Our Vision of Control
Working on the Balance Between Hard and Soft Controls
Business control can be expected to do everything to get or keep the organisation in control. Fortunately, with data analyses, hard controls are increasingly measurable for organisations. But if you really want to be able to act proactively, the soft controls also need to be better understood.
Full Trial
Only 30 minutes
Without obligation
Steps towards greater
insight and control
Step 1
Analyse the main risks that jeopardise the organisation's strategy or licence to operate.
Step 2
Analyse the causes of these key risks on the basis of historical data, errors and analyses.
Step 3
Prioritise the most important causes and appoint controls and warning signals (key risk indicators).
Steps to an In-Control Statement
Soft controls are an essential part of control as 80% of risks arise from human error. This part of risk management is therefore about the risk awareness of organisations.
Soft controls are related to attitude and behaviour of employees within an organisation. The way of addressing, the alertness, and exemplary behaviour are important elements here. Focusing on soft controls stimulates the realisation and achievement of objectives. It also facilitates risk management, as soft controls provide valuable information that allows for faster proactive adjustments. Talking about risks is also an important control.
Three Lines Model
1st line
2nd line
3rd line
The Three Lines of Defense model from The Global Institute of Internal Auditors was updated in July 2020.
The functions are not only intended to protect the value of the organization, but also to increase it. As a result, we no longer talk about ‘lines of defense’ or ‘lines of defence’.
The goals of the organization are central to all functions. The functions are not silos, but coordinate and work together; each from his own role. The design of the model must be geared to the risks and specific situation of the organization.
The 3LM establishes a stronger link with the objectives of the organization.
1st line
This group is ultimately responsible for the choices made and the risks taken in daily practice .
You want to optimally support the people who are responsible for the most important activities and processes in an organization. GRC information is relevant, but often only if you have to. How do you make it easier for them? How is risk management going to live for them? Do they know within which frameworks they have to operate? And how do you effectively conduct a Privacy Impact Assessment without immediately bombarding all teams with a questionnaire of more than 100 questions?
Key words are: Accountability and reporting.
< p>
2nd line
This group develops the systems for a good process of risk management and control , always supporting the ‘business’.
The risk manager, controller, auditor, compliance or security officer (CISO) wants a clear register of risks, controls, compliance sets and, for example, related incidents. NARIS GRC helps the GRC Professional with insight, completeness. Whether you work on the basis of a Risk Control Framework or only do control testing, want to do internal and external audits, or want to comply with a standard. With our knowledge and the flexibility of NARIS GRC you can steer with guts.
Keywords are: Delegation, direction, resources, supervision
3rd line
This group provides assurance to top leadership (assurance) on the quality of direction and control in certain areas within the organization.
Supervisors, Boards of Directors/Supervision/Commissioners, external auditors or accountants, as an internal auditor you want to report in an effective and relevant way. NARIS GRC can help you with those reports; whether it concerns assurance of audits or controls, risks at chain partners or objectives of the organization itself. From detail to dashboard, internally or externally; look back to steer forward. Fueled by useful GRC information so that the right assurance can be given.
Keywords are: Alignment, communication, coordination, cooperation
Combine Hard and Soft Controls
The control mix is built by combining hard and soft controls. With NARIS Next it is possible to combine these different sources of information and present them in one clear dashboard. Information retrieval is then done by setting up a CRSA, the incident app or the risk workshop.
Build or Import Control Frameworks
Save time on the set-up and design of your audit by using standard templates in NARIS Next based on standards (e.g. ISO31000, 27001/27002/90001, NEST), frameworks (NOREA) and laws and regulations (GDPR, BIO). With NARIS Next, you link up with what other organisations have already worked out and you can focus on making controls specific.
Increase Risk Awareness
In order to check whether the core processes within an organisation are in control and whether the measures (processes) have been designed effectively, it is important to collect evidence. This evidence is easily retrieved with NARIS Next, which periodically distributes questionnaires or checklists to your organisation. This leaves more time for data analysis and for organisational units that are less in control.
The Watermelon Model
Is your control environment only green on the outside?
Inspiration around control.
GRC – Is it a Necessity?
Topics for Discussion As a Governance, Risk and Compliance (GRC) expert, there are a number of discussion topics that are
Don’t Become a Lone Wolf!
One of the most interesting statements I recently heard from the CEO of a large company was about the usefulness
NARIS launches groundbreaking integral GRC software
Today, NARIS GRC announces the launch of their fully updated – and expanded – Governance, Risk & Compliance (GRC) software.
Let's talk
Do you have questions about our solutions for your organization? Please feel free to contact us
Fill out the form or
call Kim:
Contact us without obligation
Would you like to know what we can do for your organization? Fill in the form below.
The Netherlands
Plantageweg 1C
3833 AZ Leusden
Auke Vleerstraat 8
7521 PG Enschede
Germany
Hohenzollernring 57
50672 Köln
About NARIS
Partners
GRC tooling
Support
