Latest SAS Enterprise Governance, Risk and Compliance (GRC) solution empowers compliance officers, auditors

Building company trust through collaboration cannot be sacrificed due to compliance and regulatory demands. With an integrated platform for comprehensive and continuous monitoring of risk and compliance exposures, the latest version of SAS Enterprise GRC helps busy compliance officers do more in less time while providing peace of mind to corporate executives and board members looking to avoid serious regulatory violations and enforcement actions.

Enhancements from the leader in business analytics software and services include a single corporate policy repository, a faster one-stop audit system and an updated comprehensive GRC program view.

Forrester predicts that in “the next 12 months ... business intelligence and data governance will factor more prominently in GRC decisions. As a framework for co-ordination and as a technology, the value of GRC comes from the ability to aggregate and analyse information from across an organisation.”

SAS software's highly flexible and integrated architecture, unparalleled in the GRC analytics market, continues to improve data management with the latest version. The revised policy management capability includes configurable workflow, helping users create and maintain a single corporate policy repository. Automatically updated on all changes to laws and regulations, the repository saves valuable staff time previously spent researching regulatory changes and their impact. Compliance officers can now devote time to advisory demands such as training and process improvement.

The single system for planning and reporting on audits greatly reduces time spent consolidating multiple files and sources. Comprehensive, continuous auditing capabilities empower efficient testing of all disparate data. Auditors can create projects together online to address issues and plans using streamlining capabilities such as automatic task notifications and real-time responses.

A single mouse click now provides a comprehensive 360-degree view of an organisation's GRC programme, including relationships among variables such as risk, business objectives, controls, issues, loss events, action plans, contracts, and policies. This visualisation saves time tracing and explaining key linkages that directly affect performance, risk exposures, and internal control effectiveness. The ability to inform executives and board members of current business status and easily show step by step how business is controlled supports efficient decision-making and proactive monitoring.

Leading organisations selecting SAS Enterprise GRC to holistically understand enterprise risks and opportunities include Vattenfall, Europe's fifth largest generator of electricity, and its largest generator of heat.

"It's not only about operational risks," said Dan Mansfeld, Risk Manager at Vattenfall. "When I say enterprise risk management, I mean the entire perspective. Besides operational risks, we include political risks, legal risks and market risks - we want to gather them all under one roof. We had several functions and areas within the corporation that would benefit from the solution, and we needed a platform that could scale to other areas of the company as well - for example, incident crisis management and environmental risks."

Vattenfall, which began its SAS implementation with financial risk and is expanding to other areas, manages about 1 000 risk measures in the system with around 200 users.

"We didn't have a system for passing on the tasks or assignments to the different roles or users in the system," said Mansfeld. "That is definitely a strength of the SAS solution. We have a better picture of the entire risk database all in one place. Also, SAS is very strong in reporting, and we saw a huge potential for providing management with reports that they can drill into to get more detailed information, at various levels, to understand how the company or their unit is doing."

SAS' commitment is demonstrated by increased participation in the Open Compliance and Ethics Group (OCEG), which plays a critical role in developing structure and best practices for diverse areas of GRC. Already on the OCEG Technology Council, SAS will now sit on the Leadership Council, which formulates positions on key issues, refines the core GRC Capability Model and steers the continuously evolving GRC discipline. SAS' collaboration with OCEG channels global customers' views into OCEG processes and contributes to expanding technology support for enhanced GRC best practices.

"We are very excited about SAS joining our Leadership Council," said Carole Switzer, OCEG President. "We look forward to a drawing on the expertise SAS brings to our work, especially as we seek to drive our members toward use of stronger analytics in the GRC space. The knowledge and solutions that SAS brings to the GRC community will support our overall mission of improving business process, and driving what we at OCEG call 'principled performance'."

"SAS has moved quickly to address core GRC market needs, delivering data-driven, risk-based auditing, coupled with continuous compliance and corporate performance monitoring through powerful business analytics and interactive reporting," said Clark Abrahams, SAS Product Marketing Manager for Enterprise GRC.

Today's announcement was made at SAS Global Forum, the world's largest gathering of SAS users, attended by more than 3 500 business and IT users of SAS software and solutions.