Integrated Report 2021

 

Currently viewing: GRC case studies / Risk overview

Leadership
report

GRC case studies

GRC-as-a service

The EOH GRC toolbox we developed to optimise our own approach evolved into a suite of solutions that together empower GRC processes to run more efficiently and enable compliance as an outcome rather than an exercise.

Our GRC ecosystem comprises:

  • CODE – our GRC framework, processes and controls
  • Cerebro – our training, on-boarding and compliance tool
  • Impressions – a secure and convenient digital signature system
  • iBot – a rigorous bid-optimisation tool
  • ExposeIT – our digital whistleblowing solution app that allows users to report issues and incidences securely, confidentially and anonymously.

The ecosystem creates a single view across a large and diverse group of companies. From gifts and entertainment processing, to bids, tenders and conflicts of interest: everything that affects our GRC capability is available through a consolidated dashboard and reporting mechanism. This allows for effective decision-making and a clear audit trail. It includes legally binding attestations and outlines daily risk-based decision making in a top-down/bottom-up approach to ensure that compliance drives accountability, actions and assurance and advice. It also includes a considered and effective three lines of defence model that clarifies and structures risk management and internal controls by defining roles, responsibilities and relationships across different areas.

Cerebro: strengthening GRC functions through digital solutions

Cerebro is a cloud-based workflow management platform that can be configured to support processes including quality assurance, GRC and e-learning. It was developed for use in the highly regulated pharmaceutical industry and includes the necessary stringent rules and controls, rigorous back-end, role-based access, audit capability and full encryption. It is highly adaptable, with a purposely generic and configurable front-end so that it can be easily adapted to the needs of a division or company by subject-matter specialists without requiring programming skills. It encourages engagement and interactivity, making training memorable and enjoyable to fully involve participants and improve retention.

We use Cerebro as the basis of our GRC training, a crucial foundation of developing an ethical culture. In FY2021, the training was designed using robotics and gamification through our Galactic Learning Management System and took the form of a league competition.

At the start of the training, employees chose from one of 14 football teams with their learning materials customised accordingly and branded in their team’s colours. The programme covered seven courses: HR skills audit, EOH values, POPIA, Cybersecurity 101, side hustles (outside business interests (‘OBIs’)), anti-bullying and working from home safety. Each course completed scored a goal and top standings were based on the percentage completed by team members for each course. The programme was very well received, with a completion rate of close to 100% across all the courses.

Back to top