Integrated Risk Management for a leading group in certification, research and industrial consulting services
"We realized that it was difficult to implement an efficient integrated risk management system without the aid of a supporting IT platform. KRC® represented what we were looking for, a technologically sound solution capable of adapting flexibly to our models. "
To have a GRC (Governance Risk Compliance) system to support the risk management and internal control process of the Holding. The objective of Top Management and management is to overcome, through software, the typical inefficiencies of a vertical and unstructured management of compliance risk areas and beyond, benefiting from an integrated internal control and risk management system. with all the related and connected benefits.
The Customer, through the KRC® platform, in addition to managing each of the following thematic areas from a technical-regulatory point of view:
- KRC® standard GDPR module
- KRC® standard ERM module
- KRC® standard 231 module
- KRC® standard Internal Audit module
benefited from the functionalities of the KRC® standard IRM module, which is natively engineered to share contextual elements common to the entire organization (e.g. processes, roles, risk taxonomy, control database) and is equipped with cross-functional links between various modules that allow you to share information relating to risks, controls and action plans.
The solution was customized on the basis of the requirements provided by the Customer and involved a preliminary analysis aimed at bringing out, in particular, the elements characterizing the information flows between the different areas and the rules concerning the approval workflows for the construction and continuous updating of the supporting structures of integration (processes, organization chart, risk taxonomy, control database).
With the adoption of the IRM module, the Customer has an engineered solution, in line with the indications provided by the international reference standards (COSO FRAMEWORK and UNI ISO 31000), capable of:
- Provide Governance and Top Management, through immediate and effective reporting, with a single strategic overview of the connection between processes, risks and controls with evidence of the impacts on corporate objectives
- Strengthen the internal control and risk management system, establishing the functional and instrumental link, in compliance with the necessary independence of roles, between internal audit and risk management activities
- Overcoming the typical inefficiencies of unstructured management of compliance regulations and management systems, benefiting from the functions offered by the platform for sharing documents, assessments, decisions that can inevitably also affect other subjects
- Channel all activities relating to ongoing improvement plans into a single tool shared between the various company functions
- Support the activities of the Supervisory Body and of the other subjects appointed to play an active role in the internal control system (eg DPO, RSPP, Board of Statutory Auditors, etc.), allowing each of them to have access to the platform with visibility privileges appropriately calibrated according to the role played
- Optimize and reduce the cost of compliance thanks to the integration to and from the company internal control system