GRC Advisory Services

Neohapsis GRC Advisory Services were designed to help organizations understand the benefits of and prepare for a full governance, risk, and compliance (GRC) program. Each organization has unique GRC needs and while organizational change can be complex and difficult, it is extremely important in order to ensure effective and efficient operations.

We work closely with customers to ensure they are asking the right questions internally, aligning their organizations appropriately, and are aware of the most common pitfalls when implementing a comprehensive GRC program.

We offer three GRC-focused services that are designed to educate organizations, help organizations evaluate viable GRC program options, and prepare an organization to get the maximum value from a large-scale GRC initiative.

GRC Foundation Training
Prior to undertaking a full GRC program, it is important for key stakeholders to understand the principles of GRC, the common challenges, and the potential short- and long-term benefits. Neohapsis GRC Foundation Training covers the foundational concepts of GRC and our assertion that a GRC program must be built on a trusted infrastructure.

The GRC Foundation Training is done as a half-day or full-day session and includes:

  • GRC defined: do governance, risk, and compliance really go together?
  • Drivers for moving to a GRC program
  • The importance of a trusted infrastructure
  • The impact of organizational silos
  • Common approaches to risk management
  • The concept of “risk awareness”
  • Implementing a GRC program
  • Common challenges and how to overcome them
  • GRC Lifecycle Model and how to get started

GRC Planning Workshop
Given the complexity of most enterprise organizations and government agencies, realizing the benefits of a full GRC program takes time and careful planning. This is a facilitated workshop in which Neohapsis works with stakeholders of key initiatives to develop a plan to transition the organization, initiative by initiative. “Initiatives” can be any regulatory program (e.g. the SOX program within Internal Audit or Finance), standards program (e.g. ISO 27001 within IT), or a custom program (e.g. a custom corporate social responsibility or conflict of interest program). 

For organizations that are new to basic GRC concepts, taking the GRC Foundation Training prior to the Planning Workshop is recommended.

The GRC Planning Workshop includes:

  • Review of the current state: what initiative silos exist, how are they managed, what data is required internally or for compliance reporting, where are known inefficiencies
  • High-level assessment of the board, executive, and departmental data that drives business performance or efficacy
  • Review of current risk management activities and their efficacy
  • Assessment of potential initiatives that could be managed within a GRC framework
  • Evaluation of the potential benefits, challenges, timeframes; assessment of impacts to people, process, and technology

The outcome of the workshop is a high-level plan and roadmap, with agreed upon action items, to make GRC an organizational reality. 

GRC Readiness Assessment
For Neohapsis customers who are thinking about implementing an enterprise-wide GRC program, the GRC Readiness Assessment is a quick way to understand whether you have a solid foundation in place. In this high-level assessment, we evaluate organizational readiness, risk management maturity, knowledge of GRC principles, management of the extended enterprise, technology use and management, and maturity of the security infrastructure. 

The assessment results in a report of findings and recommendations to address the most common GRC program implementation challenges.

© 2010 Neohapsis. All rights reserved.