GRC Tuesdays: The Twelve Days of (GRC) Christmas

On the first day of Christmas my Auditor sent to me:
A great list of findings to read

On the second day of Christmas my CCO sent to me:
Two new controls to assess
and a great list of findings to read.

On the third day of Christmas my CRO sent to me:
Three risk responses to update
Two new controls to assess
and a great list of findings to read.

On the fourth day of Christmas my CISO sent to me:
Four disaster recovery tasks to document
Three risk responses to update
Two new controls to assess
and a great list of findings to read.

On the fifth day of Christmas my Fraud Investigator sent to me:
Five investigations to close
Four disaster recovery tasks to document
Three risk responses to update
Two new controls to assess
and a great list of findings to read.

On the sixth day of Christmas my CIO sent to me:
Six access requests to approve
Five investigations to close
Four disaster recovery tasks to document
Three risk responses to update
Two new controls to assess
and a great list of findings to read.

On the seventh day of Christmas my Procurement Manager sent to me:
Seven business partners to vet
Six access requests to approve
Five investigations to close
Four disaster recovery tasks to document
Three risk responses to update
Two new controls to assess
and a great list of findings to read.

On the eighth day of Christmas my CFO sent to me:
Eight financial processes to describe
Seven business partners to vet
Six access requests to approve
Five investigations to close
Four disaster recovery tasks to document
Three risk responses to update
two new controls to assess
and a great list of findings to read.

On the ninth day of Christmas my General Counsel sent to me:
Nine cross-country regulations to review
Eight financial processes to describe
Seven business partners to vet
Six access requests to approve
Five investigations to close
Four disaster recovery tasks to document
Three risk responses to update
Two new controls to assess
and a great list of findings to read.

On the tenth day of Christmas my Security Officer sent to me:
Ten policies to acknowledge
Nine cross-country regulations to review
Eight financial processes to describe
Seven business partners to vet
Six access requests to approve
Five investigations to close
Four disaster recovery tasks to document
Three risk response to update
Two new controls to assess
and a great list of findings to read.

On the eleventh day of Christmas my Trade Compliance Manager sent to me:
Eleven electronic invoices to process
Ten policies to acknowledge
Nine cross-country regulation to review
Eight financial processes to describe
Seven business partners to vet
Six access requests to approve
Five investigations to close
Four disaster recovery tasks to document
Three risk responses to update
Two new controls to assess
and a great list of findings to read.

On the twelfth day of Christmas my Board sent to me:
Twelve congratulations messages!
Eleven electronic invoices to process
Ten policies to acknowledge
Nine cross-country regulations to review
Eight financial processes to describe
Seven business partners to vet
Six access requests to approve
Five investigations to close
Four disaster recovery tasks to document
Three risk responses to update
Two new controls to assess
and a great list of findings to read.

I hope you enjoyed this GRC adaption of the traditional English Christmas carol “The Twelve Days of Christmas”. And if the Christmas bag gets a bit heavy towards the end don’t worry! I’ll continue to keep GRC simple for you.

Wishing you a very enjoyable Holiday Season, I look forward to reading your comments on these blogs next year!

Originally published on the SAP Analytics Blog with the complicity of Jan Gardiner and Bruce McCuaig