2016 GRC Technology Strategy
|
|
- Hollie Norris
- 7 years ago
- Views:
Transcription
1 An OCEG Benchmark on the Use of GRC Technology within Organizations 2016 GRC Technology Strategy Findings of the 2016 OCEG GRC Technology Strategy Survey 1
2 About OCEG... OCEG is a global, nonprofit think tank and community. We invented GRC. We inform, empower and help advance more than 50,000 members on governance, risk management, and compliance (GRC). Independent of specific professions, we provide content, best practices, education, and certifications to drive leadership and business strategy through the application of the OCEG GRC Capability Model and Principled Performance. An OCEG differentiator, Principled Performance enables the reliable achievement of objectives while addressing uncertainty and acting with integrity. Our members include c-suite, executive, management, and other professionals from small and midsize businesses, international corporations, nonprofits, and government agencies. We assist them and their organizations in developing and implementing GRC capabilities that enable Principled Performance by providing authoritative resources for integrating the governance, assurance and management of performance, risk and compliance. The OCEG 2016 GRC Technology Strategy Survey was designed and analyzed by GRC 20/20 Research... GRC 20/20 Research, LLC (GRC 20/20) provides clarity of insight into governance, risk management, and compliance (GRC) solutions and strategies through objective market research, benchmarking, training, and analysis. We provide independent and objective insight into leading GRC practices and processes, including market dynamics and intelligence; risk, regulatory and technology trends; competitive landscapes; market sizing; expenditure priorities; and mergers and acquisitions. For more information go to or contact GRC 20/20 at info@grc2020.com. For more information visit or contact us at info@oceg. 2
3 A Word From Our Survey Sponsors... The 2016 OCEG GRC Technology Strategy Survey is made possible through the support of the entire OCEG GRC Solutions Council and the following survey sponsor members: MetricStream GRC solutions strengthen risk management, regulatory compliance, and quality management while driving business performance. OCEG s Survey clearly shows that GRC is past the tipping point with a majority of organizations (73%) firmly on the road to integrated GRC. We too see accelerated adoption of integrated GRC architectures - organizations are seeking agile GRC technology that makes GRC simple, and provides the analytics and agility needed to achieve superior business performance. Yo Delmar, VP GRC SAP GRC solutions enable organizations to navigate risk and manage controls and compliance confidently in the context of business strategy and performance. Once again, OCEG is providing meaningful data that make the business case for improving GRC capabilities. The finding that the top two objectives in acquiring new GRC technology are to increase GRC related analytics and visibility and to improve consistency of GRC information is key. This indicates understanding that a strong information architecture that enables better data integrity and consistency is essential; a view that SAP shares and supports. Bruce McCuaig, Director GRC Workiva Wdesk gives organizations the flexibility to identify and adapt to changing internal control, risk, and compliance management needs The OCEG GRC Technology Survey is the must read guide for GRC practitioners. This survey provides a comprehensive perspective on the diverse use of GRC technology, the continued reliance on spreadsheets, documents and s, and the importance of ease of use and SaaS for future technology investments. Mike Rost, Vice President 3
4 Preface If you ve taken the time to read this survey, it s likely you have a certain level of interest in governance, risk management, and compliance (GRC). There s no shortage of information on the subject. An Internet search will throw up all sorts of tips, views and best practices designed to help those responsible for these areas. OCEG is the framework body for GRC. We advocate Principled Performance and the role of GRC to enable organizations to reliably achieve objectives while addressing uncertainty and acting with integrity. This OCEG survey is focused on GRC technology strategy and understanding the use of GRC technology in the current state of organizations and the planned future state of where GRC technology architecture is headed. At OCEG we want to see that GRC becomes part of your organization s DNA through the proper implementation and use of GRC technology. Contents INTRODUCTION GRC Technology Impacts GRC Maturity CURRENT STATE OF GRC TECHNOLOGY How Organizations Currently Use GRC Technology FUTURE STATE OF GRC TECHNOLOGY How Organizations Plan to Use GRC Technology GRC SOLUTION AREA FOCUS Look at Types of GRC Technology Use & Strategy SURVEY DEMOGRAPHICS & RELATED RESOURCES Survey Demographics OCEG Resources OCEG GRC Solution Council Members We hope this survey report provides you with some valuable insights. 4
5 INTRODUCTION: GRC Technology Strategy Impacts Maturity Governance, risk management, and compliance (GRC) is something every organization does though not all do it well. Every organization has some approach to governing the organization, managing risk, and approaching compliance. It does not matter if an organization uses the label GRC; the simple truth is every organization does GRC in some form. Some organizations have mature and structured processes and reporting on GRC that brings together an integrated and orchestrated view of GRC processes and information. Other organizations have fragmented approaches where some aspects of GRC are more mature than others but fail to have an overall coordinated strategy. The use of technology for GRC depends on organization strategy. Some organizations look to develop an enterprise technology architecture (or platform) for GRC. Other organizations lack a coordinated strategy and have different departments going in different directions. Whether at an enterprise level or a department, GRC maturity depends on how well GRC processes, information, and technology enable the organization to be efficient, effective and agile to reliably achieve objectives [governance] while addressing uncertainty [risk management] and acting with integrity [compliance]. The proper selection and use of GRC technology is a primary factor in measuring GRC maturity within organizations. From one perspective, we all use technology in GRC. GRC technology is commonly understood from the low-end of using documents, spreadsheets, and to manage GRC information, processes and reporting to the high-end of a federated GRC architecture that integrates information and technology from across the enterprise in an ecosystem of GRC processes and information. There is a wide range of approaches in between. OCEG s 2016 GRC Technology Strategy Survey takes aim at understanding organization s current use, planned future use, strategy, and satisfaction with their use of technology to support GRC within their organizations. Michael Rasmussen OCEG Fellow & Co-Chair of OCEG GRC Solutions Council The GRC GRC 20/20 Research, LLC 5
6 5 Key Takeaways from the 2016 OCEG GRC Technology Strategy Survey GRC strategies involve more departments and are often an enterprise level decision for many organizations. Medium-sized organizations (1,001 to 10,000 employees) are the most likely to adopt new GRC platforms as they have been underserved. Ease of use grows as the #1 factor organizations are looking for in GRC technology as the complexity of legacy solutions has burdened them. GRC & risk analytics together are the GRC technology that is most needed by organizations across the board. GRC budgets are increasing in the majority of organizations, while only 5% of respondents state they are decreasing. 6
7 Current State of GRC Technology
8 Current Level of GRC Integration Of the 290 survey respondents from organizations implementing GRC strategies, 14% stated they were well along their way to being substantially or fully integrated, 21% were partially integrated, and 38% were just beginning their GRC journey of being somewhat standardized. Together, this means that 73% of organizations have embarked on the road of GRC with only 27% of respondents indicating they remain largely siloed with no enterprise or crossdepartment collaboration on areas of GRC in their organization. This shows that nearly three-quarters of organizations responding to this survey have some strategy in place to align, integrate, and collaborate on GRC across departments. Siloed Our processes and technologies remain largely siloed 27% 14% Substantially to Fully Integrated We have integrated processes and technology across many or all organizational silos of operation. GRC Integration 21% Partially Integrated We have integrated processes across many organizational silos, but we have not yet completely addressed integrating technology that supports these processes Somewhat Standardized We have standardized some processes and use of technology but not across the entire enterprise 38% 8
9 Current Level of GRC Integration, Comparison by Organization Size When you look at the level of GRC integration results by the size of organizations it reveals that the medium-sized organizations are the most siloed and in need of integration. Smaller organizations tend to have less to integrate and their needs are simpler. Large organizations have had the most focus on GRC integration and represented the largest segment of integrated to partially integrated. It is the medium-sized organizations that have grown beyond the simpler needs of their smaller counterparts and mirror proportionally the complexity of large organizations that have the most work to do in GRC integration. All Organizations... 14% 21% 38% 27% Small Organizations (1 to 1,000 Employees)... 15% 15% 45% 25% Medium Organizations (1,001 to 10,000 Employees)... 8% 25% 33% 34% Large Organizations (10,001+ Employees)... 20% 22% 38% 20% Integrated Partially Integrated Somewhat Standardized Siloed 9
10 Current Alignment & Utilization of Technology for GRC While 73% of organizations indicate they have some collaboration and integration on GRC across departments, the current state of GRC technology alignment and utilization is moderate with a lot of room for improvement. Only 28% of organizations describe their alignment of GRC technology in positive terms (excellent or good), with 42% stating fair (or neutral), and 30% indicating it is poor. The same goes for utilization of GRC technology, with 35% indicating positive terms (excellent or good), 38% are fair/ neutral, and 27% state is poor. However, given the fact that the predominant technology used for GRC is documents, spreadsheets and s in many organization it becomes clear why so many respond with fair or poor technology utilization and alignment. Organization level of alignment of technology with GRC needs? 4% 24% 42% 30% Utilization of existing technology for GRC 14% 21% 38% 27% Excellent Good Fair Poor 10
11 Use of GRC Technology Organizations approach GRC technology in different ways. Some organizations (16%) try to do everything GRC related with one single GRC platform. This works for some organizations, but others see the need for best of breed solutions (27%) that remain loosely integrated but no one solution being the core. In between the single GRC platform and best of breed approach are organizations that have best of breed solutions but a single core GRC solution that brings everything together (12%). This allows for greater flexibility in focused solutions while still providing a core for overall GRC reporting. Other organizations focus on disconnected department solutions (10%), while many state they have no GRC technology in place or are unsure. These organizations are the ones most likely using a maze of documents, spreadsheets, and s. No GRC Solution/Unsure We do not have any GRC solutions being used in our organization 35% 16% GRC Software Single GRC Platform We have one GRC solution for the entire organization 12% GRC Architecture We have a core GRC solution that integrates with multiple best of breed solutions for GRC Department Silos We have a GRC solution in my department but I am unaware of what other departments are doing 10% 27% Best of Breed We have multiple best of breed GRC solutions that we use across the organization, but none is a central core for GRC 11
12 Use of GRC Technology, Comparison by Organization Size The use of GRC technology varies by organization size. Smaller organizations indicate a greater propensity toward best of breed or department siloed solutions. Medium sized organizations have a greater focus on a single GRC platform and best of breed solutions. Large enterprises, have the greatest focus on a GRC architecture where there is a single platform at the core that is supported by best of breed solutions where they make sense. It is in small to medium-sized organizations where there is no GRC technology implemented and the greatest opportunity for implement. All Organizations... 16% 12% 27% 10% 35% Small Organizations (1 to 1,000 Employees)... 7% 6% 29% 16% 42% Medium Organizations (1,001 to 10,000 Employees)... 19% 4% 23% 8% 46% Large Organizations (10,001+ Employees)... 19% 23% 30% 9% 19% Single Platform GRC Architecture Best of Breed Department Silos No/Unsure 12
13 Future State of GRC Technology
14 GRC Platform Strategy Going Forward Looking to the future, organizations state they have a greater propensity to focus on a GRC architecture (37%) with a core platform for enterprise GRC reporting and management that is supported by best of breed solutions where they make sense. A strong percentage of organizations (33%) state they will focus on a single centralized GRC platform for the entire organization. What is really interesting, is that only 13% of respondents indicated that they want a best of breed non-integrated approach to GRC. In contrast, 70% of organizations (33% single platform and 37% GRC architecture) state that they have a strategy going forward for GRC integration. A distributed range of "best of breed" solutions in different categories that operate independently of each other Unsure A federated "GRC Platform" for certain categories and "best of breed" solutions in others 13% 17% Does your organization prefer a singe GRC solution or do you prefer to purchase best of breed solutions for specific needs and departments? 37% 33% A centralized "GRC Platform" for the entire enterprise across all relevant categories to your business 14
15 Preference of SaaS or Traditional Software for GRC The acceptance of SaaS (Cloud) GRC implementations has grown strongly over the past several years. Of the 290 respondents, 31% prefer SaaS while 39% prefer a traditional onpremise implementation. However, when you filter the respondents by those that indicate they are leading their organizations GRC strategy the preference for SaaS grows to 45%. This means that the GRC technology decision maker has a strong GRC SaaS implementation preference. 15
16 GRC Technology Expansion Strategy In context of expanding GRC technology, a majority of organizations indicate that they are first looking to expand on their existing GRC solutions (52%) followed by those purchasing new GRC solutions (24%). This is often the case when organizations already have a strong investment in a GRC platform and are looking to build out its capabilities further with the expansion into new areas of GRC in the organization that need attention. This is the case for those that rely on old technology or are encumbered by manual processes and a maze of documents, spreadsheets, and s. Purchasing New GRC Solutions Unsure 12% In-House 24% Development 12% How would you characterize your organization's strategy for procuring technology solutions for GRC? 52% Expanding Use of Existing GRC Solutions 16
17 Top 8 Objectives in Acquiring New GRC Technology The top two objectives of organizations in acquiring new GRC technology are to increase GRC related analytics and visibility and to improve consistency of GRC information. These two objectives rank significantly higher than the other factors organizations scored. Interestingly, these two are related. To have good analytics requires a solid information architecture with strong data integrity and consistency. Organizations have been plagued by data integrity and consistency problems for GRC, particularly when done in spreadsheets, documents, and s. Some organizations have reported to GRC 20/20 as much as 80% of FTE staff time doing nothing more than manual reconciliation and report building from documents, spreadsheets, and s. 57 % Increase GRC Analytics & Visibility 36 % Reduce Risk in the Organization 51 % Improve Consistency of GRC Information 33 % Improve Performance In the Organization 38 % Reduce GRC Complexity 27 % Lower or Avoid GRC Costs 37 % Regulatory Compliance Requirements 15 % Increase Reliability of GRC 17
18 Top 8 Criteria in New GRC Purchases When it comes to top criteria for new GRC purchases, organizations are looking for ease of use (53%). Many legacy GRC implementations have been plagued with complexity, bespoke build outs, broken upgrades, and poor user experience. It is logical to see that ease of use has become the number one concern and criteria when evaluating new GRC solutions. This has grown over the past four years. This same survey in 2012 has ease of use (45%) listed second after price (53%). The 2014 survey had ease of use (49%) displace price (46%) for the number one criterion. Now in 2016 this gap grows further with ease of use being 53% and price dropping to 41%. 53 % Ease of Use 26 % Industry Focus 41 % Price 23 % Customer Service 40 % Functionality 21 % Integration Capabilities 39 % Configurability 16 % Company Stability/Viability 18
19 Organization Alignment on GRC Technology Initiatives Going Forward Organization alignment on GRC technology initiatives going forward is improving dramatically. A total of 54% of organizations report that they agree (somewhat to strongly agree) that they have sufficient organizational alignment to produce action on new GRC technology initiatives. This is interesting when you compare the responses discussed earlier on current GRC technology alignment was only 28%. This shows significant change from current technology alignment to future technology alignment going forward. A shift from 28% in the current environment to 54% for future decisions and collaboration on GRC technology across the organization, Strongly Disagree 14% Unsure Strongly Agree 2% 11% Somewhat Disagree 30% We have sufficient organizational alignment to produce action on GRC technology initiatives 43% Somewhat Agree 19
20 Who is Making Future GRC Technology Decisions With the increased organizational alignment on future GRC technology spending is also shared responsibility in making purchase decisions on GRC technology. For 47% of respondents, purchasing new GRC technology is an enterprise-wide decision across GRC related roles and departments. When considered that another 35% of respondents state this is a multi-department decision, but not quite full enterprise, this brings this figure up to 82% indicating that GRC technology spending involves multiple parts of the organization. Group/Issue Level Single Department Multiple Departments Unsure 9% 2% 7% Is the decision to purchase made at an enterprise level, multiple departments working together, single department, or group/issue level? 35% Enterprise 47% 20
21 Where Does Enterprise GRC Budget Come From The budget for GRC technology purchases varies by organizations responding to the survey. The largest segment (24%) indicates it is a shared budget split between IT, GRC groups, and the business. Next (18%), respondents indicated it was from purely the IT budget. A smaller segment indicated that they have a specific GRC budget (12%) that new technology purchases come from which is also the same about (12%) that indicated that it is business budgets. My organization has not budgeted resources for any GRC enabling technology for 2016 Unsure 21% In business budgets (e.g., HR, finance) 12% 13% 12% 24% Does your organization prefer a singe GRC solution or do you prefer to purchase best of breed solutions for specific needs and departments? In a GRC budget 18% Split between the IT, GRC and/or business budgets In the official IT budget 21
22 GRC Budgets Increasing in 2016 GRC Budgets Increasing in 2016 What is particularly interesting is the strong growth in GRC budgets for A total of 55% of respondents indicate that GRC budgets are increasing, while only 5% indicate that GRC budgets are decreasing. This shows that organizations continue to make a strong and expanding investment of GRC related technology now and into the future. Unsure 21% 19% 25%+ GRC Spending Increase 25%+ GRC Spending Decrease 10% to 25% GRC Spending Decrease Up to 10% GRC Spending Decrease Spending Staying Same as Last Year 3% 1% 1% 19% Do you see overall GRC spending (on all aspects, not just technology) in 2016 increasing or decreasing in your organization? 19% 17% 10% to 25% GRC Spending Increase Up to 10% GRC Spending Increase 22
23 What Areas of GRC Technology are Organizations Buying For 2016, organizations (across all sizes) indicate that their greatest focus on GRC technology investment is in risk management and analytics. Respondents were given seventeen categories to choose from and the top eight are represented in the chart on this page. Risk management is growing within organizations and many are moving beyond simple heat maps and stop light diagrams of risk to provide deeper analytics and risk management capabilities that align to business objectives and performance. 42 % Risk Management & Analytics 30 % IT GRC Management 37 % Compliance Management 25 % Policy Management 36 % Audit Management & Analytics 24 % Business Continuity Management 35 % Enterprise GRC Platforms 22 % Internal Control Management 23
24 Top 8 Spending Increases in Large Organizations For large organizations (those over 10,000 employees), the top area of GRC technology spending is in compliance management. This is indicative of the complex array of global regulations and compliance mandates that large organizations have to deal with. These organizations also show a higher propensity to purchase IT GRC management, followed by risk management/analytics, and control automation and enforcement. 64 % Compliance Management 58 % Quality Management 59 % IT GRC Management 56 % Enterprise GRC Platforms 58 % Risk Management & Analytics 53 % Business Continuity Management 58 % Automated Control Monitoring & Enforcement 52 % Policy & Training Management 24
25 Top 8 Spending Increases in Medium Organizations Mid-sized organizations (1,000 to 10,000 employees) show the greatest interest in purchasing enterprise GRC platforms going forward. The mid-market for enterprise GRC solutions is opening up as they follow the large organizations that have focused on enterprise GRC over the last decade. A strong second to enterprise GRC is the focus on risk management and analytic solutions within mid-sized organizations. 71 % Enterprise GRC Platforms 51 % Compliance Management 68 % Risk Management & Analytics 51 % Strategy & Performance Management 57 % IT GRC Management 49 % Policy & Training Management 52 % Audit Management & Analytics 44 % Automated Control Monitoring & Enforcement 25
26 Top 8 Spending Increases in Small Organizations Small organizations (those under 1,000 employees) show the greatest focus in spending on risk management and analytics as well as strategy and performance management solutions. These two areas show a natural relationship in many small organizations where risk management and strategy/ performance management are run out of the finance department. It is only logical that they look at risk and performance closely together and shows the strong relationship each has on the other. 62 % Risk Management & Analytics 50 % IT GRC Management 56 % Strategy & Performance Management 48 % Issue Reporting & Management 54 % Compliance Management 45 % Policy & Training Management 53 % Enterprise GRC Platforms 44 % Quality Management 26
27 GRC Solution Area Focus
28 Enterprise GRC Platforms Enterprise GRC delivers a range of cross-department functionality across GRC functional areas into an integrated technology ecosystem. For some this is a single GRC platform for the entire organization. For others it is an integrated architecture in which there can be a core platform that often extends and integrates into a range of other solutions and data sources. To be an Enterprise GRC Platform requires a single platform architecture that has multi-department (e.g., enterprise wide) use across the following areas, at a minimum: Enterprise/Operational Risk Management Compliance Management Internal Control Management Issue Management (e.g., incident, case, investigations) NOTE: most Enterprise GRC Platforms offer a range of additional module beyond these. 45 % 11 % 25 % 9 % Spreadsheets, Documents & s 53% in Small Organizations 51% in Medium Organizations 35% in Large Organizations Solution Built & Supported by IT 15% in Small Organizations 9% in Medium Organizations 12% in Large Organizations 1 Commercial Solution in this Area 11% in Small Organizations 26% in Medium Organizations 33% in Large Organizations 2+ Commercial Solutions in this Area 6% in Small Organizations 4% in Medium Organizations 17% in Large Organizations 28
29 Enterprise GRC Platforms Do you plan to spend more/same/less on GRC solutions in the following categories over the next 3 years? Across All Organizations S 61 % Spending More 53 % Small Organizations 53% Spending More 44% Same 3% Spending Less 3% Unsure 32 % Same 7 % Spending Less Don t Knows Filtered Out 71 % 56 % Medium Organizations 71% Spending More 27% Same 2% Spending Less Large Organizations 56% Spending More 28% Same 16% Spending Less 29
30 Audit Management & Analytics Audit Management & Analytic technologies are used by auditors to manage and perform audits. Audit management solutions are used to manage audit cycles this includes audit planning, resource scheduling/ calendaring, work paper management, audit execution, audit process management, and audit reporting. They also support a risk-based approach to audit planning to prioritize audits based on the risk to the business. Audit analytic solutions utilize data analytics and continuous auditing (automated control enforcement & monitoring) to extract insights from operational and financial data to assist in audits and provide assurance. 41 % 14 % 38 % Spreadsheets, Documents & s 55% in Small Organizations 46% in Medium Organizations 28% in Large Organizations Solution Built & Supported by IT 13% in Small Organizations 17% in Medium Organizations 11% in Large Organizations 1 Commercial Solution in this Area 13% in Small Organizations 43% in Medium Organizations 52% in Large Organizations 10 % 2+ Commercial Solutions in this Area 6% in Small Organizations 8% in Medium Organizations 17% in Large Organizations 30
31 Audit Management & Analytics Do you plan to spend more/same/less on GRC solutions in the following categories over the next 3 years? Across All Organizations S 46 % Spending More 39 % Small Organizations 39% Spending More 57% Same 4% Spending Less 3% Unsure 48 % Same 6 % Spending Less Don t Knows Filtered Out 52 % 45 % Medium Organizations 52% Spending More 44% Same 4% Spending Less Large Organizations 45% Spending More 48% Same 7% Spending Less 31
32 Automated Control Enforcement & Monitoring Automated Control Enforcement & Monitoring technologies provide the capability to automatically and continuously monitor, enforce, test, assess, and report on controls within the organization. This category of software is also often referred to as Continuous Control Monitoring (CCM) or Automated Controls. This includes the capability to test, on a continuing or periodic basis, data and activity against defined rules to identify and report potential errors, the failure of controls, or inappropriate actions including tests of business transactions, network activity, intrusion attempts, the sharing of confidential information or intellectual property, systems access, etc. Also included in this area is the ability to do GRC data analytics, monitoring, and mining. Automated control solutions include: transaction, configuration, fraud, AML, segregation of duties, master data, identity & access, process, end-user computing application, and social media control solutions 29 % 18 % 17 % 8 % Spreadsheets, Documents & s 33% in Small Organizations 33% in Medium Organizations 23% in Large Organizations Solution Built & Supported by IT 18% in Small Organizations 22% in Medium Organizations 15% in Large Organizations 1 Commercial Solution in this Area 7% in Small Organizations 17% in Medium Organizations 23% in Large Organizations 2+ Commercial Solutions in this Area 6% in Small Organizations 5% in Medium Organizations 12% in Large Organizations 32
33 Automated Control Enforcement & Monitoring Do you plan to spend more/same/less on GRC solutions in the following categories over the next 3 years? Across All Organizations S 48 % Spending More 39 % Small Organizations 39% Spending More 57% Same 4% Spending Less 3% Unsure 46 % Same 6 % Spending Less Don t Knows Filtered Out 44 % 58 % Medium Organizations 44% Spending More 53% Same 3% Spending Less Large Organizations 58% Spending More 33% Same 9% Spending Less 33
34 Business Continuity Management Business Continuity Management technologies model, record and direct the responsibilities, plans, actions and execution of continuity and disaster plans, testing of operating procedures, alternatives, information back-ups, data recovery and restoration processes during expected and unexpected disruptions to all areas of operation. 54 % 17 % Spreadsheets, Documents & s 55% in Small Organizations 57% in Medium Organizations 49% in Large Organizations Solution Built & Supported by IT 16% in Small Organizations 18% in Medium Organizations 16% in Large Organizations 16 % 1 Commercial Solution in this Area 7% in Small Organizations 19% in Medium Organizations 21% in Large Organizations 4 % 2+ Commercial Solutions in this Area 2% in Small Organizations 4% in Medium Organizations 5% in Large Organizations 34
35 Business Continuity Management Do you plan to spend more/same/less on GRC solutions in the following categories over the next 3 years? Across All Organizations S 45 % Spending More 42 % Small Organizations 42% Spending More 52% Same 6% Spending Less 3% Unsure 48 % Same 7 % Spending Less Don t Knows Filtered Out 41 % 53 % Medium Organizations 41% Spending More 56% Same 3% Spending Less Large Organizations 53% Spending More 35% Same 12% Spending Less 35
36 Compliance Management Compliance Management technologies support the overall coordination of legal, regulatory, contractual, values, ethics, and corporate obligations and responsibilities with associated compliance documentation, assessments, tasks, and records. This includes the ability to monitor, document, and manage changes to the regulatory environment and other obligations; to document all obligations of the organization; to perform compliance assessments against obligations; manage regulator and stakeholder interactions on compliance; and report on the state of compliance to regulators and stakeholders. 52 % 20 % 28 % Spreadsheets, Documents & s 58% in Small Organizations 53% in Medium Organizations 42% in Large Organizations Solution Built & Supported by IT 20% in Small Organizations 21% in Medium Organizations 18% in Large Organizations 1 Commercial Solution in this Area 22% in Small Organizations 25% in Medium Organizations 35% in Large Organizations 8 % 2+ Commercial Solutions in this Area 6% in Small Organizations 1% in Medium Organizations 17% in Large Organizations 36
37 Compliance Management Do you plan to spend more/same/less on GRC solutions in the following categories over the next 3 years? Across All Organizations S 56 % Spending More 54 % Small Organizations 54% Spending More 41% Same 5% Spending Less 3% Unsure 36 % Same 7 % Spending Less Don t Knows Filtered Out 51 % 64 % Medium Organizations 51% Spending More 44% Same 5% Spending Less Large Organizations 64% Spending More 25% Same 11% Spending Less 37
38 Environmental Management Environmental Management technologies help monitor, analyze, record, and report organizational activity focused on compliance with environmental laws and regulations, related corporate policy related to managing environmental controls and conditions, and assessing the environmental impact of the corporation s operations, strategies, and plans. 31 % 11 % Spreadsheets, Documents & s 24% in Small Organizations 33% in Medium Organizations 34% in Large Organizations Solution Built & Supported by IT 4% in Small Organizations 15% in Medium Organizations 12% in Large Organizations 11 % 1 Commercial Solution in this Area 6% in Small Organizations 11% in Medium Organizations 16% in Large Organizations 2 % 2+ Commercial Solutions in this Area 2% in Small Organizations 1% in Medium Organizations 4% in Large Organizations 38
39 Environmental Management Do you plan to spend more/same/less on GRC solutions in the following categories over the next 3 years? Across All Organizations S 31 % Spending More 23 % Small Organizations 23% Spending More 73% Same 4% Spending Less 3% Unsure 62 % Same 7 % Spending Less Don t Knows Filtered Out 30 % 43 % Medium Organizations 30% Spending More 67% Same 3% Spending Less Large Organizations 43% Spending More 43% Same 14% Spending Less 39
40 Health & Safety Management Health & Safety Management technologies manage the regulatory and policy-based guidelines and processes for protecting and reporting on the workforce, workplace, resources-under-management and external environment impacted by an organization s activities. 32 % 15 % 16 % Spreadsheets, Documents & s 31% in Small Organizations 38% in Medium Organizations 28% in Large Organizations Solution Built & Supported by IT 7% in Small Organizations 15% in Medium Organizations 20% in Large Organizations 1 Commercial Solution in this Area 13% in Small Organizations 15% in Medium Organizations 18% in Large Organizations 4 % 2+ Commercial Solutions in this Area 2% in Small Organizations 1% in Medium Organizations 8% in Large Organizations 40
41 Health & Safety Management Do you plan to spend more/same/less on GRC solutions in the following categories over the next 3 years? Across All Organizations S 37 % Spending More 33 % Small Organizations 33% Spending More 50% Same 17% Spending Less 3% Unsure 51 % Same 12 % Spending Less Don t Knows Filtered Out 32 % 45 % Medium Organizations 32% Spending More 57% Same 11% Spending Less Large Organizations 45% Spending More 45% Same 10% Spending Less 41
42 Internal Control Management Internal Control Management technologies provide the ability to define, document, map, monitor, test, assess, and report on controls within the organization, including process and systems documentation. These solutions document internal controls, provide control assessments/self-assessments, and manage this through workflow, tasks, and reporting. 49 % 17 % 27 % 7 % Spreadsheets, Documents & s 56% in Small Organizations 56% in Medium Organizations 36% in Large Organizations Solution Built & Supported by IT 16% in Small Organizations 19% in Medium Organizations 17% in Large Organizations 1 Commercial Solution in this Area 20% in Small Organizations 28% in Medium Organizations 30% in Large Organizations 2+ Commercial Solutions in this Area 7% in Small Organizations 4% in Medium Organizations 10% in Large Organizations 42
43 Internal Control Management Do you plan to spend more/same/less on GRC solutions in the following categories over the next 3 years? Across All Organizations S 45 % Spending More 40 % Small Organizations 40% Spending More 53% Same 7% Spending Less 3% Unsure 49 % Same 6 % Spending Less Don t Knows Filtered Out 44 % 51 % Medium Organizations 44% Spending More 51% Same 5% Spending Less Large Organizations 51% Spending More 41% Same 8% Spending Less 43
44 Issue Reporting & Management Issue Reporting & Management technologies provide issue intake and investigations management. Issue reporting solutions (e.g. hotline, whistleblower) provide a confidential, independent resource for individuals to report observations related to issues as well as potential acts of fraud, theft, inappropriate or illegal behavior, negligence or other impropriety. Investigations management solutions are used to manage investigations, issues, incidents, events, or cases: they specifically provide consistent documentation and processes for the management of events from reporting, to managing and documenting the investigation, to recording the loss and business impact. 46 % 20 % 34 % Spreadsheets, Documents & s 48% in Small Organizations 51% in Medium Organizations 39% in Large Organizations Solution Built & Supported by IT 13% in Small Organizations 18% in Medium Organizations 27% in Large Organizations 1 Commercial Solution in this Area 30% in Small Organizations 35% in Medium Organizations 35% in Large Organizations 9 % 2+ Commercial Solutions in this Area 4% in Small Organizations 8% in Medium Organizations 15% in Large Organizations 44
45 Issue Reporting & Management Do you plan to spend more/same/less on GRC solutions in the following categories over the next 3 years? Across All Organizations S 47 % Spending More 48 % Small Organizations 48% Spending More 45% Same 7% Spending Less 3% Unsure 47 % Same 6 % Spending Less Don t Knows Filtered Out 44 % 48 % Medium Organizations 44% Spending More 49% Same 6% Spending Less Large Organizations 48% Spending More 45% Same 7% Spending Less 45
46 IT GRC Management IT GRC Management technologies are used to govern and direct information and technology (IT) strategies in the context of business. The governance function of IT is the alignment, strategy, and direction of IT to support the business. A core component of IT GRC Solutions is the ability to manage and monitor security, risk, and compliance across IT systems throughout the organization and across significant business relationships. 37 % 17 % 31 % Spreadsheets, Documents & s 43% in Small Organizations 40% in Medium Organizations 32% in Large Organizations Solution Built & Supported by IT 16% in Small Organizations 17% in Medium Organizations 18% in Large Organizations 1 Commercial Solution in this Area 22% in Small Organizations 34% in Medium Organizations 36% in Large Organizations 5 % 2+ Commercial Solutions in this Area 4% in Small Organizations 1% in Medium Organizations 9% in Large Organizations 46
47 IT GRC Management Do you plan to spend more/same/less on GRC solutions in the following categories over the next 3 years? Across All Organizations S 56 % Spending More 50 % Small Organizations 50% Spending More 43% Same 7% Spending Less 3% Unsure 39 % Same 5 % Spending Less Don t Knows Filtered Out 57 % 59 % Medium Organizations 57% Spending More 38% Same 5% Spending Less Large Organizations 59% Spending More 36% Same 5% Spending Less 47
48 Legal Management Legal Management technologies administer the collection of facts related to events and legal cases under investigation, for use in verifying their circumstances, in order to provide valid information for testing by independent parties with the confidence that the information provided is related to these events. Discovery tools assist in managing and communicating discovery holds and uncovering, segmenting, organizing and storing electronic forms of evidence that can be used in an investigation, both before and after the occurrence of the related events, including tools that separate potential discovery documents from their original locations and repositories. This category of technology also includes systems for retention management that integrate with content/document systems to manage the storage, disposition, and retention of information. 44 % 14 % 15 % 6 % Spreadsheets, Documents & s 54% in Small Organizations 51% in Medium Organizations 29% in Large Organizations Solution Built & Supported by IT 7% in Small Organizations 16% in Medium Organizations 16% in Large Organizations 1 Commercial Solution in this Area 9% in Small Organizations 13% in Medium Organizations 20% in Large Organizations 2+ Commercial Solutions in this Area 6% in Small Organizations 5% in Medium Organizations 7% in Large Organizations 48
49 Legal Management Do you plan to spend more/same/less on GRC solutions in the following categories over the next 3 years? Across All Organizations S 31 % Spending More 16 % Small Organizations 16% Spending More 76% Same 8% Spending Less 3% Unsure 62 % Same 7 % Spending Less Don t Knows Filtered Out 30 % 48 % Medium Organizations 30% Spending More 67% Same 3% Spending Less Large Organizations 48% Spending More 39% Same 13% Spending Less 49
50 Physical Security Management Physical Security Management technologies enhance physical asset and individual protection, and the authorization and monitoring of access to an organization s facilities and property. This category of technology also includes systems to manage physical loss and theft. 37 % 16 % 16 % Spreadsheets, Documents & s 43% in Small Organizations 43% in Medium Organizations 27% in Large Organizations Solution Built & Supported by IT 13% in Small Organizations 12% in Medium Organizations 21% in Large Organizations 1 Commercial Solution in this Area 13% in Small Organizations 20% in Medium Organizations 13% in Large Organizations 7 % 2+ Commercial Solutions in this Area 6% in Small Organizations 7% in Medium Organizations 8% in Large Organizations 50
51 Physical Security Management Do you plan to spend more/same/less on GRC solutions in the following categories over the next 3 years? Across All Organizations S 34 % Spending More 25 % Small Organizations 25% Spending More 68% Same 7% Spending Less 3% Unsure 58 % Same 8 % Spending Less Don t Knows Filtered Out 39 % 40 % Medium Organizations 39% Spending More 58% Same 3% Spending Less Large Organizations 40% Spending More 45% Same 15% Spending Less 51
52 Policy & Training Management Policy & Training Management technologies mange the development, approval, distribution, communication, forms, maintenance, and records of organization policies, standards, procedures, guidelines and related training and communication awareness activities. This includes solutions used to train individuals on policy and risk areas to employees and extended business relationships. Elements of gamification, elearning, learning management, document/content management are part of this segment from a GRC perspective. Forms and disclosure management solutions (e.g., conflict of interest, gifts & entertainment/hospitality) are included in this segment as they relate and support organization policies. 41 % 24 % 26 % Spreadsheets, Documents & s 48% in Small Organizations 45% in Medium Organizations 31% in Large Organizations Solution Built & Supported by IT 15% in Small Organizations 26% in Medium Organizations 28% in Large Organizations 1 Commercial Solution in this Area 17% in Small Organizations 32% in Medium Organizations 28% in Large Organizations 8 % 2+ Commercial Solutions in this Area 9% in Small Organizations 5% in Medium Organizations 9% in Large Organizations 52
53 Policy & Training Management Do you plan to spend more/same/less on GRC solutions in the following categories over the next 3 years? Across All Organizations S 49 % Spending More 45 % Small Organizations 45% Spending More 45% Same 10% Spending Less 3% Unsure 45 % Same 6 % Spending Less Don t Knows Filtered Out 49 % 52 % Medium Organizations 49% Spending More 49% Same 2% Spending Less Large Organizations 52% Spending More 39% Same 9% Spending Less 53
54 Quality Management Quality Management technologies record, benchmark, track and manage activity related to product and service quality assessments and certifications, production failures, product recalls, design and delivery improvements and their related regulatory guidelines. 42 % 16 % 12 % Spreadsheets, Documents & s 44% in Small Organizations 53% in Medium Organizations 28% in Large Organizations Solution Built & Supported by IT 19% in Small Organizations 15% in Medium Organizations 15% in Large Organizations 1 Commercial Solution in this Area 9% in Small Organizations 8% in Medium Organizations 17% in Large Organizations 7 % 2+ Commercial Solutions in this Area 2% in Small Organizations 4% in Medium Organizations 13% in Large Organizations 54
55 Quality Management Do you plan to spend more/same/less on GRC solutions in the following categories over the next 3 years? Across All Organizations S 44 % Spending More 44 % Small Organizations 44% Spending More 50% Same 6% Spending Less 3% Unsure 52 % Same 4 % Spending Less Don t Knows Filtered Out 31 % 58 % Medium Organizations 31% Spending More 66% Same 3% Spending Less Large Organizations 58% Spending More 38% Same 4% Spending Less 55
56 Risk Management & Analytics Risk Management technologies support the identification, assessment, evaluation and response, and monitoring of risks and opportunities of risk across the organization. This includes the ability to monitor changes in the external and internal contexts to alert an organization to changing risk conditions (e.g., geopolitical, economic, competitor, technology, and natural disaster) that can impact business. These systems help identify specific causes and execute historical review, simulation, interpretation and projection of impacts on an organization s operations or assets given the potential consequences of events and the likelihood of events occurring sequentially or simultaneously. This category includes enterprise risk management systems, operational risk management systems, as well as specialized risk applications. 56 % 17 % 31 % 7 % Spreadsheets, Documents & s 65% in Small Organizations 60% in Medium Organizations 45% in Large Organizations Solution Built & Supported by IT 13% in Small Organizations 18% in Medium Organizations 17% in Large Organizations 1 Commercial Solution in this Area 26% in Small Organizations 29% in Medium Organizations 36% in Large Organizations 2+ Commercial Solutions in this Area 4% in Small Organizations 3% in Medium Organizations 13% in Large Organizations 56
57 Risk Management & Analytics Do you plan to spend more/same/less on GRC solutions in the following categories over the next 3 years? Across All Organizations S 63 % Spending More 62 % Small Organizations 62% Spending More 32% Same 6% Spending Less 3% Unsure 31 % Same 6 % Spending Less Don t Knows Filtered Out 68 % 58 % Medium Organizations 68% Spending More 30% Same 2% Spending Less Large Organizations 58% Spending More 33% Same 9% Spending Less 57
58 Strategy, Performance, & Process Management Strategy, Performance & Process Management technologies include solutions for identifying and managing corporate strategies, goals, and objectives and cascading them through the organization; optimizing operational and financial performance against those objectives; and providing valuable information for decision-making and reporting purposes. 57 % 14 % Spreadsheets, Documents & s 65% in Small Organizations 57% in Medium Organizations 51% in Large Organizations Solution Built & Supported by IT 9% in Small Organizations 16% in Medium Organizations 16% in Large Organizations 10 % 1 Commercial Solution in this Area 15% in Small Organizations 5% in Medium Organizations 11% in Large Organizations 8 % 2+ Commercial Solutions in this Area 4% in Small Organizations 8% in Medium Organizations 11% in Large Organizations 58
59 Strategy, Performance, & Process Management Do you plan to spend more/same/less on GRC solutions in the following categories over the next 3 years? Across All Organizations S 47 % Spending More 56 % Small Organizations 56% Spending More 33% Same 11% Spending Less 3% Unsure 44 % Same 9 % Spending Less Don t Knows Filtered Out 51 % 29 % Medium Organizations 51% Spending More 42% Same 7% Spending Less Large Organizations 29% Spending More 58% Same 13% Spending Less 59
60 Third Party Management Third Party Management technologies provide organizations the ability to govern third party relationships (e.g., vendor, supplier, contractor, consultant, service provider, outsourcers, agent) and the lifecycle of onboarding, contracts, due diligence screening, performance monitoring, risk management, compliance management, quality and service level management, and off-boarding. The third party GRC specific solutions record, and maintain the communication, attestation, and assessment of policies, contractual compliance, risk and compliance assessments, and audits across extended business relationships. Third party screening solutions are used to vet third parties and validate them against databases such as politically exposed persons, watch lists, social accountability, and more. 46 % 12 % 17 % 7 % Spreadsheets, Documents & s 48% in Small Organizations 51% in Medium Organizations 39% in Large Organizations Solution Built & Supported by IT 7% in Small Organizations 9% in Medium Organizations 17% in Large Organizations 1 Commercial Solution in this Area 15% in Small Organizations 18% in Medium Organizations 17% in Large Organizations 2+ Commercial Solutions in this Area 2% in Small Organizations 4% in Medium Organizations 15% in Large Organizations 60
61 Third Party Management Do you plan to spend more/same/less on GRC solutions in the following categories over the next 3 years? Across All Organizations S 41 % Spending More 44 % Small Organizations 44% Spending More 41% Same 15% Spending Less 3% Unsure 48 % Same 11 % Spending Less Don t Knows Filtered Out 31 % 50 % Medium Organizations 31% Spending More 63% Same 6% Spending Less Large Organizations 50% Spending More 36% Same 14% Spending Less 61
RSA Via Lifecycle and Governance 101. Getting Started with a Solid Foundation
RSA Via Lifecycle and Governance 101 Getting Started with a Solid Foundation Early Identity and Access Management Early IAM was all about Provisioning IT tools to solve an IT productivity problem Meet
More informationSolution Viewpoint Governance, Risk Management & Compliance Insight ERP MAESTRO. March 2014. Automated Security & Access Controls Through the Cloud
March 2014 ERP MAESTRO Automated Security & Access Controls Through the Cloud Solution Viewpoint Governance, Risk Management & Compliance Insight INNOVATOR 2014 Table of Contents Executive Summary....
More informationORACLE ENTERPRISE GOVERNANCE, RISK, AND COMPLIANCE MANAGER FUSION EDITION
ORACLE ENTERPRISE GOVERNANCE, RISK, AND COMPLIANCE MANAGER FUSION EDITION KEY FEATURES AND BENEFITS Manage multiple GRC initiatives on a single consolidated platform Support unique areas of operation with
More informationbuilding a business case for governance, risk and compliance
building a business case for governance, risk and compliance contents introduction...3 assurance: THe last major business function To be integrated...3 current state of grc: THe challenges... 4 building
More informationApril 2014 SAI GLOBAL. Delivering Effective Compliance Solutions & Architecture. Solution Viewpoint Governance, Risk Management & Compliance Insight
April 2014 SAI GLOBAL Delivering Effective Compliance Solutions & Architecture Solution Viewpoint Governance, Risk Management & Compliance Insight Table of Contents Executive Summary.... 3 Surmounting
More informationIntroduction to Business Intelligence
IBM Software Group Introduction to Business Intelligence Vince Leat ASEAN SW Group 2007 IBM Corporation Discussion IBM Software Group What is Business Intelligence BI Vision Evolution Business Intelligence
More informationResolver GRC Cloud. Innovation in User Experience for Enterprise GRC SOLUTIONPERSPECTIVE. September 2015
September 2015 Resolver GRC Cloud Innovation in User Experience for Enterprise GRC SOLUTIONPERSPECTIVE Governance, Risk Management & Compliance Insight 2015 GRC 20/20 Research, LLC. All Rights Reserved.
More informationUsing COBiT For Sarbanes Oxley. Japan November 18 th 2006 Gary A Bannister
Using COBiT For Sarbanes Oxley Japan November 18 th 2006 Gary A Bannister Who Am I? Who am I & What I Do? I am an accountant with 28 years experience working in various International Control & IT roles.
More informationValidating Enterprise Systems: A Practical Guide
Table of Contents Validating Enterprise Systems: A Practical Guide Foreword 1 Introduction The Need for Guidance on Compliant Enterprise Systems What is an Enterprise System The Need to Validate Enterprise
More informationHR.com Whitepaper. An Overview of HCM Technology Deployment and Factors Influencing the Strategy
An Overview of HCM Technology Deployment and Factors Influencing the Strategy Results from HR.com s HCM Technology Deployment Survey Sponsored by WP_AnOverviewHCMTech_0711.indd 1. Introduction and Methodology
More informationIT Operations Benchmark Survey 2015. Research Reveals Strategies for IT to Drive Business Results and End-user Satisfaction
IT Operations Benchmark Survey 2015 Research Reveals Strategies for IT to Drive Business Results and End-user Satisfaction Introduction Welcome to the first annual Kaseya IT Operations Benchmark Survey.
More informationGovernance, Risk, and Compliance (GRC) White Paper
Governance, Risk, and Compliance (GRC) White Paper Table of Contents: Purpose page 2 Introduction _ page 3 What is GRC _ page 3 GRC Concepts _ page 4 Integrated Approach and Methodology page 4 Diagram:
More informationDOUBLECHECK VENDOR MANAGEMENT
August 2014 DOUBLECHECK VENDOR MANAGEMENT Managing Risk & Compliance Across 3rd Party Relationships SOLUTION VIEWPOINT Governance, Risk Management & Compliance Insight 2014 GRC 20/20 Research, LLC. All
More informationSarbanes-Oxley: Beyond. Using compliance requirements to boost business performance. An RIS White Paper Sponsored by:
Beyond Sarbanes-Oxley: Using compliance requirements to boost business performance The business regulatory environment in the United States has changed. Public companies have new obligations to report
More informationIMPROVING RISK VISIBILITY AND SECURITY POSTURE WITH IDENTITY INTELLIGENCE
IMPROVING RISK VISIBILITY AND SECURITY POSTURE WITH IDENTITY INTELLIGENCE ABSTRACT Changing regulatory requirements, increased attack surfaces and a need to more efficiently deliver access to the business
More informationConvercent Predictive Analytics
September 2015 Convercent Predictive Analytics Innovation in User Experience for Issue Reporting & Management SOLUTIONPERSPECTIVE Governance, Risk Management & Compliance Insight 2015 GRC 20/20 Research,
More informationWHITE PAPER: STRATEGIC IMPACT PILLARS FOR EFFICIENT MIGRATION TO CLOUD COMPUTING IN GOVERNMENT
WHITE PAPER: STRATEGIC IMPACT PILLARS FOR EFFICIENT MIGRATION TO CLOUD COMPUTING IN GOVERNMENT IntelliDyne, LLC MARCH 2012 STRATEGIC IMPACT PILLARS FOR EFFICIENT MIGRATION TO CLOUD COMPUTING IN GOVERNMENT
More informationVALUE PROPOSITION FOR SERVICE PROVIDERS. Helping Service Providers accelerate adoption of the cloud
VALUE PROPOSITION FOR SERVICE PROVIDERS Helping Service Providers accelerate adoption of the cloud Partnership with Service Providers Enabling Your Cloud Services in Complex Environments Today s challenge
More informationHow to achieve excellent enterprise risk management Why risk assessments fail
How to achieve excellent enterprise risk management Why risk assessments fail Overview Risk assessments are a common tool for understanding business issues and potential consequences from uncertainties.
More informationMicrosoft s Compliance Framework for Online Services
Microsoft s Compliance Framework for Online Services Online Services Security and Compliance Executive summary Contents Executive summary 1 The changing landscape for online services compliance 4 How Microsoft
More informationRSA ARCHER OPERATIONAL RISK MANAGEMENT
RSA ARCHER OPERATIONAL RISK MANAGEMENT 87% of organizations surveyed have seen the volume and complexity of risks increase over the past five years. Another 20% of these organizations have seen the volume
More information2012 North American Vulnerability Research Product Leadership Award
2012 2012 North American Vulnerability Research Product Leadership Award 2012 Frost & Sullivan 1 We Accelerate Growth Product Leadership Award Vulnerability Management North America, 2012 Frost & Sullivan
More informationENABLING ENTERPRISE AVEPOINT ONLINE SERVICES. For Microsoft Office 365 COLLABORATION. For how you work, where you work
ENABLING ENTERPRISE COLLABORATION For how you work, where you work AVEPOINT ONLINE SERVICES For Microsoft Office 365 1 AVEPOINT ONLINE SERVICES FOR MICROSOFT OFFICE 365 Microsoft Office 365 gives users
More information<risk> Enterprise Risk Management
Global Resources... Local Knowledge is vital in supporting business continuity across diverse and challenging environments and operating models. By consolidating risk management activities into a single,
More informationSoftware as a Service Offers Broadening Appeal for Small and Medium-Sized Discrete Manufacturers
Software as a Service Offers Broadening Appeal for Small and Medium-Sized Discrete Manufacturers WHITE PAPER Sponsored by: SAP Simon Ellis November 2010 IDC MANUFACTURING INSIGHTS OPINION Software as a
More informationAn Enterprise Resource Planning Solution for Mill Products Companies
SAP Thought Leadership Paper Mill Products An Enterprise Resource Planning Solution for Mill Products Companies Driving Operational Excellence and Profitable Growth Table of Contents 4 What It Takes to
More informationTapping the benefits of business analytics and optimization
IBM Sales and Distribution Chemicals and Petroleum White Paper Tapping the benefits of business analytics and optimization A rich source of intelligence for the chemicals and petroleum industries 2 Tapping
More informationExposing the hidden cost of Payroll and HR Administration A total cost of ownership study
www.pwc.com/ca Exposing the hidden cost of Payroll and HR Administration A total cost of ownership study A PwC/ADP study March 2012 Executive overview Do you know how much your organization is really
More informationSage 300 Finance. Sage 300 Finance. Industry Solution. Generic to all Industries and Organisations. Target. Business Processes. Business Challenges
Sage 300 Finance Ensure you stay competitive in today s global economy with Sage 300 Finance! We offer you far more than simple financial accountability and compliance. Allow your business to evolve with
More informationWhitepaper Data Governance Roadmap for IT Executives Valeh Nazemoff
Whitepaper Data Governance Roadmap for IT Executives Valeh Nazemoff The Challenge IT Executives are challenged with issues around data, compliancy, regulation and making confident decisions on their business
More informationThe Power of Risk, Compliance & Security Management in SAP S/4HANA
The Power of Risk, Compliance & Security Management in SAP S/4HANA OUR AGENDA Key Learnings Observations on Risk & Compliance Management Current State Current Challenges The SAP GRC and Security Solution
More informationHow To Use Intacct
Intacct Financial Management and Accounting System Intacct is the award winning cloud financial management and accounting system specifically designed to help small and midsized enterprises improve company
More informationOCC 98-3 OCC BULLETIN
To: Chief Executive Officers and Chief Information Officers of all National Banks, General Managers of Federal Branches and Agencies, Deputy Comptrollers, Department and Division Heads, and Examining Personnel
More informationThe PNC Financial Services Group, Inc. Business Continuity Program
The PNC Financial Services Group, Inc. Business Continuity Program 1 Content Overview A. Introduction Page 3 B. Governance Model Page 4 C. Program Components Page 4 Business Impact Analysis (BIA) Page
More informationWhite Paper: The Seven Elements of an Effective Compliance and Ethics Program
White Paper: The Seven Elements of an Effective Compliance and Ethics Program Executive Summary Recently, the United States Sentencing Commission voted to modify the Federal Sentencing Guidelines, including
More informationData Management in the Cloud Era
In This Paper In cloud environments, using multiple point products for data management often results in diminishing returns Single-vendor solutions enable enterprises to leverage their cloud investments
More informationHow To Get A Good Deal On An Application Outsourcing Contract At Anconda.Com
Achieving High Performance with Application Outsourcing 2 Needed now: The right team to get the most from your application portfolio now, next year and every year To be sure that your applications can
More informationA Guide for a Successful ERP Strategy in the Midmarket: Selection, Services, and Integration
May 2012 A Guide for a Successful ERP Strategy in the Midmarket: Selection, Services, and Integration Enterprise Resource Planning (ERP) has been defined as an operational and transactional system of record.
More informationCase Study Success with a. into a Corporate Integrity Agreement (CIA)
Case Study Success with a Corporate Integrity Agreement (CIA) More than 100 affiliated physician practices and healthcare facilities Operations in multiple states More than 2,000 Covered Persons under
More informationAPICS INSIGHTS AND INNOVATIONS SUPPLY CHAIN RISK CHALLENGES AND PRACTICES
APICS INSIGHTS AND INNOVATIONS SUPPLY CHAIN RISK CHALLENGES AND PRACTICES APICS INSIGHTS AND INNOVATIONS ABOUT THIS REPORT This report examines the role that supply chain risk management plays in organizations
More information2014 Financial Services Industry Compliance Benchmark Study
2014 Financial Services Industry Compliance Benchmark Study Presented By: and Executive Summary Beginning in early December 2013, SAI Global Compliance conducted a survey among compliance professionals
More informationIT audit updates. Current hot topics and key considerations. IT risk assessment leading practices
IT audit updates Current hot topics and key considerations Contents IT risk assessment leading practices IT risks to consider in your audit plan IT SOX considerations and risks COSO 2013 and IT considerations
More informationSoftware Industry KPIs that Matter
Software Companies Run Better on NetSuite. Software Industry KPIs that Matter Sponsored by Improved Results from Businesses Like Yours Business Visibility 360 o Visibility & Actionable Insight Increased
More informationMANAGED SECURITY SERVICES: WHEN IT'S TIME TO STOP GOING "IT" ALONE
MANAGED SECURITY SERVICES: WHEN IT'S TIME TO STOP GOING "IT" ALONE August 2014 Derek E. Brink, CISSP, Vice President and Research Fellow, IT Security and IT GRC Report Highlights p2 p3 p6 p7 Security is
More informationHP SOA Systinet software
HP SOA Systinet software Govern the Lifecycle of SOA-based Applications Complete Lifecycle Governance: Accelerate application modernization and gain IT agility through more rapid and consistent SOA adoption
More information04 Executive Summary. 08 What is a BI Strategy. 10 BI Strategy Overview. 24 Getting Started. 28 How SAP Can Help. 33 More Information
1 BI STRATEGY 3 04 Executive Summary 08 What is a BI Strategy 10 BI Strategy Overview 24 Getting Started 28 How SAP Can Help 33 More Information 5 EXECUTIVE SUMMARY EXECUTIVE SUMMARY TOP 10 BUSINESS PRIORITIES
More informationWITH AGILE TECHNOLOGY
FUTURE-PROOF BANKING STRATEGIES Technology Transformation STARTS NOW Banks now better understand the strategic nature of their core systems and are ready to embark on critical technology projects to support
More informationLocation of the job: CFO Revenue Assurance
JOB PROFILE Title of position: Manager: Revenue Assurance Operations Number of subordinates: 5-10 Location of the job: CFO Revenue Assurance Level: 3 Position Code: Time span: 2-3 years Key Performance
More informationWelcome to today s training on how to Effectively Sell SAP ERP! In this training, you will learn how SAP ERP addresses market trends and
Welcome to today s training on how to Effectively Sell SAP ERP! In this training, you will learn how SAP ERP addresses market trends and organizations business needs. 1 After completing this lesson, you
More informationRisk Considerations for Internal Audit
Risk Considerations for Internal Audit Cecile Galvez, Deloitte & Touche LLP Enterprise Risk Services Director Traci Mizoguchi, Deloitte & Touche LLP Enterprise Risk Services Senior Manager February 2013
More informationSoftware as a Service: Guiding Principles
Software as a Service: Guiding Principles As the Office of Information Technology (OIT) works in partnership with colleges and business units across the University, its common goals are to: substantially
More informationDiagram. Microsoft Dynamics Sure Step Methodology
Diagram Microsoft Dynamics Sure Step Methodology Designed to enable you to better serve your customers by helping reduce their Microsoft Dynamics total cost of ownership, the Sure Step Methodology can
More informationData Warehouse Appliances: The Next Wave of IT Delivery. Private Cloud (Revocable Access and Support) Applications Appliance. (License/Maintenance)
Appliances are rapidly becoming a preferred purchase option for large and small businesses seeking to meet expanding workloads and deliver ROI in the face of tightening budgets. TBR is reporting the results
More informationmysap ERP FINANCIALS SOLUTION OVERVIEW
mysap ERP FINANCIALS SOLUTION OVERVIEW EFFECTIVE FINANCIAL MANAGEMENT ... IS KEY TO BUSINESS SUCCESS mysap ERP FINANCIALS YOUR BUSINESS, YOUR FUTURE, YOUR SUCCESS mysap ERP is the world s most complete
More informationOrchestrating the New Paradigm Cloud Assurance
Orchestrating the New Paradigm Cloud Assurance Amsterdam 17 January 2012 John Hermans - Partner Current business challenges versus traditional IT Organizations are challenged with: Traditional IT seems
More informationAn Oracle White Paper November 2011. Financial Crime and Compliance Management: Convergence of Compliance Risk and Financial Crime
An Oracle White Paper November 2011 Financial Crime and Compliance Management: Convergence of Compliance Risk and Financial Crime Disclaimer The following is intended to outline our general product direction.
More informationEnterprise Release Management
Enterprise Release Management Plutora helps organizations manage complex IT Feature Pipeline, IT Releases and IT Test Environments in a simple and transparent manner. Enterprise Releases Transparency and
More informationDomain 1 The Process of Auditing Information Systems
Certified Information Systems Auditor (CISA ) Certification Course Description Our 5-day ISACA Certified Information Systems Auditor (CISA) training course equips information professionals with the knowledge
More informationWelcome to Modulo Risk Manager Next Generation. Solutions for GRC
Welcome to Modulo Risk Manager Next Generation Solutions for GRC THE COMPLETE SOLUTION FOR GRC MANAGEMENT GRC MANAGEMENT AUTOMATION EASILY IDENTIFY AND ADDRESS RISK AND COMPLIANCE GAPS INTEGRATED GRC SOLUTIONS
More informationLearning Outcomes Implementation Guidance - Revised Staff Questions & Answers Document
Committee: International Accounting Education Standards Board Meeting Location: IFAC Headquarters, New York, USA Meeting Date: November 4 6, 2015 SUBJECT: Learning Outcomes Implementation Guidance - Revised
More informationS T R A T E G I C P A R T N E R S H I P D A T A, N E T O W R K S P E O P L E, P R O C E S S, T E C H N O L O G Y, Europe
S T R A T E G I C P A R T N E R S H I P WHERE INNOVATION BEGINS Web-enabled, transparent, optimized business processes, extensive data analytics, continuously innovated business solution for the P&C /
More informationSUSTAINING COMPETITIVE DIFFERENTIATION
SUSTAINING COMPETITIVE DIFFERENTIATION Maintaining a competitive edge in customer experience requires proactive vigilance and the ability to take quick, effective, and unified action E M C P e r s pec
More informationVENDOR SELECTION: WHERE TO BEGIN?
VENDOR SELECTION: WHERE TO BEGIN? INTRODUCTION Selecting the right software for your organization, regardless if it s a best-of breed HR or Sales application or a full-fledged ERP system, can be a daunting
More information2014 SAP AG or an SAP affiliate company. All rights reserved.
SAP Cloud Solution/SAP Computing Connection Title Discover Runs How Here Cloud And Here Computing And Here Enables And Here the And Public Here Sector (max. to 85 Improve characters) Citizens Lives Technology
More informationThree Strategies for Implementing HR in the Cloud
Three Strategies for Implementing HR in the Cloud Adoption of cloud-based, software-as-a-service (SaaS) human resource management systems (HRMS) has become one of the hottest trends in HR. According to
More informationAudit Report. Effectiveness of IT Controls at the Global Fund Follow-up report. GF-OIG-15-20b 26 November 2015 Geneva, Switzerland
Audit Report Effectiveness of IT Controls at the Global Fund Follow-up report GF-OIG-15-20b Geneva, Switzerland Table of Contents I. Background and scope... 3 II. Executive Summary... 4 III. Status of
More informationTHE CORNERSTONE DIFFERENCE
THE CORNERSTONE DIFFERENCE INTRODUCTION In a market that has markedly shifted over the last few years towards large, generalist ERP suites and mixed delivery models, it has become quite clear that Cornerstone
More informationFFIEC Cybersecurity Assessment Tool
Overview In light of the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council 1 (FFIEC) developed the Cybersecurity Tool (), on behalf of its members,
More informationICT Digital Transformation Programme
Officer and Date Item Cabinet 11 th May 2016 Public ICT Digital Transformation Programme Responsible Officer: Clive Wright, Chief Executive Email: Clive.wright@shropshire.gov.uk Tel: 01743 252007 1.0 Summary
More informationIndustrial Cyber Security Risk Manager. Proactively Monitor, Measure and Manage Industrial Cyber Security Risk
Industrial Cyber Security Risk Manager Proactively Monitor, Measure and Manage Industrial Cyber Security Risk Industrial Attacks Continue to Increase in Frequency & Sophistication Today, industrial organizations
More informationWebinar and Marketing Technology Purchase Decision Analysis Prepared for ON24
Webinar and Marketing Technology Purchase Decision Analysis Prepared for ON24 December 2015 www.hanoverresearch.com Table of Contents Introduction and Methodology.. P 3 Executive Summary and Key Findings..
More informationIDC MarketScape: Worldwide Service Desk Management Software 2014 Vendor Analysis
IDC MarketScape IDC MarketScape: Worldwide Service Desk Management Software 2014 Vendor Analysis Robert Young THIS IDC MARKETSCAPE EXCERPT FEATURES: SERVICENOW IDC MARKETSCAPE FIGURE FIGURE 1 IDC MarketScape
More informationImplementing Practical Information Security Programs
Implementing Practical Information Security Programs CISO Summit March 17-19, 2013 Presented by: David Cass, SVP & Chief Information Security Officer, Elsevier Information Security & Data Protection Office
More informationAn example ITIL -based model for effective Service Integration and Management. Kevin Holland. AXELOS.com
An example ITIL -based model for effective Service Integration and Management Kevin Holland AXELOS.com White Paper April 2015 Contents Introduction to Service Integration and Management 4 An example SIAM
More informationDriving Excellence in Implementation and Beyond The Underlying Quality Principles
SAP Thought Leadership Paper SAP Active Quality Management Driving Excellence in Implementation and Beyond The Underlying Quality Principles 2014 SAP AG or an SAP affiliate company. All rights reserved.
More informationInforCloudSuite. Business. Overview INFOR CLOUDSUITE BUSINESS 1
InforCloudSuite Business Overview INFOR CLOUDSUITE BUSINESS 1 What if... You could implement a highly flexible ERP solution that was built to manage all of your business needs, from financials and human
More informationReady, Set, Go! A Game Plan for Talent Management in the Midmarket
Ready, Set, Go! A Game Plan for Talent Management in the Midmarket Introduction Organizations that have survived the global economy of the past few years have experienced the new business reality: the
More informationBusiness Transformation with Cloud ERP
Photo copyright 2012 Michael Krigsman. Business Transformation with Cloud ERP Prepared by Michael Krigsman February 2012 NetSuite sponsored this independent white paper; Asuret does not endorse any vendor
More informationOptimizing government and insurance claims management with IBM Case Manager
Enterprise Content Management Optimizing government and insurance claims management with IBM Case Manager Apply advanced case management capabilities from IBM to help ensure successful outcomes Highlights
More informationThe Power of BMC Remedy, the Simplicity of SaaS WHITE PAPER
The Power of BMC Remedy, the Simplicity of SaaS WHITE PAPER TABLE OF CONTENTS EXECUTIVE SUMMARY............................................... 1 BUSINESS CHALLENGE: MANAGING CHANGE.................................
More informationCA Service Desk Manager
PRODUCT BRIEF: CA SERVICE DESK MANAGER CA Service Desk Manager CA SERVICE DESK MANAGER IS A VERSATILE, COMPREHENSIVE IT SUPPORT SOLUTION THAT HELPS YOU BUILD SUPERIOR INCIDENT AND PROBLEM MANAGEMENT PROCESSES
More informationWHITEPAPER. Creating and Deploying Predictive Strategies that Drive Customer Value in Marketing, Sales and Risk
WHITEPAPER Creating and Deploying Predictive Strategies that Drive Customer Value in Marketing, Sales and Risk Overview Angoss is helping its clients achieve significant revenue growth and measurable return
More informationStrategic Solutions that Make Your Work Easier. Projects Made Easier Decisions Made Easier Business Made Easier
Strategic Solutions that Make Your Work Easier Projects Made Easier Decisions Made Easier Business Made Easier Have You Outgrown Your Systems? Buyers Say the Partner and the Product are More Important
More informationStart Anywhere and Go Everywhere with Cloud Services for HR
SAP Brief SAP Services Cloud Services for Human Capital Management Objectives Start Anywhere and Go Everywhere with Cloud Services for HR Propel your business to success Propel your business to success
More informationAccenture Human Capital Management Solutions. Transforming people and process to achieve high performance
Accenture Human Capital Management Solutions Transforming people and process to achieve high performance The sophistication of our products and services requires the expertise of a special and talented
More informationAn Enterprise Framework for Business Intelligence
An Enterprise Framework for Business Intelligence Colin White BI Research May 2009 Sponsored by Oracle Corporation TABLE OF CONTENTS AN ENTERPRISE FRAMEWORK FOR BUSINESS INTELLIGENCE 1 THE BI PROCESSING
More informationIs Your Company Ready for a Big Data Breach?
Is Your Company Ready for a Big Data Breach? The Second Annual Study on Data Breach Preparedness Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication
More informationPulling it all together: Integrated Solutions for Governance, Risk and Compliance
Customer Practice Profile Pulling it all together: Integrated Solutions for Governance, Risk and Compliance The business case for a new enterprise approach to GRC Integrated solutions for Governance, Risk
More informationS24 - Governance, Risk, and Compliance (GRC) Automation Siamak Razmazma
S24 - Governance, Risk, and Compliance (GRC) Automation Siamak Razmazma Governance, Risk, Compliance (GRC) Automation Siamak Razmazma Siamak.razmazma@protiviti.com September 2009 Agenda Introduction to
More informationwww.pwc.com Third Party Risk Management 12 April 2012
www.pwc.com Third Party Risk Management 12 April 2012 Agenda 1. Introductions 2. Drivers of Increased Focus on Third Parties 3. Governance 4. Third Party Risks and Scope 5. Third Party Risk Profiling 6.
More informationCOSO s 2013 Internal Control Framework in Depth: Implementing the Enhanced Guidance for Internal Control over External Financial Reporting
in Depth: Implementing the Enhanced Guidance for Internal Control over External Financial Reporting Table of Contents EXECUTIVE SUMMARY... 3 BACKGROUND... 3 SIGNIFICANT CHANGES AFFECTING INTERNAL CONTROL
More information2015 Global Identity and Access Management (IAM) Market Leadership Award
2015 Global Identity and Access Management (IAM) Market Leadership Award 2015 Contents Background and Company Performance... 3 Industry Challenges... 3 Market Leadership of IBM... 3 Conclusion... 6 Significance
More informationIT Governance, Risk, and Compliance
May 2008 2008 Annual Report IT Governance, Risk, and Compliance Improving business results and mitigating financial risk IT Policy Compliance Group Contents Executive summary...........................................................
More informationNEW YORK STATE-WIDE PAYROLL CONFERENCE. Presented to:
NEW YORK STATE-WIDE PAYROLL CONFERENCE Presented to: Felicia Cheek, Practice Leader Global Time to Pay Advisory 15 September 2014 Statement of Confidentiality and Usage Restrictions This document contains
More informationFour Clues Your Organization Suffers from Inefficient Integration, ERP Integration Part 1
Four Clues Your Organization Suffers from Inefficient Integration, ERP Integration Part 1 WHY ADOPT NEW ENTERPRISE APPLICATIONS? Depending on your legacy, industry, and strategy, you have different reasons
More informationSOA + BPM = Agile Integrated Tax Systems. Hemant Sharma CTO, State and Local Government
SOA + BPM = Agile Integrated Tax Systems Hemant Sharma CTO, State and Local Government Nothing Endures But Change 2 Defining Agility It is the ability of an organization to recognize change and respond
More informationISO 9001:2015 Your implementation guide
ISO 9001:2015 Your implementation guide ISO 9001 is the world s most popular management system standard Updated in 2015 to make sure it reflects the needs of modern-day business, ISO 9001 is the world
More informationSix Drivers For Cloud Business Growth Efficiency
Behind Every Cloud, There s a Reason Analyzing the Six Possible Business and Technology Drivers for Going Cloud CONTENTS Executive Summary Six Drivers for Going Cloud Business Growth Efficiency Experience
More informationBUSINESS CONSULTING SERVICES Comprehensive practice management solutions for independent investment advisors
BUSINESS CONSULTING SERVICES Comprehensive practice management solutions for independent investment advisors Insights, tools and resources to help you Accelerate Your Growth, Scale Your Business and Elevate
More information