Navigate GRC (Governance, Risk Management & Compliance) Atlas

Best practice EA supported GRC provides direct support for an organization to act "in accordance with its risk appetite, internal policies and external regulations through the alignment of strategy, processes, technology and people, thereby improving efficiency and effectiveness"

EA support for GRC extends classic-GRC from minimal regulatory compliance & regulatory risk approaches taken by most GRC software applications.

Governance, Risk & Compliance Atlas

GRC is a natural fit for EA to support GRC

  • Best practice EA has created a clear path to "improving efficiency and effectiveness" that aligns strategy, process, technology & people
  • Best practice EA governance needs a small push to provide broad support for GRC

Conexiam's GRC Atlas is based upon open available research & materials

Conexiam's approach to development of our practice is avoid reinventing the wheel
We base our method on

  • established peer reviewed research
  • Open Group standards, best practices, snapshots, and publications
  • Other industry standards, best practices and publications

Our purpose is simple: Acceleration

Useful architecture supports decision making

  • Support is always before decision
  • Architecting after is just documenting
  • Very little value generation in documentation
  • Restating: the key is always before decision

We openly test our method's effectiveness internally and with our peers.

EA & GRC Use Cases

  1. Risk Management & Risk Management Compliance
  2. Project Benefit Realization & Compliance
  3. Value Realization & Compliance

Risk Management & Risk Management Compliance

Questions being addressed are:

  • the organization acting in accordance with its risk appetite, internal policies and external regulations to improve efficiency and effectiveness?
  • risk management reducing the "effect of uncertainty on objectives"?

Use case is straight forward it is the central problem to GRC: Risk

Project Benefit Realization & Compliance

Questions being addressed are:

  • are expected benefits being realized?
  • are risks to these benefits effectively mitigated?
  • is the project structure delivering expected benefit?

Use case is about confidence in “improving efficiency and effectiveness” during change

Value Realization & Compliance

Questions being addressed are:

  • are expected benefits being realized?
  • are risks to these benefits effectively mitigated?
  • is the project structure delivering expected benefit?

Use case is about confidence in “improving efficiency and effectiveness” during change

Navigate Structure

Navigate is an optimized content framework. It includes

  • How to describe an architecture
    Extensible content metamodel built on a end-to-end core
  • Support for gathering information
    Structured gathering templates & presentation stock material
  • Support for analysis
    Analytic support and Guides
  • Support for reporting
    Purpose based reporting & presentation stock material
  • Training materials

Conexiam Navigate is designed to address the problem of getting to done.

Core Navigate contains the absolute minimum information. Specialized purposes, like project and portfolio management (PPM), road mappinggovernance, risk and compliance (GRC), business process improvement, service architecture, information architecture, and integration architecture are provided as fully integrated extensions to the core through a Navigate Atlas.

This method leads to smaller information demands and crisp focus on expected value. We gracefully address new critical questions. The exercise is not to gather all the information that might be useful in some potential future.

Conexiam’s Navigate is a flexible enterprise architecture meta-model and standardized set of templates and deliverables. Specialized Atlases extended Navigate seamlessly.

Free GRC Atlas Training Course

Conexiam offers a free GRC Training Class that includes training on how to perform EA support for GRC and demonstrates how Conexiam Navigate helps an EA team deliver.

To access the course simply create an account at training.conexiam.com.

Enterprise Architecture support for GRC extends classic-GRC from minimal regulatory compliance & regulatory risk approaches taken by most GRC software applications. This is a natural fit for a high-functioning EA Team. Best practice EA has created a clear path to “improving efficiency and effectiveness” that aligns strategy, process, technology & people. Best practice EA governance needs a small push to provide broad support for GRC.

The free GRC Navigate Training class is built upon the Conexiam GRC Navigate Atlas.

Navigate GRC Atlas Reading Materials

Conexiam’s approach to development of our practice is avoid reinventing the wheel. The Navigate GRC Atlas is based open available research & materials

  • A Frame of Reference for Research of Integrated Governance, Risk and Compliance (GRC). Nicolas Racz, Edgar Weippl, Andreas Seufert. Bart Decker; Ingrid Schaumuller-Bichl. Communications and Multimedia Security, 6109, Springer, pp.106-117, 2010
  • How to Live with Risks, Harvard Business Review, 2015
  • The Surprising Secret of Business Resilience (MIT Sloan Blog), Gregory Unruhm, 2016
  • Reducing Unwelcome Surprises in Project Management, Tyson R. Browning and Ranga V. Ramasesh MIT Sloane Review, Spring 2015
  • The Pitfalls of Project Status Reporting, Mark Keil, H. Jeff Smith, Charalambos L. Iacovou and Ronald L. Thompson , MIT Sloane Review, Spring 2014Research Feature
  • 4 Assumptions About Risk You Shouldn’t Be Making, Scott Anthony, Harvard Business Review, 2016
  • Protect Your Project From Escalating Doubts, Karen A. Brown, Nancy Lea Hyer, and Richard Ettenson, MIT Sloane Review, Spring 2017
  • How Mature is Your Risk Management?, Michael Herrinton, Harvard Business Review, 2012
  • Managing Risks: A New Framework, Robert S. Kaplan, Anette Mikes, Harvard Business Review, 2012
  • How to Manage Risk (After Risk Management Has Failed), Adam Borison and Gregory Ham, MIT Sloane Review, Fall 2010
  • The Six Mistakes Executives Make in Risk Management, Nassim N. Taleb, Daniel G. Goldstein, Mark W. Spitznagel, Harvard Business Review, 2009
  • Understanding and Managing Complexity Risk, Eric Bonabeau, MIT Sloane Review, Summer 2007
  • Integrating Risk and Security within a TOGAF® Enterprise Architecture, Open Group & SABSA Institute, 2016
  • World Class EA: Practitioners’ Approach to Developing Enterprise Architecture following the TOGAF ADM, Open Group, 2017
  • The TOGAF® Leader’s Guide to Establishing and Evolving an EA Capability