Phase 1: Analyse
- Identify the project leader and the team members for your internal GRCEssentials project.
- Announce that you want to introduce the GRCEssentials One model in your company or organisation.
- Inform why the GRCEssentials-approach will be particularly important in your organisation or business in the future.
- Determine how the project progress in introducing GRCEssentials in your company or organisation will be reported.
- Get started! The GRCEssentials project team familiarises itself with the contents of phase 1 – Analyse and works on the individual work steps of this phase.
10-15 days
The times given for this phase may vary depending on the complexity, size of the company or organisation and the resources available. It is possible to complete this phase faster than indicated, e.g. if the maturity level of the organisation is advanced because individual employees have already successfully completed the GRCEssentials online Course. A next work step can also begin if a current work step in this phase has not yet been fully completed.
You will find all the necessary information to start your GRCEssentials project in the learning module on phase 1 – Analyse.
In the first GRCEssentials phase, you establish a mission and vision for your company or organisation by examining your business and competitive environment, defining strategic goals and developing a strategy for achieving them.
- Define your mission and vision so that you know where you want your organisation to go.
- Define the business strategy so that you have a strategic roadmap to achieve your long-term and your short-term goals.
- Analyse the business and competitive environment so you can make the right strategic decisions and capitalise on opportunities.
- Analyse your business opportunities to develop the best products or services for your target groups.
- Define your strategic goals so that you can set the right priorities and define quantitative and qualitative targets.
- Analyse the regulatory and legal framework to avoid taking unnecessary risks.
- Analyse your risks to be prepared for potentially harmful events as far as possible. Keep your business going!
- Guideline for strategy development based on GRC principles
- Learning Unit Corporate Governance
- Guideline PESTLE Analysis
- Guideline SWOT Analysis
- Guideline Porter’s Five Forces Model
- EU-Projekt CASSANDRA
You can use these working materials directly. In addition, the learning module on phase 1 – Analyse explains when the working materials are to be used.
Phase 2:Define
- Report results of phase 1 to the management level. Before you can proceed, the responsible decision-makers or bodies must sign off on the results of phase 1. In many small organisations, where e.g. the owner or the CEO is part of the GRCEssentials team, sign-off can be done regularly as part of the regular GRCEssentials team meetings in parallel with the work process.
- Inform the entire organisation or company about important interim results of phase 1 and make first successes visible to all.
- The GRCEssentials project team familiarises itself with the contents of phase 2 – Define and works on the individual work steps of this phase.
- Analyse the structure of your GRCEssentials project team on the basis of the experiences of phase 1. Do additional team members make sense? Are all the competences you need for phase 2 available in the team?
10-12 days
The times given for this phase may vary depending on the complexity, size of the company or organisation and the resources available. It is possible to complete this phase faster than indicated, e.g. if the maturity level of the organisation is advanced because individual employees have already successfully completed the GRCEssentials online Course. A next work step can also begin if a current work step in this phase has not yet been fully completed.
You will find all the necessary information in the learning module for phase 2 – Analysis.
In the second GRCEssentials phase you define values and principles for your company or organisation based on the results of phase 1. You define the target market for your products and services as well as the organisational structure that will contribute to achieving the set goals. Furthermore, you determine roles and responsibilities and concretise your strategic goals with the help of profitability or operational goals.
- Define values and principles in order to have a firm compass for decisions for all stakeholders. Your organisational culture shows your customers who you are and what you want.
- Define the target market, among other things to understand exactly which customer problems you solve with your products or services. Those who solve important problems are successful.
- Design the organisational structure so that it is clear to everyone in your organisation how different units, such as marketing or human resources, work together.
- Define roles and responsibilities so that it is clear to everyone who decides what, who does the work and who needs to be informed or consulted.
- Determine profitability targets for your products or services so that you know at all times whether you are achieving your strategy goals.
- Determine operational goals that help steer your operations, especially in the short term.
- Determine your operating model so that your people and your processes work efficiently and you can continuously improve your organisation.
- Guideline RACI Method
You can use these working materials directly. In addition, the learning module on phase 2 – Define explains when the working materials are to be used.
Phase 3: Plan
- Report results of phase 2 to the management level. Before you can proceed, the responsible decision-makers or bodies must sign off on the results of phase 2. In many small organisations, where e.g. the owner or the CEO is part of the GRCEssentials team, sign-off can be done regularly as part of the regular GRCEssentials team meetings in parallel with the work process.
- Inform the entire organisation or company about important interim results of phase 1 and 2 and make first successes visible to all.
- The GRCEssentials project team familiarises itself with the contents of phase 3 – Plan and works on the individual work steps of this phase.
- Analyse the structure of your GRCEssentials project team on the basis of the experiences of phases 1 and 2. Do additional team members make sense? Are all the competences you need for phase 3 available in the team?
20-25 days
The times given for this phase may vary depending on the complexity, size of the company or organisation and the resources available. It is possible to complete this phase faster than indicated, e.g. if the maturity level of the organisation is advanced because individual employees have already successfully completed the GRCEssentials online Course. A next work step can also begin if a current work step in this phase has not yet been fully completed.
You will find all the necessary information in the learning module for phase 3 – Plan.
In the third GRCEssentials phase you will undertake all the necessary planning that will allow your company or organisation to implement its strategy. This includes the design of the functional and operational framework, the project governance structure and other components that will help your company or organisation work efficiently and effectively and achieve a desired level of quality. In the planning phase, you also design your internal procedures and guidelines.
- Define your Project Governance framework so you always know if your projects are on track and contributing to your success.
- Define your standards regarding efficiency, effectiveness and your quality management standards. This will ensure that you do the right things, do everything right and meet your customers’ expectations.
- Develop corporate policies to provide guidance to all stakeholders on what is being done in your organisation and why.
- Manage your data so that they are collected, kept and used securely and efficiently. Discover the value of your data for your business.
- Identify and manage your risks. To do this, you go through a structured process to ensure that no risks are overlooked and that all your risks are addressed appropriately.
- Develop a Business Continuity Plan to be able to maintain business operations even in the event of a disaster.
- Comply with all applicable rules and regulations. This will help you avoid external fines, for example.
- Develop the necessary, procedures to ensure that your internal processes are efficient and effective.
- Learning Unit Corporate Governance
- Learning Unit Project Governance
- Learning Unit Data Governance
- Learning Unit Risk Management
- Learning Unit Compliance
- Guideline SWOT Analysis
- Guideline GDPR Compliance und Implementierung
- EU-Projekt CASSANDRA
You can use these working materials directly. In addition, the learning module on phase 3 – Plan explains when the working materials are to be used.
Phase 4: Verify
- Report results of phase 3 to the management level. Before you can proceed, the responsible decision-makers or bodies must sign off on the results of phase 3. In many small organisations, where e.g. the owner or the CEO is part of the GRCEssentials team, sign-off can be done regularly as part of the regular GRCEssentials team meetings in parallel with the work process.
- Inform the entire organisation or company about important interim results of your GRCEssentials-project and make additional successes visible to all.
- The GRCEssentials project team familiarises itself with the contents of phase 4 – Implement and works on the individual work steps of this phase.
- Analyse the structure of your GRCEssentials project team on the basis of your previous experiences. Do additional team members make sense? Are all the competences you need for phase 4 available in the team?
5-10 days
The times given for this phase may vary depending on the complexity, size of the company or organisation and the resources available. It is possible to complete this phase faster than indicated, e.g. if the maturity level of the organisation is advanced because individual employees have already successfully completed the GRCEssentials online Course. A next work step can also begin if a current work step in this phase has not yet been fully completed. Please note: From phase 3 – Plan onwards, feedback is possible in both directions, so that new information and changes that occur can also be adapted from the previous phases as far as necessary. So, it may be that you will modify already achieved work results on the basis of new findings.
You will find all the necessary information in the learning module for phase 4 – Implement.
In the fourth GRCEssentials phase your company or organisation uses all the previous preparatory work and planning to implement the strategy that has been developed. Your operating model is put together by drafting procedures, setting controls, and implementing new projects or exploiting new business opportunities.
- Establish and implement quality controls so that the quality of products or services as well as work processes is always guaranteed.
- Define and implement monitoring and controls in the areas of compliance, risk and data management. This prevents wrong decisions, establishes an early warning system and identifies suspicious behaviour.
- Assess and implement new projects or new business opportunities. This way you will make the right decisions for the future.
- Learning Unit Corporate Governance
- Learning Unit Project Governance
- Learning Unit Data Governance
- Learning Unit Risk Management
- Learning Unit Compliance
- Guideline GDPR Compliance und Implementation
You can use these working materials directly. In addition, the learning module on phase 4 – Implement explains when the working materials are to be used.
Phase 5: Implement
- Report results of phase 4 to the management level. Before you can proceed, the responsible decision-makers or bodies must sign off on the results of phase 4. In many small organisations, where e.g. the owner or the CEO is part of the GRCEssentials team, sign-off can be done regularly as part of the regular GRCEssentials team meetings in parallel with the work process.
- Inform the entire organisation or company about important interim results of your GRCEssentials-project and make additional successes visible to all.
- The GRCEssentials project team familiarises itself with the contents of phase 5 – Verify and works on the individual work steps of this phase.
- Analyse the structure of your GRCEssentials project team on the basis of your previous experiences. Do additional team members make sense? Are all the competences you need for phase 5 available in the team?
- After completing your first GRCEssentials project, you should move on to establishing GRCEssentials as a permanent process in your company or organisation. Decide if and when a new GRCEssentials project cycle should be started and start again with phase 1 – Analyse. For SMEs, SMOs and micro-enterprises, we suggest one GRCEssentials cycle per year. For the second and all subsequent cycles, you will spend much less time.
5-10 days
The times given for this phase may vary depending on the complexity, size of the company or organisation and the resources available. It is possible to complete this phase faster than indicated, e.g. if the maturity level of the organisation is advanced because individual employees have already successfully completed the GRCEssentials online Course. A next work step can also begin if a current work step in this phase has not yet been fully completed.
You will find all the necessary information in the learning module for phase 5 – Verify.
The fifth and final GRCEssentials phase is especially important for your company or organisation. In this phase, you create the basis for permanent monitoring, measuring, benchmarking, reporting and thus for the revision of all procedures. For this purpose, mechanisms and routines are established that, in the best case, provide you with valuable input on an ongoing basis.
- Specify measurement procedures and the tools required for them. Effective measurement procedures are a prerequisite for establishing a meaningful monitoring system.
- Establish benchmarking to identify and benefit from good practices.
- Establish a reporting system to identify regular progress but also challenges.
- Revise all processes, goals, etc. in such a way that permanent improvement becomes the normal day-to-day routine in your company or organisation.
- Learning Unit Corporate Governance
- Learning Unit Project Governance
- Learning Unit Data Governance
- Learning Unit Risk Management
- Learning Unit Compliance
- Guideline SWOT Analysis
You can use these working materials directly. In addition, the learning module on phase 5 – Verify explains when the working materials are to be used.