Skip to main content »

What is GRC Process Modeling?


GRC (Governance, Risk Management, and Compliance) is a frequently misunderstood product category, a subject which I discussed in a previous blog, titled“Is Document Generation a GRC Technology?”The three components (G, R, C) can, in fact, be viewed as three disparate product groupings, each being targeted by a variety of different vendors.


Among the types of technologies that can be included in the broad GRC category are business process applications (BPM workflows), which, unlike many types of GRC solutions, actually span each of the three product groups. Business process applications (workflows) generally impose order on unruly, dark processes (Governance) and, in doing so, tend to mitigate risk in a variety of ways (Risk Management), depending on the type of workflow in question. Likewise, by imposing order on process users, an application can enforcecompliancewith both internal policies and external laws.

Process Modeling Engines

Virtually all BPM suites include a process modeling engine, which allows architects to design and automate workflows based on real-world processes within an organization. Such modeling environments are commonly referred to as RAD (Rapid Application Development) platforms. Today’s process modeling engines often include libraries of pre-defined objects (functions) that domain experts (non programmers) can graphically configure into process flows. Situation specific parameters can be passed into the objects, thus providing complex business logic to govern the process without a difficult and time-consuming programming effort.

Document Generation Process

One specific type of GRC application involves automating the generation of complex legal documentation.Document generation softwaresuites allow practitioners to transform legal documents and forms into process applications by building business logic into document and form files. Likewise, such platforms allow process architects to design powerful, interactive sequences of data-gathering forms (interviews) that walk application users through the process of entering data correctly.

Document generation process applications can draw on enterprise data sources to eliminate the need to rekey data and can be deployed standalone or integrated into virtually any type of relevant workflow.

Share this article