Nordic GRC-process needs for Ahlsell

This initiative states our definition of GRC, operational status and needs. Needs are specified per functionalities and includes overview ”blue print” examples. 
Requirements specification drawn from needs can also be found in separate Excel document ”GRC Ahlsell_requirements" and this will be sent to suppliers for inquires and will be base for our evaluation model.

GRC Definition

GRC is the collection of capabilities that enable Ahlsell to reliably achieve objectives (Governance), address uncertainty (Risk Management) , and act with integrity (Compliance).

Today we work in separate silos when it comes to Group Wide Risk assessment, Operational Risk Management, QEHS-work, Governance and Internal Control.

We rely a lot on manual handling in different Office-systems such as excel, word and Power Point. For storing documentation and communication, we use multiple technologies, e.g., Teams, ServiceNow, C2, SharePoint, IMS, Smartsheet, “network drives” and Outlook.

We have challenges with lack of visibility, duplication, waste of information and resources among us. The prerequisites are an inefficient and highly manual way of working. In general, we lack support for automation and analyses.

Examples of urgent GRC needs within Ahlsell today
Ahlsell Group - incoming external demands and internal needs, increases the need for a multi leveled group-wide risk tool for analysis, communication, documentation and reporting. Today´s system (C2) used for group-wide risk analysis doesn’t support operational risk management within any subsidiaries or business unit's (district/project/process/workplace).

Ahlsell Group – for our newly implemented internal control framework (ICFR) we require system support for all framework component´s such as, planning, control execution, control testing and aggregated documentation for analysis and reporting.

Ahlsell Sverige AB - do not comply with ISO-standard 9001 concerning traceability for handling steering documents. Group needs system support for document management. Ahlsell Norge AS - "Blå tråden" Ahlsells management system is not IT system-based and there is no support for effective management of measures and risk assessments (manually managed via Excel, Word, Powerpoint, etc.).

Identified challenges and prerequisite – integrated GRC tool
Challenges
Subsidiaries within:
“Ahlsell blue flag” haven´t defined the processes the same (can be aligned)
“Stand alone” subsidiaries have their own processes
Some subsidiaries have a different IT- platform
Maturity levels within GRC differs

Prerequisites
Ahlsell OY use IMS-software as management system
Ahlsell Sverige use a project system that includes risk module (TBC)?