background

Whitepaper


WHY GRC SHOULD BE EMBEDDED IN YOUR ERP SYSTEM


Strengthen Governance, Risk and Compliance with Cloud ERP

In a fast-changing world full of risk and uncertainty, organizations are well aware of the need to strengthen governance, risk management and compliance, commonly known as GRC.

GRC applies to such areas as financial management and reporting, auditing, IT controls and security. GRC’s purpose is to ensure compliance with regulations and standards at governmental, industry, internal and partner levels. Whatever the focus area, the three areas of GRC can be broadly defined as:

With SuiteCommerce, your business can offer a B2C-like customer experience with a variety of features, including:

• Governance – An overarching top-down process to manage operations in accordance with business goals.
• Risk – Practices to identify and mitigate any type of risk that can jeopardize company performance.

• Compliance – Adherence to any range of regulatory, internal or industry requirements or standards.

“[GRC] programs are essential for protecting business value and maximizing business performance,” Forrester Research wrote in a report on the topic.1 “However, too many organizations lack well-defined GRC programs or neglect funding them.”

Part of the problem is the inherent complexity of multi-disciplinary GRC that varies across industries. For instance, GRC requirements for a manufacturer differ from those at a retail, utility or advertising company. A holistic GRC program with industry-specific infrastructure that supports it is the ideal, yet many organizations remain far from that goal.

“The importance of a holistic view of risk and compliance issues and the difficulty to


“Most organizations are aware of the need for a significant improvement in the way they manage their risk, internal audit and compliance functions through better automation of data and information.”

Deloitte

achieve it is often recognized as a weakness for many organizations,” Deloitte said in a report.2 “Most organizations are aware of the need for a significant improvement in the way they manage their risk, internal audit and compliance functions through better automation of data and information.”

GRC is relevant for organizations across the spectrum, from Fortune 100 multinationals to fast-growing companies aiming for international expansion, an IPO or a buyout. Yet, since the infamous Enron accounting scandal in 2001, hundreds of well-known companies have suffered catastrophic revenue loss and brand damage as a result of non-compliance, ranging from financial misstatements to production flaws.

The need for strong GRC controls is heightened by geopolitical and economic uncertainty, the hyperspeed pace of global business, and disruption across virtually every industry. Other factors include ever-changing regulations and growth in digital connectivity, data, channels and devices.

The traditional approach of managing risk in silos across different functions—internal audit, internal controls and compliance— and reacting to risks as they occur puts many companies at a disadvantage. Today’s environment demands a more agile and innovative approach to GRC.

Chapter 1

NETSUITE’S COMMITMENT TO GRC

To build out GRC programs, some companies turn to software labeled as GRC. Yet many GRC software vendors focus on specific use cases, such as standalone risk management, financial management, third-party compliance and more. Alternatively, a multifunctional GRC platform covers a broader range of use cases, yet can be extremely costly and complex to deploy, configure, integrate and maintain.

NetSuite provides a compelling alternative to specialized point solutions or a complex GRC platform that may provide capabilities organizations neither want nor need.

releases and in the pipeline that extend its strengths in financial management and IT controls.

“NetSuite is committed to providing enterprise- class compliance and control capabilities as a core element of our market-leading cloud ERP platform,” said Brian K. Taylor, VP, Security & Compliance at Oracle. “NetSuite is laser- focused on delivering the foundational GRC products and services you expect, supported by tools that ensure you’re able to rapidly and completely leverage those technologies.”

If additional solutions are required, NetSuite supplies a centralized system of record that can be augmented with third-party solutions in specific GRC areas. NetSuite’s enterprise-class compliance and control capabilities for GRC


“NetSuite is committed to providing enterprise-class compliance and control capabilities as a core element of our market-leading cloud ERP platform.”

Brian K. Taylor, VP, Security & Compliance, Oracle




build on the four capabilities that Forrester identifies as mandatory for GRC software:

• Content management. NetSuite functions as a repository to store any document and enables users to attach documentation at the transactional level, such as PDFs or Excel spreadsheets.
• Workflow management. NetSuite workflows are readily configured to support GRC activities across multiple stakeholders, with role-based authentication supporting the GRC principle of segregation of duties.
• Reporting capabilities. Standard and ad hoc reporting in NetSuite enables users to track status and identify anomalies in a range of areas, from debt covenants to sales tax remittances.
• Relational data model. Using NetSuite as a standardized data source provides a single system of record that eliminates or minimizes the need for additional systems.
New GRC capabilities for compliance-focused companies introduced in recent NetSuite releases include:
Built-in support for the ASC 606 revenue recognition standard.

Additional audit trails and searchability.
More comprehensive metadata on changes to workflow definitions.
Enhanced two-factor authentication.
Strengthened security around password resets.
An Administration and Controls Toolkit SuiteSolution with tools for managing access, security and audit controls.

In addition, NetSuite now offers a GRC- focused training course that covers topics such as internal controls over financial reporting (ICFR), compliance and control audits, change management, and access management. NetSuite is also advancing GRC with a GRC Audit Advisory Board, comprised of global audit and advisory firm partners.
The Audit Advisory Board joins NetSuite’s GRC Customer and Partner boards as an important element in market and product validation and prioritization, while providing the opportunity to collaborate and empower businesses for higher levels of compliance, governance and risk awareness.