Corporate responsibility: Use GRC systems to keep plants and suppliers in check

Complying with governmental regulations normally involves lots of paperwork and plenty of manual workarounds. Still another layer of knowledge is necessary to ensure suppliers are in compliance with certain standards. Governance, Risk, and Compliance (GRC) systems address these compliance issues and a lot more.<br/>

03/17/2009



Complying with governmental regulations is a time-consuming task with lots of paperwork and plenty of manual workarounds. Still another layer of knowledge is necessary to ensure suppliers are in compliance with certain standards.

Governance, Risk, and Compliance (GRC) systems, which evolved out of the Sarbanes-Oxley Act of 2002, address these compliance issues—plus quality, policy, and procedure management. GRC solutions assist users with internal audits and self-assessment tools, and building risk profiles for suppliers.

“Companies use GRC systems to identify suppliers that are not following requirements,” says Philippe Tesler, a company VP for corporate responsibility solutions supplier Enablon . “The systems offer a complete view of supply chains. Performing audits on hundreds of suppliers would be extremely expensive. A GHC system can target which suppliers would be more likely to have compliance issues.”

Such issues range from international legal health and safety requirements and human rights regulations to local policies and general business ethics. “It’s important to be able to track code-of-conduct policies and high-level principals, ensuring that all processes are in line with a company’s business excellence framework,” explains Tesler.


Enablon’s IRIS methodology seeks to implement a reporting and management solution for nonfinancial performance. Four key stages enable fast and effective solutions implementation.



Enablon’s system allows users to incorporate metrics and set thresholds that send triggers to operators or managers to take corrective action. “A target may be to reduce carbon emissions by a certain percent, or the number of product defects,” says Tesler. “Or users can view benchmarks and best practices to compare themselves with other companies.”

STMicroelectronics , a Swiss semiconductor supplier, uses Enablon’s system for self-assessment as a part of its enterprisewide continuous-improvement program. The solution helps the company track, manage, and measure performance metrics throughout 120 of its facilities and departments. Scores are based on more than 300 indicators—e.g., communication, management commitment, policy and strategy, and leadership.

“We wanted to facilitate collecting and reporting our performance data,” says Veronique Livache, quality solutions director. “The Enablon system is Web-based and therefore accessed by everyone. The previous spreadsheet-based system was a nightmare since we had to merge the data from every site.”

Self-assessment simplicity
GRC systems allow users to consider both statistical and historical analysis when documenting potential risks.

“A car manufacturer with a product defect may have a litigation risk since the defect could affect profits,” says Chris McClean, an analyst with Cambridge, Mass.-based Forrester Research . “There also could be reputational risks if there are recurring quality issues, which could cause a string of repercussions.”

Typically, companies run a quality risk assessment using probability analysis and sophisticated mathematical models, says McClean. Users can look at historical documentation, view potential risks, and run detailed scenarios.

“Most mature systems compare statistical results to historical losses to determine expected losses and how to mitigate risks,” says McClean. “They might say,‘If we spend a certain amount, we can reduce our expected loss by this amount.’ ”

GRC evolved naturally from Sarbanes-Oxley as the need for greater capabilities grew for quality management, workflow, regulatory reporting, policy and procedure management, and risk self-assessment. According to McClean, companies want to be able to set policy and record deadlines as well as run compliance reports and track suppliers on quality and delivery times.

In certain vertical industries with strict governmental regulations—such as pharmaceuticals—GRC systems work together with OSHA and environmental health and safety regulations. Most manufacturers have a quality management system in place, however a good GRC system will enhance it and assist with regulatory compliance reporting, says McClean.









No comments
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by...
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
The Engineering Leaders Under 40 program identifies and gives recognition to young engineers who...
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
Sensor-to-cloud interoperability; PID and digital control efficiency; Alarm management system design; Automotive industry advances
Make Big Data and Industrial Internet of Things work for you, 2017 Engineers' Choice Finalists, Avoid control design pitfalls, Managing IIoT processes
Engineering Leaders Under 40; System integration improving packaging operation; Process sensing; PID velocity; Cybersecurity and functional safety
This article collection contains several articles on the Industrial Internet of Things (IIoT) and how it is transforming manufacturing.

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

SCADA at the junction, Managing risk through maintenance, Moving at the speed of data
Flexible offshore fire protection; Big Data's impact on operations; Bridging the skills gap; Identifying security risks
The digital oilfield: Utilizing Big Data can yield big savings; Virtualization a real solution; Tracking SIS performance
click me