Graci by RiskBusiness is a comprehensive flexible modular solution to the modern governance, risk, audit and compliance (GRAC) requirements of small, medium, large and global conglomerate firms alike. Designed by industry practitioners for use by fellow practitioners, components of Graci are already used by over 200 firms globally.
Graci is available with fully-integrated risk content, including numerous classification taxonomy hierarchies, libraries of key risk and control indicators, scenarios and regulations and with continuously-updated breaking news or public loss data.
Using an unique data separation and encryption technique, coupled to information security and information technology sound practices, Graci utilises multiple levels of access controls to ensure only your staff can access your data and can only access that data which is pertinent to their role.
Delivered as a Software-as-a-Service (SaaS) solution, you need not fear where your data may be, as rather than your data residing somewhere “in the Cloud”, Graci utilises known, identified and secure Microsoft Azure Data Centres, so that you know exactly where your data is.
Risks manifest themselves on the organisation from every direction and modern, integrated management requires a 360° perspective encompassing all second and third line of defence functions for proactive risk and business decision making.
Although designed in a modular manner, Graci by RiskBusiness is a fully integrated solution, allowing the authorised user to identify links between relevant data sets across the worlds of enterprise and integrated risk management, internal audit, compliance, specialist risk functions (such as information security, data privacy, operational and business resiliency, model risk, physical security, supply chain management, etc) and the corporate governance environment.
With an intelligent digital assistant, Gracie, capable of answering questions and queries, retrieving and presenting data you need and of entering data for you into the application itself, Graci employs intelligent machine learning and cognitive behaviour theory to provide advance warning on emerging issues, augmented by the use of “Crawlies”, an army of data collection applications capable of retrieving relevant data from both within the firm and the wider environment within which the firm operates.
Graci comprises of six modules, one each for Governance, Risk, Audit, Compliance and Intelligence, supported by the Core Infrastructure module.
Graci’s Governance module provides both the maintenance of governance-related reference data such as organisational structures, employees and users across the entire Graci solution, as well as governance-specific functionality intended for both privately held and publicly traded firms.
The Governance module provides support for committees; meetings; senior officers; corporate, business and performance objectives; the Three Lines of Defence; defining accountabilities; the various external entities, such as clients, regulators, vendors, etc., with whom the firm interacts; the firm’s classification taxonomy; an inventory of the firm’s contractual obligations; new initiatives, such as new products, new systems and change management; and regulatory capital management.
The Graci Risk module provides support for fully integrated enterprise risk management. However, while facilitating the identification, assessment, monitoring and mitigation of “pure” credit risk, market risk and liquidity risk, it does not include explicit credit risk management, market risk management or liquidity risk management tools.
The Risk module supports managing emerging risks; standard operational risk management tools such as risk and control self-assessments (RCSA), incidents, risk and loss events; key risk, control and performance indicators (KRIs, KCIs and KPIs); scenario assessment; model risk management; risk appetite and risk profiling; vendor and supply chain management; operational and business resiliency; and data privacy and security management. The Risk Module includes comprehensive libraries of KRIs and KCIs, as well as scenarios.
Graci’s Audit module provides all the necessary functionality required by the modern internal audit function within small, medium, large and global conglomerate firms to ensure the provision of independent assurance to the firm’s Audit Committee, Board of Directors and relevant stakeholders.
The Audit module supports audit risk assessments; risk-based audit scheduling and resource allocation; working paper template management; planning, kick-off, progress and closing meeting management; audit report, audit finding and remedial action management; and auditor time management, including professional training obligation tracking.
The Graci Compliance module provides everything that is needed for the independent compliance function within small, medium, large and global conglomerate firms to ensure compliance with regulatory and legislative obligations and internal policies and procedures. It also facilitates appropriate oversight on and challenge to the business where conduct or business activities deviate from the direction provided through such regulation, legislation and/or policy.
The Compliance module includes the Regulations Library, with the option to use a Crawlie (or data collection application) to monitor, collect and manage regulations; supports Policy and Procedure management; compliance assessments; managing internal and external reporting obligations; management control testing; regulatory matters management, including reviews, examinations, inquiries, sanctions and fines; AML/CTF/KYC/PEP/sanctions/financial crime case management; and litigation management.
Graci’s Intelligence module is focused on bringing together a diverse set of information from within and outside the firm, then interpreting and aggregating that information into intelligence to facilitate informed business and risk decision making. Graci Intelligence employs cognitive behaviour theory, augmented machine learning, the Gracie intelligent digital assistant and an army of Crawlies (data collection applications) to harvest, classify, monitor and aggregate data, then to alert those individuals with a specific need-to-know at the earliest possible opportunity.
The Intelligence module hosts the Newsflash Library of public loss events; supports industry loss data consortia; industry benchmarking and industry risk profiles; provides benchmarks and ratings on risk governance, cyber security and related industry metrics; and supports establishing and monitoring the firm’s reputational barometer, both for itself and for its critical business partners and supply chain.
The Graci Core Infrastructure module provides a wide range of common functionality used across the five core functional modules within Graci, namely: Governance, Risk, Audit, Compliance and Intelligence.
The Core Infrastructure includes remedial and corrective action management; authorisation and attestations; meetings, agendas and minutes; documents and notes; audit trails; calendars, notifications and alerts; review cycles; the management of rating bands, frequency bands and impact bands; currency exchange rates; and technical and functional administration of Graci itself.