• Home Page
• Corporate
  • BCRM Approach
  • BCRM FAQ
  • Case Studies
  • Certifications
  • Code Of Conduct
  • Company details
  • Customer satisfaction
  • Industry Endorsements
  • The Team
  • Why us?
• Policies
  • Business Continuity
  • Conflict of Interest
  • Corporate Social Responsibility
  • Data Protection
  • Disability Discrimination
  • Environment
  • Equal Opportunities
  • Health and Safety
  • Information Security
  • Personnel Screening
  • Quality
• Services
  • Health Checks
    • Business Continuity
    • Security Vetting
    • Data Protection Act
    • Software Asset Management
    • Service Management
    • Information Security
    • PCI DSS
    • Risk Management
  • Information Assurance
    • Disaster Recovery
    • Information Security
    • Physical Security
    • Employee Vetting
    • Software Asset Management
    • Risk Management
    • Identity Management;
    • Secure Disposal
  • Compliance
    • Governance Today;
    • GRC
    • FSA Compliance
    • Data Protection Act;
    • PCI DSS;
    • Sarbanes Oxley;
    • FSAP
    • Workflow and GRC;
    • Using XBRL for GRC;
    • Inspection of Records;
    • Litigation Support
    • Employment Law
    • FSA Support
    • Money Laundering
  • Management Systems Consultancy
    • ISO 9001
    • SO 14001;
    • ISO 17025
    • OHSAS 18001
    • ISO 20000
    • BS 25999;
    • ISO 27001;
    • Do you need us?
    • Auditing
    • Polices and Procedures
  • Continuous Improvement
    • ISO 9004;
    • Total Quality Management (TQM)
    • Six Sigma;
    • Capability Maturity Models;
    • ServQual / RATER;
    • EQF
    • Balanced Scorecards;
  • Certification Services
    • Standards Implemented
    • Management System Implementation Methodology
    • Consultancy to Support Certification
    • Certification Body Audit Markings
    • Certification Pre-Audit Services
    • Remediation
    • Certification FAQ
  • Digital Forensics
    • Forensic Evidence Recovery
    • Expert Witness Services
• Records Management
• Training
• Standards
  • Management Systems
    • BS 25999
    • ISO 14000
    • ISO 17025
    • ISO 20000
    • ISO 27000
    • ISO 9000
    • OHSAS 18000
    • PAS 99
  • Other Standards
    • BS 10008
    • BS 10012
    • ISO 25777
    • BS 7858
    • BS 8470
    • BS 7858
    • BS 8549;
    • ISO 15489
    • ISO 19770
    • ISO 24762
    • ISO 38500
• Legislation
  • Basel II
  • Data Protection Act
  • Financial Sector Assessment
  • Financial Services and Markets Act (UK);
  • Health Insurance Portability and Accountability Act US);
  • Markets in Financial Instruments Directive (EU);
  • Miscellaneous relevant EU Directives;
  • Payment Card Industry Data Security Standards (worldwide);
  • Sarbanes Oxley (US);
  • Single European Payments Area (EU);
• Legal
  • Copyright
  • Legal Disclaimer
  • Privacy
  • Security
  • Links to other sites
• Site Map
• Contact Us
•  

---

?

eXtensible Business Reporting Language (XBRL) for GRC

---

• overview;
• benefits
• next steps

Overview

The Governance, Risk and Compliance (GRC) landscape is diverse and a truly all encompassing GRC solution would comprise many modules and functionality including:

• risk modelling,
• risk management;
• policy development, implementation and management;
• helpline / whistleblower function;
• logical and physical access controls management;
• incident reporting and management;
• investigation management;
• control development, implementation, monitoring and management,;
• root cause analysis;
• audit management;
• continuous improvement;
• traceability;
• accountability;

Many GRC vendors claim to have a complete solution, the reality is that GRC is too big for any one vendor to meet every need.

No one vendor today actually has a complete solution, and depending on your definition of GRC, it is probably unlikely that any vendor ever will. To get a comprehensive solution, you need to use a variety of products, however there is little interoperability between most products from different vendors and customisation and integration projects are both expensive and do not always deliver expected results. One of the issues is report consolidation and the controls, collation and aggregation issues that surround those reports is a critical part of corporate governance.

In addition to building a corporate culture of accountability and accuracy, there is a very real need to be able to determine the manner in which information is produced, verified and disclosed and to be able to repeat the process and have true transparency and accountability.

Many vendors are now starting to incorporate XBRL into their offerings to provide a truly platform independent method of reporting. The Open Ethics and Compliance Group (OECG) has developed a new taxonomy specifically for GRC applications and use called GRC XBRL. The drawback at the moment is that there are no vendors that have adopted this open standard.

If they did, the benefits of all GRC vendors adopting GRC XBRL as a common language would be enormous as all vendors would have a ready made 'plug and play' solution for GRC. A GRC XBRL backbone solution can be installed and other components from various vendors 'plugged into' it as required. Not only will this allow a common interface for intra-organisational reporting but it will allow inter-organisational exchange of data, including automated reporting to Regulators.

Benefits

The benefits that BCRM sees in adopting the GRC-XML taxonomy are:

• standardization on a common language of risk and control;
• comparing the results of risk and control initiatives between companies;
• integrating information between various GRC systems;
• traceability of actions;
• transparency of process;
• ability to build GRC solutions to fit your needs from a variety of different vendors;

Whilst this appears the ideal solution, the market yet has to adopt XBRL. BCRM is currently evaluating market offerings and developing a GRC solution based on this approach.

Next Steps

• BCRM has a number of other service offering, these are listed here;
• BCRM is committed to providing a consistently high value service to our Clients;
• David Lilburn Watson, who remains personally 'hands-on' throughout the process, manages this process.
• to understand how the BCRM suite of offerings can be used to transform your business, please contact us
• we look forward to discussing your specific requirements, at your convenience;
• whatever other type of consultancy you require, we can possibly offer a free Health Check.