What is GRC dependency modeling and mapping?

Upstream and downstream relationships can be created between profiles to develop the dependency map. The scoping of profiles is permitted in each of the GRC applications, but the GRC Workbench, which provides a visual presentation of those dependencies, is only activated for use with Risk Management.

Figure 1. Dependency modeling and mapping

Dependency modeling

Dependency modeling ensures that an organization establishes a uniform definition of risk across the enterprise. The dependency model defines what relationships are allowed between different types of areas in the organization. This enables more effective risk normalization and aggregation by allowing stakeholders to more effectively compare and contrast risk appetite and exposure at various levels of the enterprise.

Creating a dependency model involves creating profile classes and defining how classes are structured in relation to each other using the Roll up to field.

Dependency mapping

Once dependency modeling is complete, you can build out a dependency map to define how different parts of the organization are related to each other. The dependency map represents what profile relationships actually exist. For example, you could specify that certain projects and business services could affect the HR department, which would in turn affect the enterprise.

Defining the dependency map involves creating profiles, defining the profile class for each profile, then relating profiles to each other by specifying the upstream/downstream relationship.