Whitepaper: The Compliance Officer’s guide to preventing cyber-attacks

compliance officer - cyber attack

The realities of cyber attacks
Europe leads the world when it comes to detecting security breaches. In 2013 alone, Europe experienced an increase of 41% in security incidents amounting to tremendous financial losses. So what are the realities of cyber-attacks across the globe and how can compliance officers prevent them?

Everyone talks about having Policies & Procedures in place, but nobody talks about the practicalities of communicating them to a global, possibly multi-lingual
audience, ensuring that they have been received, read, and understood by
every employee.

Please complete this form to download the whitepaper
*Please note, to save the whitepaper onto your computer, simply right click on the pdf and select “Save as”.

PolicyHub 4 released

GRC Solutions is pleased to announce the release of PolicyHub 4, Hitec’s award winning Policy Management Solution.

PolicyHub is designed to manage the entire policy lifecycle from creation, review, approval, publishing and distribution management, attestation to reporting with full audit trails.

PolicyHub 4 comes with a refreshed user interface for an improved (UX) User Experience as well as other performance enhancements.


Key developments:

  • Full administration access from anywhere in the world via a web browser
  • Refreshed user interface with improved user experience
  • Tests & Questionnaires comprehensively redesigned
  • Single Sign On through-out including SaaS (Software as a Service)
  • Efficiency improvements

Jeremy Crame, Hitec CEO, comments:
“At an important time when firms are required to meet increasing regulatory obligations Hitec are continuing to make enhancements across all product and service lines. PolicyHub 4 brings improved efficiencies to your Policy Management workflows enabling you to increase performance and keep on top of your GRC programmes.”

GRC Solutions is a reseller of Hitec’s PolicyHub solution within the Asia Pacific region. We have recently integrated PolicyHub with a complete risk management software to bring you GRCHub for all your governance, risk and compliance needs.

Please do not hesitate to contact us for a demo of either or both of these products.

Whitepaper: The importance of actions/activities/tasks in risk management

GRCHUB - the importance of actions, acitivites and task in rm

Liam O’Brien recently joined our team at GRC Solutions as a Senior Risk and Compliance Consultant. This whitepaper shares his insights on the importance of actions, activities and tasks which ultimately act as controls in a risk management program.

Liam has worked for large and diverse organisations in senior management roles for over a decade. His governance, risk and compliance expertise comes from successfully executing:

    • risk management frameworks
    • compliance programs
    • governance reviews
    • bribery and corruption assessments
    • audit programming


This paper outlines just two of many essential controls that must be implemented to avoid a risk becoming reality. It examines in detail how these controls can be introduced or reviewed and embraced by an organisation.

The journey towards ensuring organisational effectiveness requires action and perhaps the best way to deploy your efforts is within a sound risk management framework. It should identify where any individual organisation will get the best return for each dollar spent, ensuring strategy becomes reality and that risks don’t.

Please complete this form to download the whitepaper
*Please note, to save the whitepaper onto your computer, simply right click on the pdf and select “Save as”.

How to get back on track after crisis strikes

reputation damage recovery

Your organisation’s name has landed on the front page of newspapers, it’s being thrown around loosely by newsreaders, the press is demanding interviews with your top management, and your reputation is coming crashing down by the second.

An employer’s most valuable asset is of course their employees, but just as important is their reputation. Any hits to an organisation’s reputation can be devastatingly costly. Ironically, the cause of reputational damage is usually non-complying employees.

When ineffective compliance training and lax policy and risk management solutions are left to filter through, a crisis awaits at the final tipping point. Poor risk, governance and unethical procedures leave your organisation open to reputational damage.

So how can you successfully rebuild a tarnished reputation?

Earlier on in the year, Corporate Risk and Insurance interviewed David Van, founder and managing director of a reputational risk management consultancy. He recommends the following two solutions to put your organisation back on its feet.

1. Ensure that risks of any other possible damaging problems are eliminated. This means carrying out an audit of any other existing reputational risks.

“Once something’s happened any other issue, no matter how small, will be highlighted and will only compound on the damage already done. Something that might have been of no interest to media or other stakeholders previously can have a compounding effect. Because that company is already in the media you’ll see often following a crisis any other coverage will have a tagline (relating to the first crisis). It tends to follow them and any other news gets tagged with that. This makes it difficult to get positive messages out.”

2. Have closure on the crisis – whether that is by a legal case or inquiry.

“The best way to do that (if it’s not subject to an external inquiry) is for the company itself to commission an independent inquiry and then publish the results of that,” Van said.

“If there’s ligation afoot then you must let it run its course, but if there’s not it’s a very good step for companies to demonstrate transparency (transparency is a key driver of reputation). It is very beneficial to go through the exercise of investigating how it happened, clarifying what the error was and demonstrating that it’s not going to happen again.”

Van also recommends exploring the possibility of participating in a seminar explaining to other companies how they can avoid going through a similar crisis.

“A lot of companies baulk at this because they don’t want to talk about what’s happened but people know that bad things can happen and the loss of reputation mostly derives not from what happened but why it happened and what you did about it,” he said.

“As you went through it, people will want to know that you learnt from that lesson, being genuine and showing how something happened and saying to other companies here’s what happened to us, here’s how you can avoid the same thing, is a really good step to do that. If you show genuine remorse and genuine efforts as to how and why it won’t happen again your reputation will come out the other side stronger than it was before,” he said.

After taking these steps Van advises it’s a matter of doing your normal promotions, PR and advertising but with sensitivity to what’s happened.

GRC Solutions recommendation
The most significant preventative action an organisation can take to avoid a crisis and reputational damage, is to implement an effective compliance training program, and a streamlined policy management solution that will keep your employees on top of your workplace culture, rules, regulations and acceptable behaviour.

Systems like these also mean that if a crisis were to strike that you have auditable trails of policy and procedures and evidence of staff being trained on topics such as anti-money laundering, workplace behaviour and insider trading. It’s the proof in the pudding that preventative measures were taken to avoid such a dilemma at all costs.

Paper-based and Intranet-based policy management vs PolicyHub

Compliance is at the heart of every modern business, irrespective of the regulatory jurisdiction.

Organisations of all types and sizes now face more relentless regulatory scrutiny than ever before. Auditors are cracking down on poor governance controls and substandard practices even when they are not created intentionally.

Geographically dispersed staff and different departmental priorities often result in inconsistent policies being adopted. This not only results in duplication of effort and hidden administration costs, but can lead to a lack of understanding and widespread confusion, not to mention exposing the organisation to risk.

Whilst well written and clear policies and procedures are imperative, they are almost worthless if they are not communicated and tracked efficiently.

Traditional passive communication, awareness and employee engagement processes such as email, intranet or a manual, paper-based approach are no longer good enough. The most alarming part is, 62% of organisations surveyed by us in June are using these non-effective methods to policy manage. These methods are time consuming, costly, and do not deliver the appropriate level of governance expected by National Regulators.

We explain why, below.

Paper-based approach
Paper-based policy management systems are still fairly common. While such systems might have historically been able to manage a handful of operational or HR policies and procedures, the increased quantity and regulation surrounding them today means that they are simply not adequate. Neglected policies or policies that are just written for the sake of having something in an organisation’s records in today’s regulated environment puts an organisation at risk of regulatory fines, employee legal cases and reputational damage.

Paper-based systems often become a bottleneck for organisations experiencing fast growth or increasing regulation, and the hidden costs such as even locating the latest version are often significant.

While paper-based systems may seem to cost less on the surface, there is a huge amount of hidden cost due to the enormous amount of time the organisation spends to ensure document control, to chase bottlenecks in document review and to ensure corrective actions are implemented in a timely manner. It’s almost impossible to prove who read which policy when, that they signed up to it and that they understood the contents. Regulators and auditors now expect this information as standard and penalties are on the increase for those that cannot prove compliance.

To achieve compliance, streamlined, auditable and proactive systems are required.

Intranet-based approach
In June, we conducted a survey on our database of over 9,000 Risk & Compliance Officers, HR managers and the like. The results indicate that 29% of organisations rely on an intranet as a policy management platform and 33% of organisations rely solely on mass emails sent out to “all staff”.

Development of a corporate Intranet to publish policies requires significant effort and investment but it still will not achieve the level of certainty that a built-for-purpose solution will deliver.

Posting mission critical policies and procedures on a corporate Intranet and hoping that employees take the initiative to voluntarily visit the site, find the relevant policy, read it, and ensure that they have understood them is naive. More often than not, these are ignored.

Regulators and Auditors now expect to be shown evidence that policies have been communicated and that actions such as automated email reminders have been taken to ensure employees have received, read and understood the policy.

Intranet-based policy management means that policy relevancy is diminished rather than being tailored appropriately for different levels of staff.
Every time there is a legislative change, policies must be updated. Although a policy on an intranet is easy to update, don’t be fooled. Getting your entire organisation to re-read and understand the new policy will be a costly and time-consuming mission.

Most serious of all, these policy management techniques prevent the organisation from clearly demonstrating control over the process of communication, auditing acceptance and understanding of policies and procedures.

policy managment lifecycle

Streamlined cloud-based approach – PolicyHub
PolicyHub is designed to ensure organisations can easily communicate and manage policy directives to all stakeholders, ensuring the right staff receive the right information at the right time and fully understand the content. Short online tests to prove understanding of the policies is crucial. A policy management system that covers all stages of the policy life cycle demonstrates good governance, best practice and compliance to Auditors or Regulators alike.

Not only will PolicyHub track who has read, understood and signed up to all policies, but it also provides management with the accurate information they need to identify and mitigate risk and to target training resources more cost-effectively.

If your organisation is geographically dispersed, policy management is easy to manage as PolicyHub is a cloud-based solution. Now your employees can access the relevant policy or procedure from anywhere at any time.

Source: Hitec

GRC Solutions is expanding!

grc is moving

It gives me great pleasure to announce the launch of our new Sydney office at 1 York Street, Sydney.

Our new home enables us to better serve our clients with an evolving suite of products: Salt Compliance, GRCHub & PolicyHub.

The team and I are excited about this move and the new opportunities to grow our business.

We look forward to hosting you in our new office in the near future.

Kind regards
Julian Fenwick
Managing Director

Streamlining policy management by Michael Rasmussen


Streamlining policy management  

Michael Rasmussen is the Chief of GRC 20/20 Research and is an internationally recognised pundit on governance, risk management and compliance.

He has specific expertise on the topics of enterprise GRC strategy, process and technology, having analysed several policy management systems.

Known as the “father of GRC”, he has written this whitepaper to advise organisations on how to better streamline their policy management systems.


Policies set the standard for acceptable and unacceptable conduct by defining boundaries for the behavior.

When an organisation fails to establish and enforce policies, the organisation quickly becomes something it never intended.

Policies matter; however, when you look at how many organisations manage policies you would think policies are irrelevant and a nuisance.

Policies must be well managed and operational so that they are both effective and efficient tools to help the organisation stay on the path it chooses.

Business requires a policy management platform that delivers the right features, is flexible, context-driven, and adaptable to a dynamic and changing environment.

The perfect solution should be easy to use for policy managers, authors, and most importantly the policy readers.

Please complete the form to download the whitepaper

Policy management survey conducted across Asia-Pacific reveals alarming results!

Last week we asked you, our Asia-Pacific readers, how your organisation manages policies to ensure compliance with complex legal regulations.

The results revealed an alarming 62% of organisations do not have an effective policy management system and do not track how many employees read and understand their policies.

Of those, almost 50% are organisations employing over 1000 staff leaving them severely exposed to non-compliance risks and hefty fines.

Here are three quick facts your organisation must take into consideration:

  1. Organisations without an effective policy management system will be penalised in the case of an audit.
  2. Policy management consumes time and resources. When it becomes the last priority, compliance and reporting is almost impossible.
  3. All policies should be managed and tracked from one platform to ensure compliance and reporting accuracy.

Check out more results in our infograph below or click here to download a pdf version.


View a video demo of our policy management system, PolicyHub below.


Policy management: Did you know?

Did you know a recent FCA investigation into the controls around money laundering, terrorist financing and sanction risks, uncovered the fact that half of those organisations surveyed had gaps in their policies and procedures?

Are your workplace policies clearly communicated to your employees and most importantly do your employees understand them?

Complete our short policy management survey and we will reveal the stats on policy management across the Asia-Pacific in our next email.