Jira as GRC tool?
In recent years, Issue Tracking Systems (ITS) like Jira from Atlassian got more and more popular in project management. Here, each work package is depicted by a ticket or "issue". We from ISPICIO promote the idea, that ITS are the ideal instrument to manage your risks, to design and implement controls, to trigger your control performances and to hold the corresponding evidences.
The basic concept is, that each risk and each control is depicted by a single ticket. These tickets have different types and hold specific informations. In the case of a risk, you need for example a description of the the risk, the underlying regulations (e. g. GDPR), in wich processes it may occur and of course the probability and the possible damage cluster according to your risk matrix. In regard to controls, you need specify the control instructions, the frequency and you may track if the control is preventive or detective etc. Both have in common, that you can assign them to Risk and Control Owners.
By simple customizing, Jira can automate an ICS and thus generate real added value for the company. Each responsible performs his tasks intuitively in tailor-made tickets, uploads documents and tracks the status at the touch of a button (eg OK / Not-OK). The timeliness of ICS tasks is conveniently triggered by email reminders. And through the principle of work packages (tickets), the effectiveness of the ICS can then be monitored with reports and dashboards in real time. Such a project can be set up by experienced persons within a few project days. With all of the ICS informations in one place, the cost and burden of auditing the Internal Control Framework in the course of the annual financial statements audits drops dramatically.