Though a internal rules and regulations management system is critical to addressing GRC in organizations, GRC is not something you buy, but rather, something you do. No software can create a GRC structure, but technology can improve and support an existing system. A internal rules and regulations management system can fulfill the needs of multiple stakeholders in organizations, including board members who need to identify and manage risk, legal managers who are concerned about litigation, enterprise administrators who want to ensure compliance with regulatory bodies who want to carry out their duties in an organized and productive manner. A good system of GRC defines governance and the culture of the company, manages risk and minimizes the effect of adverse events, and helps the organization stay in adherence with regulatory bodies. A good internal rules and regulations management system can support all of these things

Every organization has policies and procedures that guide employee behavior. Many rely on word processing to create documentation, email to send it for review, and shared network drives to make the information available to employees, while some require printed copies in order to make the materials available to remote offices. The process is inefficient, time consuming and provides little oversight. Truly managing policies and procedures requires a process and a system for authoring, publishing, communicating, testing and continually revising that content. You need a system that automates and controls this process, enforcing the discipline you need for Effective Internal Rules and Regulations Management

Policies: A Foundation in GRC Strategies

Policies are critical to organizations as they establish boundaries of behavior for individuals, processes, relationships, and transactions. An organization must establish policy it is willing to enforce – but it also must clearly train and communicate the policy to ensure that individuals understand what is expected of them. GRC, by definition, is “a capability to reliably achieve objectives

while addressing uncertainty [risk management] and acting with integrity [compliance].” [note: this definition is from the GRC Capability Model at] Policies are a critical foundation of GRC. When properly managed, communicated, and enforced, policies accomplish the following:

Provide a framework of governance. Policy defines the organization’s governance culture and structure. Without good policy as a guide, corporate culture and control morphs, changes, and takes unintended paths.

Identify and treat risk. Policy articulates a culture of risk. Policy addresses risk and establishes risk responsibility, communication, appetites, tolerance, and risk ownership. Without clearly written policy, risk governance is ineffective.

Define compliance. Policy establishes a culture of compliance. Policy details how an organization meets its obligations and commitments and how it will stay within legal, regulatory, and contractual boundaries to avoid exposure to liabilities.


Organizations today are required to comply with an increasing number of regulations, policies and procedures. This drives the need for ongoing auditing in organizations. The traditional regulation/policy/procedure-specific audit software solutions have become less effective, as they are not integrative and hence can create inconsistencies and even contradictory audit processes. Executive officers are specifically required to demonstrate effective internal rules and regulations practices, and to ensure corporate transparency and visibility into the business. The internal rules and regulations management is continuous and needs to be repeated periodically and closely executed.


Employees are the first line of defense in protecting your organization’s reputation and business interests. A foundational internal rules and regulations management program is key to ensure employees are adequately informed and able to fulfill this responsibility.

The GOLDENHORN eGRC Internal Rules and Regulations Management solution allows companies to streamline the complete internal rules and regulations management process and the communication around it. This solution shows which policy and version is in effect and to whom it is applicable, indicates who has completed certification and facilitates pro-active follow up on policy waivers and gaps.

The GOLDENHORN eGRC Internal Rules and Regulations Management solution allows for:

Easy centralization and management of policies, standards and procedures across the organizationEmployees to quickly locate and confirm that they have read and understood all applicable corporate policiesPolicy awareness campaigns to be completed quickly and efficientlyFull audit trails on internal rules and regulations management related activities

GOLDENHORN eGRC uniquely integrates policies, procedures and controls in a process driven manner. Not only does GOLDENHORN eGRC facilitate the management of policy documents, and parts thereof, GOLDENHORN eGRC also enables the management of individual controls and how they relate to policies and risks.

The Internal Rules and Regulations Management software enables enterprises to define action plans, assign action requests to stakeholders, schedule internal rules and regulations quality checks, document recommendations.

The GOLDENHORN eGRC Internal Rules and Regulations Management provides definitions for different types of internal rules and regulations. The GOLDENHORN eGRC IRRM is aimed at efficient corporate governance and ensures integration of the audit process with the risk and compliance management system. With our MultiTenant technology, multi-subsidiary organizations can now manage their internal rules and regulations efforts centrally within an easy and flexible environment.

You can use Internal Rules and Regulations Management as a standalone GRC solution or integrate it in GOLDENHORN eGRC with existing submodules for e.g. Operational Risk Management, Internal Control Management, Compliance Management, Internal Audit Management etc. Since the methodology is aligned, data from cyclical internal rules and regulations checks and acyclic ones are seamlessly integrated. This generates a greater scope of information and a better foundation for making decisions regarding changes.

Creating custom reports is considerably simplified with GOLDENHORN eGRC.


Support of the complete internal rules and regulations management process

Flexible internal rules and regulations quality check planning and scheduling

Implement complex approval processes with dynamic cases and workflows

Remind contributors to complete measures

Use vast capabilities to present insights gained through internal rules and regulations management

Visualize extracts from current internal rules and regulations

Generate individual reports for different target stakeholders


GOLDENHORN BPM process workflow-driven dashboards with information on current internal rules and regulations actions and tasks

Internal Rules and Regulations quality test model registers

Internal Rules and Regulations library

Flexible authorization system based on roles and groups

Tracking for measures, internal rules and regulations findings, reviews and action requests

Collection of various information such as costs, time spent, responsibilities or criticality for individual measures

Flexible reporting


Thanks to the modular configurations of GOLDENHORN eGRC IRRM with different submodules and features:

> Internal Rules and Regulations Knowledge Management System

> Internal Rules and Regulations Change Management

> Internal Rules and Regulations Case Management