Contact Us

Arizona Public Service improves
operational performance and compliance
View the Case Study

    blue quote

    "DevonWay customer service is outstanding.  The project teams always provide quick responses."

    Claudette L., HU Section Head
    Canadian Nuclear Laboratories

      Case Study: Takeda

      At Takeda, DevonWay software
      contributes to 20% improvement
      in Batch Right the First Time.
      View the Case Study

        3 min read

        DevonWay for GRC: One platform, full GRC coverage

        Featured Image

        DevonWay is often asked if we offer software for Governance, Risk, and Compliance (GRC). The answer is yes: DevonWay software addresses the full range of GRC functionality, all on a unified SaaS platform. In fact, DevonWay offers an ideal GRC solution that lets you implement one step at a time.

        GRC crosses multiple departments and requires them to work together. According to non-profit OCEG, GRC is the “integrated collection of capabilities that enable an organization to reliably achieve objectives, address uncertainty, and act with integrity.” GRC includes a wide range of areas such as internal audit, compliance, risk, legal, finance, IT, and HR, plus lines of business, the executive management, and the board.

        Governance determines and manages business processes, strategies, and the corporate mission. Risk management is concerned with identifying, characterizing, and managing risks that the company faces in pursuit of its goals, while compliance management is concerned with adherence to regulations, laws, and best practices, as well as a company’s own policies, procedures, and standards. GRC provides a framework for integrating these three components to achieve an organization’s goals.

        GRC Graphic-1

        There are, effectively, three lines of defense:
        1. Business and infrastructure – The first line, from the worker in the field to Management, is responsible for following regulations, standards, and corporate processes, including managing risks and implementing controls on a day-to-day basis.  
        2. Control functions – The second line, which includes Risk, Compliance, and Legal teams, provides oversight on compliance with policies and procedures and monitors risk and adherence to control frameworks. These teams are responsible for identifying potential non-conformances or near misses and developing a mitigation plan to correct existing or prevent future occurrences, for example through process improvements, training, and incident reporting.
        3. Internal audits – The third line provides an independent review and assesses the effectiveness of the first- and second-line functions with regards to compliance.  
        Here’s a breakdown of the areas of Governance, Risk, and Compliance and the DevonWay products that address them:
        Governance – Alignment with Business processes and strategies 
        Risk – Identification and Evaluation of Risk
        Compliance – Ensuring adherence to regulations, standards, policies and procedures, contracts, controls, monitoring, training, and managing regulatory examinations and inquiries
        All DevonWay products work together across departments, organizations, and traditional software boundaries — all on a single, secure platform — and they work well with your other systems too. You can start with any DevonWay products and add on as and when needed, making DevonWay software an ideal option for GRC.

        About the author

        Dianna Ferrand is Director of the Project Management Office at DevonWay. Prior to DevonWay, she was Executive Director in the Legal and Compliance Department at Morgan Stanley and Head of Annual Reports Strategy and Management and served in various positions at PwC in Banking and Capital Markets Strategy. She holds a BS in Geological and Environmental Science from Stanford and an MBA from Loyola Marymount University.