GRC Product Practice in the "Internet Plus" Era

Cloud accounting and mobile Internet make the internal processing level of the enterprise tend to be flat and make the business environment outside the enterprise more messy. With the widespread use of new technologies such as cloud computing, mobile Internet, and big data, large enterprises have shown a trend of “centralized application, centralized processing, and decentralized personnel” in information construction. These three major trends have also brought new challenges to enterprises in terms of corporate GRC products. For example, facing more messy and disorderly operations and competitive environment, more uncertainties bring more risks and opportunities.

Internal and external stakeholders in the company not only require companies to advance their achievements, but also require more transparent business operations. The enterprise needs to actively and cautiously apply technologies such as cloud accounting, mobile operations, and big data.

Pay attention to the compliance and safety issues brought by cloud accounting

Cloud accounting has gradually been considered as a way for enterprises with higher cost performance to hand over solutions and even become a business process outsourcer. In the cloud accounting environment, data and applications are separate from the basic equipment. Moving data and applications to the cloud can affect the ability of the organization to comply with certain laws and regulations. From the perspective of information security processing and enterprise risk control, companies must have a cloud security strategy, processing strategy, and compliance strategy in order to make better use of cloud accounting channels.

Cloud security needs to deal with many issues. For example, how to ensure the security of local data center resources, how to ensure the security of many applications after moving to public clouds, how to ensure the security of data stored in data centers of multiple cloud service providers, and how to protect the virtual of public and private clouds Based on how to ensure the safety of mobile devices accessing cloud infrastructure equipment.

Once it touches on information security and processing, the hybrid cloud environment will bring more challenges. For example, how to end the isolation and sharing of multi-tenancy, how to establish scientific pre-warning, echo mechanisms, how to reasonably set permissions to provide users with limited visibility, how to deal with data security and compliance issues. When companies build information systems based on cloud accounting, they can integrate cloud accounting into existing enterprise IT processing systems.

Respond to compliance challenges from mobile operations

The wide range of mobile Internet and smart terminals make it possible to work anywhere, anytime, and the operating equipment has become more diverse. This also makes BYOD (jobs with their own equipment) increasingly popular. Employees at the company can log in to the company's mailbox at any desired address and use the online operating system to end operations such as sending and receiving mail, handling processes, and communicating services. This not only increases the flexibility of the employee's homework, but also meets the personal needs of the employees for working equipment. However, as far as companies are concerned, the combination of BYOD's buying and operating costs of down-operating equipment also brings with it new IT processing challenges, such as equipment ownership, data privacy, and data security.

As for enterprises, to deal with the data security problems brought by BYOD, it is useful to develop a data security responsibility principle, use various control methods to fully isolate enterprise data and personal data, and formulate specifications for the use of terminal equipment. Only in this way can it be truly useful to protect corporate data without infringing employee privacy.

In order to fundamentally address the security issues of mobile operations, companies also need to adopt the following methods: First, attach importance to the education and practice of employees; Second, arrange applicable mobile device processing (MDM) systems, enterprise mobile processing (EMM) Third, pay attention to the implementation of mobile information processing methods.

Using Big Data to Advance GRC Intelligence

Many processes and information (such as documents, logs, etc.) will be attacked during the operation and processing of an enterprise. In response to the increasingly messy business environment, enterprises also need to deal with a variety of data and information. The data required for business operations processing is now no longer limited to data with static structures and limited interactive approaches. Instead, it comes from a variety of data, including diplomatic media data, e-mail data, sensor data, business application data, and files. And documents. The methods for enterprises to obtain and analyze data need to be updated.

Big data can be regarded as massive, fast-growing and diversified information assets. It is also considered by the industry to be a real game-changer. In some key areas, especially in the areas of operational and compliance risk management, the shared model supported by big data technology will support risk-taking personnel to make daily decisions. The introduction of big data analytics technologies, the effectiveness of risk models, and text analytics, process discovery, and advanced process warehouses can help companies close compliance intelligence, risk intelligence, and process intelligence. By modeling and emulating risk models and things, companies can strengthen their analysis and insights into their data, so that they can optimize and refine the plan before, during, and after the process is performed, and optimize business processes and decision-making results.

Compared to the selection of business intelligence, the use of big data analysis technology can further advance the guesswork and stability of the risk model. Specifically, big data analysis can reshape the organization's risk management in three ways: First, big data technology can help companies describe risk management concepts from scratch; second, big data technology can help companies transform risk management systems; Third, big data technology can help companies share system data.