integrated grc
DESCRIPTION
Presentation från GRC 2014 den 15 maj. Kontakta gärna talaren om du har några frågor. Hela schemat för eventet hittar du här: http://www.transcendentgroup.com/sv/har-har-du-hela-schemat-for-grc-2014/TRANSCRIPT
Integrated GRC, financial justification
Stockholm – 15th of May, 2014
Rob van Straten
2
We are ranked
as a leader
by allindustry
analysts for
consecutive
6 years
All customers use
the sameconfigurable GRC
platform
Upgrades take
one hour
global alliance
program:
>200 certified
consultants
400+ Global
customers
>1 million users
Global leader in
IntegratedGRC
software
BWise® GRC platform
supports ‘GRC groups’:
Risk Management
Internal Audit
Internal Control
Compliance & Policy Management
IT GRC
Sustainability Performance
Management
Corporate control
Business Continuity Management
Case Management
Continuous
Monitoring/Auditing
Best practices
Best of breed:
Functionality
Security
Flexibility
Scalability
Performance
3
BWise supports all GRC functions
4
Banking
OpRisk Cycle
Risk Identification
RCSA
Loss & Incident Management
Action Management Risk Framework
Capital Calculation
Risk Reporting
KRI Management
5
Maintain Audit Universe
Workpaper Management
Audit Reporting
Findings & Issue Tracking
Yearly Audit Plan
Detailed Audit Planning
Audit Analytics
Audit Preparation
The Audit Cycle
6
Integrated GRC - Common Risk Language
Confidential information – Copyright 2013 BWise
Frameworks drive reporting
7
Operational Risk Management Dashboard
8
Personal Dashboard
9
Gerard Parker
Risk Management (RM)
Michael Bauer
Internal Control (IC)
Jackie McLaren
Compliance &
Policy Mngt (CPM)
Damian Thomson
IT GRC
Kim Lee
Sustainability
Performance
Management (SPM)
Integrated BWise® GRC Platform
Ann Green
Internal Audit (IA)
Planning Framework Assessment Data Reports
10
Data Driven Risk Management and ComplianceBusiness SystemsIT Management Systems
Assets CMDB
Vulnerability
Management
Intrusion
Detection
Log
Management
Incident
Management
Identity and Access ManagementITG
RC G
RC
ER
P
HR
Consolidation
PCI, COBIT, ITIL, ISO27002ICOFR, SOX, AML, FCPA, ABC,
GRI, TAX
BWise Enterprise GRC
CRM
11
FINANCIAL JUSTIFICATION OF
INTEGRATED GRC
12
report
Internal
Audit
HR Finance Business R&DSupply
chain
Com-
plianceERM
ORM
Internal
Control
report report report
Fragmented
data collection
Siloed
IT systems
Duplicative
reporting
Fragmented GRC:
Multiple frameworks and systems, duplicative efforts,
multiple versions of the truth
13
HR Finance Business R&DSupply
chain
Integrated GRC platformIA, ERM/ORM, Compliance, Internal Control
Asking
questions once
Integrated
GRC platform
Integrated
reporting
Integrated GRC:
Single framework and system, reusing information,
one version of the truth
reports
14
The 3 Elements of Benefit
Efficiency
improvement
Loss Prevention
Performance Enhancement
Improved Steering
Possible to prove
Possible to claim
Possible to prove
Hard to claim
Hard to prove
Hard to claim
15
Improved Steering
“After a risk assessment gave
us better insights into our
supply chain risks, we have
made ample investments in our
partner supply network, which
has prevented major damage
after the Fukushima disaster.”
“With our risk management
program, we were able to
reduce our regulatory capital
charge by ## million, which has
given us ## extra revenue with
## extra profit.”
16
Non-Compliance Financial Consequences
108M USD
384M USD
36M USD
250M USD
13,2M USD
48M USD
398M USD
700k USD
4M USD
4,5M USD
492M USD
754,4M USD
17
Sample Fines
18
C-Level: Held Personally Responsible
Confidential information – Copyright 2013 BWise
19
Elements of Efficiency Improvement
IT Cost
• IT infrastructure cost– Hardware
– Software
• IT maintenance cost
• IT staffing cost
• Upgrades & Updates
• Training cost
Process Efficiencies
• Reporting efficiency
• Issue tracking efficiency
• Control testing efficiency
• Risk assessment efficiency
• Incident management efficiency
• Compliance tracking efficiency
• Risk monitoring efficiency
• …
20
Cost Reduction – IT Systems
-2 000 000
-1 000 000
0
1 000 000
2 000 000
3 000 000
4 000 000
5 000 000
6 000 000
Cost Savings
Cost Saving Cumulative Cost Saving
21
22
How to start the eGRC Journey? Practical advice
Create
IT visionfor eGRC
Develop unified taxonomy;
single Risk language
define
pain
points and/or
quick wins
Reduce
complexity by
Best
Practices and
Standards
It’s a
journey, not a
destination
Connect
Risks to
processesand define
controls