GRC uses the Systematic Cause Analysis Technique (known as SCAT) to identify and conduct effective investigations where elements within the Security and Safety structure have been absent of not adhered to. This is a top down and bottom up approach where Policies, Standards, Guidelines and methodology are observed, assessed as being fit for purpose and or its relevance.
Identifying where there has been oversight (either process of personnel) is important for the organization to work through an accountability process. This may mean systems, process of people.
SCAT Analysis Process:
- Establish context in which breaches have been made
- Work through “Immediate Causes”
- Understand “Root Causes”
- Lack of “Management System Controls”
- Accounting the Loss
- Accountability Matrix – who and what was at fault