Our Vision of Compliance
Rule based of risk based
In the wasp’s nest that is compliance, some rules are duplicated or even contradictory. With risk management and accurate administration, you have an overview and control over the risks within your organization that also focuses on compliance.
Full Trial
Only 30 minutes
Without obligation
Steps in Legal Risk Management
Step 1
Determine the legal scope: which legislation is relevant, which are coming up, what type of controls.
Step 2
Risk analysis: identify the most important legal risks and estimate the probability and impact.
Step 3
Determine risk appetite to determine which risks are acceptable and which are not.
Step 54
Control: take additional control measures where necessary.
Step 5
Monitor existing and new control measures.
A new Culture Around Risk & Compliance
Corporate lawyers are increasingly important in guarding the organization’s license to operate. The problem here is that more and more regulators want to see evidence that regulations are being complied with. Managing all this compliance takes a lot of time, so that soon there is not enough capacity available to be 100% compliant. A risk-driven approach (as described in ISO 19600) keeps things manageable by focusing on the key risks and controls. This is the basis for awareness and a new culture around risk & compliance.
Three Lines Model
1st line
2nd line
3rd line
The Three Lines of Defense model from The Global Institute of Internal Auditors was updated in July 2020.
The functions are not only intended to protect the value of the organization, but also to increase it. As a result, we no longer talk about ‘lines of defense’ or ‘lines of defence’.
The goals of the organization are central to all functions. The functions are not silos, but coordinate and work together; each from his own role. The design of the model must be geared to the risks and specific situation of the organization.
The 3LM establishes a stronger link with the objectives of the organization.
1st line
This group is ultimately responsible for the choices made and the risks taken in daily practice .
You want to optimally support the people who are responsible for the most important activities and processes in an organization. GRC information is relevant, but often only if you have to. How do you make it easier for them? How is risk management going to live for them? Do they know within which frameworks they have to operate? And how do you effectively conduct a Privacy Impact Assessment without immediately bombarding all teams with a questionnaire of more than 100 questions?
Key words are: Accountability and reporting.
< p>
2nd line
This group develops the systems for a good process of risk management and control , always supporting the ‘business’.
The risk manager, controller, auditor, compliance or security officer (CISO) wants a clear register of risks, controls, compliance sets and, for example, related incidents. NARIS GRC helps the GRC Professional with insight, completeness. Whether you work on the basis of a Risk Control Framework or only do control testing, want to do internal and external audits, or want to comply with a standard. With our knowledge and the flexibility of NARIS GRC you can steer with guts.
Keywords are: Delegation, direction, resources, supervision
3rd line
This group provides assurance to top leadership (assurance) on the quality of direction and control in certain areas within the organization.
Supervisors, Boards of Directors/Supervision/Commissioners, external auditors or accountants, as an internal auditor you want to report in an effective and relevant way. NARIS GRC can help you with those reports; whether it concerns assurance of audits or controls, risks at chain partners or objectives of the organization itself. From detail to dashboard, internally or externally; look back to steer forward. Fueled by useful GRC information so that the right assurance can be given.
Keywords are: Alignment, communication, coordination, cooperation
Create or Import a Compliance Framework
Comply or explain. This means, you must be able to demonstrate compliance with legislation such as the AVG, Wwft, ISO-27001, ISO27002, BIO, Norea, ISMS, ISAE 3402, SIRA. A lot of legislation can be translated into processes, risks and related controls. With NARIS Next, you can build or import risk & control frameworks that are easily available for various organizational units.
Build a Legal Risk Inventory
A claim, a fine, an error in a contract. These are all risks which ultimately have legal consequences. With NARIS Next, you can build a legal risk inventory in which you create a file per risk, that enables you to easily find everything. From the inventory you can, for example, load all risks from the AVG into your organization.
Start with a Legal Workflow
Legislation must be implemented within the organization. This applies to research, the design of a risk & compliance framework, but also to the implementation of training and the follow-up of recommendations. NARIS Next helps organizations by collecting business information with which risk analyses and audits can be carried out. This makes monitoring the follow-up easy.
Inspiration around compliance.
GRC – Is it a Necessity?
Topics for Discussion As a Governance, Risk and Compliance (GRC) expert, there are a number of discussion topics that are
Don’t Become a Lone Wolf!
One of the most interesting statements I recently heard from the CEO of a large company was about the usefulness
NARIS launches groundbreaking integral GRC software
Today, NARIS GRC announces the launch of their fully updated – and expanded – Governance, Risk & Compliance (GRC) software.
Let's talk
Do you have questions about our solutions for your organization? Please feel free to contact us
Fill out the form or
call Kim:
Contact us without obligation
Would you like to know what we can do for your housing association? Fill in the form below.
The Netherlands
Plantageweg 1C
3833 AZ Leusden
Auke Vleerstraat 8
7521 PG Enschede
Germany
Hohenzollernring 57
50672 Köln
About NARIS
Partners
GRC tooling
Support
