Project Charter
The GRC – SIG will focus on Governance, Risk, and Compliance use cases on the blockchain. To shed some light on topics that will be focused on GRC SIG.
- Third-Party Risk Management
- Environmental Social Governance (ESG)
- Cyber Risk Management
- Compliance Management
- Internal and IT audit
- Regulatory Change Management
- Enterprise & Operational Risk Management
- Data Protection and Privacy
The areas of GRC on the blockchain are still on their nascent stage and waiting for the right time to explode as the internet did back then. To expand some of the use cases of GRC on the blockchain.
Audit Processes:
Audits can be categorized into various forms like security audits, financial auditor compliance, and regulatory audit. In the traditional audit processes, audits like account reconciliations, trial balances, supporting Evidence are provided to the auditor by the Business or Auditees in a variety of electronic and manual formats where it will require significant time to invest while planning for an audit. This Evidence provides an assurance that a long tedious audit process is being performed in accordance with the auditing standards. Instead, in the blockchain network, the auditors can have real-time access to the data by having read-only nodes on the blockchain network. A traditional monthly process can be reduced and simplified to a day’s process by implementing audit processes on the blockchain. This will also ensure that the Audit trail of Evidence is managed with the participants in a transparent manner.
Third-Party Risk Management:
When an organization onboarding the third party, the company needs to be extra cautious and be aware of the bad history if any. That will save the organization from reputational risk. A survey questionnaire can be floated to a third party and the responses can be recorded on the blockchain which cannot be tampered with by any other third party. That will give more visibility about the risk score of the third-party organization which can be evaluated by the organization and decide whether to onboard them or not.
Regulatory Change Management:
There’s an ever-changing regulatory environment that organizations have to comply with and adhere to. Regulatory changes are mandated by the regulatory authorities. A lot of times, the entire process of complying with regulatory standards becomes time-consuming while doing it in a traditional way. However, all the information about the processes that need to be compliant with can be deployed on the blockchain, so the audit process will be simple and easy. Regulatory standards can be deployed on the blockchain so that the data will always be accessible and untampered. Some of the regulatory standards are:
- For Healthcare and Insurance – HIPPA – Health Insurance Portability and Accountability Act of 1996
- For IT sector – ISO – International Organization for Standardization
- For IT sector and Cross-sector – NIST – National Institute of Standards and Technology
- For Privacy – GDPR – General Data Protection Regulation (EU based standards)
- For BFSI – AML – Anti-Money Laundering; KYC – Know Your Customer
- For BFSI and Cross-Sector – PCI-DSS – Payment Card Industry Data Security Standards
- For Enterprise Fraud Control – SOX – Sarbanes Oxley
Other Important Aspects:
Transparency in compliance can bring trust in the company and anyone associated with the company can ensure the company will do all the right things for the business.
Auditing of new technology adoption by enterprises has been a key challenge for Auditors, it is essential to know if the PoCs and standards are right to meet the organization's goals to get digitally transformed.
ESG ensures the whole supply chain right from financial funding to Carbon footprint to Social causes like philosophy and gender equality are governed in the right way so that Enterprise can be transparent about practices, showcase the right certificates, partner with 3rd parties that adhere to ESG norms to bring trust within and outside the organization
The GRC Special Interest Group will help to streamline the processes on how organizations operate in an efficient way and need not worry about complying with all the regulations and government entities. This SIG will help to curate and formulate the documents on how this can be taken further to make it into an industry standard. By creating a small community in this interest will create a value system for each individual who’s keen to make an impact on the GRC on the blockchain. We all will take a step towards achieving the above-mentioned lines, so please help to guide our passage and inform us of all your needs in the process which will bring the output of something you will want to use!