Hi VM,
Compliance administrators can download content from Network Frontiers Unified Compliance Framework (UCF) to use as GRC authority documents, citations, controls, and control objectives. The documents can be updated on pre-defined intervals.
The Regulatory Change Management application provides a framework and guidelines to integrate with third-party regulatory intelligence providers. It provides a centralized process for managing regulatory changes and ensures compliance with external regulations.
In UCF we talk about authority documents, citations, controls, and control objectives but in Regulatory Change Management , we don't deal with the same , we have workflows running and it's completely diffrent process, please find the RCM Process flow :
- Set up the integration: Customers can subscribe to a public RSS feed for the regulatory bodies or they can also subscribe to a subscription provider such as Thomson Reuters Regulatory Intelligence (TRRI) that is a curated intelligence provider. Providers such as Thomson Reuters Regulatory Intelligence (TRRI) aggregate the regulatory changes from different sources and provide the collective changes in the form of feeds.
- Set up the taxonomy: Taxonomy elements are different classifiers that an organization can apply to its reg content to categorize it. Taxonomy elements are used to create a hierarchical structure of different classifications for setting up the regulatory content for an organization. This is the process of setting up an internal taxonomy.
- Review a regulatory alert: A user with the sn_grc_reg_change.manager role (RCM Manager) reviews a regulatory alert and assigns it to a coordinator or a user with the sn_grc_reg_change.user role (RCM User). The user with the sn_grc_reg_change.user role reviews the alert. If the regulatory change requires an impact assessment, the RCM user sends it to a subject matter expert (SME) with a business user role.
- Assess the impact: The subject matter expert (SME) with a business user role assesses the impact of the regulatory change and sends the score of the impact assessment to the Regulatory Change Management application. If the alert is not applicable to the organization, the RCM user closes the alert. If the alert is applicable to the organization, the RCM user creates a new regulatory change task and assigns it to the same or a new coordinator.
- Devise an action plan: The coordinator identifies the steps to comply with the regulatory change, devises an action plan, and creates the action tasks for different teams to complete the action items that have been identified. The coordinator further creates the action tasks associated with the regulatory change task. Once the action plan is created, it is sent to the RCM manager for an approval. The managers review the action plan and confirm if all the action tasks that have been created are enough or if some of the action tasks are not necessary.
- Complete the action tasks: If the action plan is rejected, then the same coordinators again go through the action plan, update the actual tasks, and then the action plan is sent back for an approval. All Compliance based action tasks are visible to the Compliance Manager and Risk Managers can see the Risk based action tasks. Once the tasks are assigned to the Risk and Compliance users, the action tasks are tracked through completion. A due date is marked and tracked for the action tasks. Once the actual tasks are completed, the regulatory alert and the parent regulatory change task are closed.
This step indicates completion of the regulatory change process flow.
Mark my answer correct & Helpful, if Applicable.
Thanks,
Sandeep
