Governance-Risk-Compliance Management IT Tool

Countries

Austria

Policy areas

Organisation name Federal Ministry of Finance Austria

Share this article via:

Contact person: Eva Maria Schrittwieser

eva.schrittwieser@bmf.gv.at

Risk management is a rapidly developing management discipline coming from private industry and today, it is advanced in the financial sector. In public sector organisations it is hardly implemented, although there is a clear added value in a more systematic decision-making process, more efficient strategic planning, and better costs and resources allocation. Implementing enterprise risk management in public sector organisations represents a shift in paradigm; nevertheless, it is a must-have in public administrations and a key element of good public governance.

The Austrian Federal Ministry of Finance committed itself to an integrated governance-risk-compliance management, which unites risk and compliance management processes and coordinates with relevant other organisational areas such as internal audit or quality management. This approach is unique for a public sector organisation across Europe as mainly only fragmented or siloed risk-management approaches are in place.

To professionalise and standardise the process within the Ministry, a governance-risk-compliance (GRC) IT tool was developed. This tool combines the advantages of standardisation and automatisation as well as information security and data protection, with increased user-friendliness, raised acceptance and enhanced transparency across the Ministry. It is interactive and personalised in communication, and intuitive when applying – no special training is necessary. Resources and time are saved for risk updating, analysis, comparisons and tracking of changes and developments. The GRC IT tool provides authentic, relevant and referable data, it is auditable and has the highest security settings. The GRC management process on the one hand and the GRC IT tool on the other hand are both easily, and without high resource investments, adaptable and transferable to other public sector organisations. This is possible due to the internationally accepted standard processes that build the basis for the GRC management and the developed framework for the GRC IT tool. The agile method used in this case takes into account that software development processes are characterised by learning, innovation and surprise.

The governance-risk-compliance (GRC) management IT tool focuses in the first step on the risk-management process within the Austrian Federal Ministry of Finance (MoF). The tool is developed in a way that it can easily be expanded. The GRC management in the MoF is based on international risk-management standards and has therefore a solid foundation and could easily be transferred to other organisations in the private or public sector, no matter what size. Furthermore, the technology used is easy to integrate in already established IT infrastructure.

In financial terms, the tool is sustainable as the basic programming is done, the software solution can be easily transferred to other organisations and so further financial investment is only needed for necessary adaptation. The agile methodology used is also a proven success in the non-agile world of a public sector administration. Therefore, one lesson learned for the MoF and the BRZ is that other software development projects can benefit from that, and it will be recommended to integrate agile project development to the standard processes in both organisations.

The processes of risk and compliance management that were implemented in the governance-risk-compliance (GRC) management IT tool are based on the standard processes in this field. A part of the framework uses shared services from a platform that is also newly implemented and offers a multiclient enablement. Thus, the developed framework can almost entirely be used by other Member States and levels of government with only few adaptation needs.

In Austria, the so-called Portalverbund (the combination of state, federal and municipality administrations in a network to jointly use the existing infrastructure) makes it possible for several applications to be reached from one point where the user enters via a single sign-on. The GRC management IT tool could be made available there, as it is multiple-client capable and supports several user levels with different usage permissions. The use of agile project management processes proved very successful, and this methodology can be adapted easily to many other software engineering projects. The direct and continuous involvement of the stakeholders as well as the regular presentation of the implementations provided well-founded feedback for the developers. This way, it is easier to achieve a product that best meets the stakeholders’ requirements in time-efficient manner.

No results found.

Also interesting