Steps towards greater
insight and control
Steps to an In-Control Statement
Soft controls are an essential part of control as 80% of risks arise from human error. This part of risk management is therefore about the risk awareness of organisations.
Soft controls are related to attitude and behaviour of employees within an organisation. The way of addressing, the alertness, and exemplary behaviour are important elements here. Focusing on soft controls stimulates the realisation and achievement of objectives. It also facilitates risk management, as soft controls provide valuable information that allows for faster proactive adjustments. Talking about risks is also an important control.
Three Lines Model
The Three Lines of Defense model from The Global Institute of Internal Auditors was updated in July 2020.
The functions are not only intended to protect the value of the organization, but also to increase it. As a result, we no longer talk about ‘lines of defense’ or ‘lines of defence’.
The goals of the organization are central to all functions. The functions are not silos, but coordinate and work together; each from his own role. The design of the model must be geared to the risks and specific situation of the organization.
The 3LM establishes a stronger link with the objectives of the organization.
Test NARIS GRC®
Try it yourself for 30 days free of charge, no strings attached
Combine Hard and Soft Controls
The control mix is built by combining hard and soft controls. With NARIS Next it is possible to combine these different sources of information and present them in one clear dashboard. Information retrieval is then done by setting up a CRSA, the incident app or the risk workshop.
Build or Import Control Frameworks
Save time on the set-up and design of your audit by using standard templates in NARIS Next based on standards (e.g. ISO31000, 27001/27002/90001, NEST), frameworks (NOREA) and laws and regulations (GDPR, BIO). With NARIS Next, you link up with what other organisations have already worked out and you can focus on making controls specific.
Increase Risk Awareness
In order to check whether the core processes within an organisation are in control and whether the measures (processes) have been designed effectively, it is important to collect evidence. This evidence is easily retrieved with NARIS Next, which periodically distributes questionnaires or checklists to your organisation. This leaves more time for data analysis and for organisational units that are less in control.
The Watermelon Model
Is your control environment only green on the outside?
Inspiration around control.
Today, NARIS GRC announces the launch of their fully updated – and expanded – Governance, Risk & Compliance (GRC) software.
Do you have questions about our solutions for your organization? Please feel free to contact us
Fill out the form or
Contact us without obligation
Would you like to know what we can do for your organization? Fill in the form below.