that gives organizations the visibility and insight they need to manage and mitigate critical risk and compliance issues.

The latest release of the Governance Portal enables all key elements of a GRC program, including the following:

• Management can define the appropriate policies and procedures and then map them across the enterprise to understand the impact of policy changes and to drive certification.

• Risk and control self-assessments support real-world scoring techniques that help organizations consider both quantitative and qualitative drivers of risk, including financial loss, business continuity, regulatory impact, reputational exposure and human resources.

• An integrated survey feature makes it easy to involve stakeholders - including employees and suppliers - in the assessment process while continuously updating underlying elements of the risk and control framework.

• An event and loss management capability facilitates the collection of actual, external and virtual loss data and supports integration with third-party source systems. Loss data can be recorded in local currency and converted to the base currency based on historical exchange rates.

• Key indicators enable organizations to measure both performance and risk, giving them more confidence to aggressively pursue their corporate objectives while still managing risk.

• The audit management capability includes enterprise risk assessment, scheduling and resource management, execution, reporting and monitoring/follow-up. Auditors are also able to complete fieldwork while disconnected from a server or the Internet. Audits are performed against the central risk and control register while allowing auditors to secure their detailed audit work. This interaction contributes to management's overall GRC perspective while maintaining independence of the audit.

• Issues and action plans are contributed to a central repository from all GRC communities within the organization, thus providing a single platform for managing all findings across the enterprise.

• A reporting engine provides management with an integrated outlook for decision making that balances performance with assessment of risks.

For more information visit