DOUBLECHECK VENDOR MANAGEMENT
|
|
- Julius Flowers
- 8 years ago
- Views:
Transcription
1 August 2014 DOUBLECHECK VENDOR MANAGEMENT Managing Risk & Compliance Across 3rd Party Relationships SOLUTION VIEWPOINT Governance, Risk Management & Compliance Insight
2 2014 GRC 20/20 Research, LLC. All Rights Reserved. No part of this publication may be reproduced, adapted, stored in a retrieval system or transmitted in any form by any means, electronic, mechanical, photocopying, recording or otherwise, without the prior permission of GRC 20/20 Research, LLC. If you are authorized to access this publication, your use of it is subject to the Usage Guidelines established in client contract. The information contained in this publication is believed to be accurate and has been obtained from sources believed to be reliable but cannot be guaranteed and is subject to change. GRC 20/20 accepts no liability whatever for actions taken based on information that may subsequently prove to be incorrect or errors in analysis. This research contains opinions of GRC 20/20 analysts and should not be construed as statements of fact. GRC 20/20 disclaims all warranties as to the accuracy, completeness or adequacy of such information and shall have no liability for errors, omissions or inadequacies in such information. Although GRC 20/20 may include a discussion of related legal issues, GRC 20/20 does not provide legal advice or services and its research should not be construed or used as such.
3 Table of Contents Managing Islands of Relationships in an Ocean of Risk...4 DoubleCheck Vendor Management...7 Managing Risk & Compliance Across 3rd Party Relationships...7 The Value of DoubleCheck Vendor Management...7 Capabilities of DoubleCheck...9 GRC 20/20 s Final Perspective About GRC 20/ Research methodology...12 TALK TO US... We look forward to hearing from you and learning what you think about GRC 20/20 research. GRC 20/20 is eager to answer inquiries from organizations looking to improve GRC related processes and utilize technology to drive GRC efficiency, effectiveness, and agility.
4 DOUBLECHECK VENDOR MANAGEMENT Managing Risk & Compliance Across 3rd Party Relationships Executive Summary Across industries organizations are facing global regulatory pressure in 3rd party oversight and due diligence. Organizations are a complex and diverse network of business relationships in which risk and compliance challenges do not stop at traditional organizational boundaries. Third party relationships are critical to business today but introduce significant risk. Organizations fail when they look at the formation of a business relationship and do not foresee that issues cascade and cause severe damage to reputation and exposure to legal and operational risk throughout the ongoing relationship. Third-party management is enabled at an enterprise level through implementation of an integrated third-party management platform. The right third-party risk management platform enables the orga nization to effectively manage risk across extended business relationships and facilitate the ability to document, communicate, report, and monitor the range of assessments, documents, tasks, responsibilities, and action plans. DoubleCheck is a GRC solution that GRC 20/20 has researched, evaluated, and reviewed with organizations that are using it in distributed and dynamic business environments across industries and of varying size. DoubleCheck has recently updated their Vendor Management solution to the 3.0 version which provides increased capabilities to manage third parties on an ongoing and continuous basis. Managing Islands of Relationships in an Ocean of Risk No company is an island. Organizations are a complex and diverse network of business relationships in which risk and compliance challenges do not stop at traditional organizational boundaries. Organizations struggle to identify, manage, and govern business relationships. The challenge is: Can you attest that risk and compliance are managed across extended business relationships? An organization can face reputation and economic disaster by establishing or maintaining the wrong business relationships, or by allowing good business relationships to sour because of weak oversight. This is true across industries, but some, like financial services, are seeing greater regulatory oversight of third party/vendor risks (e.g., US OCC). Across industries organizations are facing global regulatory pressure in 3rd party oversight and due diligence in the context of anti-bribery and corruption (e.g., US FCPA, UK Bribery Act, OECD Principles) and conflict minerals (e.g., Dodd Frank Act, Europe s Conflict Mineral Regulation). Major brands have focused efforts on social accountability in the context of international labor standards (e.g., child labor, forced labor, working hours, health and safety). There is significant pressure in 3rd party management in the context of PCI DSS and protection of credit card data. The Target breach is a case in point in which an air-conditioning vendor was the doorway into the largest credit card breach of a POS system to date. Third party relationships are critical to business today but introduce a significant exposure to risk. Organizations fail when they look at the formation of a business relationship and do not foresee that issues cascade and cause severe damage to reputation, and 4
5 exposure to legal and operational risk throughout the ongoing relationship. They make two common mistakes: n Risk is only considered during the on-boarding process. Risks in extended business relationships are often only analyzed during the on-boarding pro cess to validate the organization is doing business with the right companies. This approach fails to recognize that additional risk is incurred over the life of the business relationship. n Partner performance evaluations neglect risk. Metrics and measurements often fail to fully analyze and monitor risk. Often, metrics are focused on vendor delivery of products and services but do not include monitoring risks such as compliance and ethical considerations. Risk and compliance issues and corresponding processes constantly bear down on these relationships. Business processes and corresponding technologies that operate autonomously introduce further risk, as there is no view into the range of risk issues that a single business relationship brings to the organization. Organizations need an integrated approach to third-party risk and compliance management that brings together people, process, and technology to deliver not only efficiency and effectiveness but also agility. Ignoring an integrated view of extended business relationships can result in business relationships that behave like leaves blowing in the wind, with no one monitoring the ever-changing risks in a dynamic business environment. The building blocks of an effective, efficient, and agile third-party risk management program are: 1. Define Your Program. The first step is to define the third-party manage ment program. While an individual needs to lead the program, it also ne cessitates that different parts of the organization work with this role. Defining your program includes understanding board oversight and reporting for third-party risk and compliance, and a cross-functional team to ensure that the operational, reputational, and compliance risks in business relationships are appropri ately addressed. This team needs to work with the relationship owners to ensure a collaborative and efficient oversight process is in place. 2. Establish Framework. The third-party management framework is used to manage and monitor the ever-changing relationship, risk, and regulatory environments in extended business relationships. The framework starts with developing a list of third-party relationships cross-referenced to risks and regulations affecting those relationships. A framework is an organized set of controls used to measure compliance against multiple risks, regulations, standards, and best practices. 3. Onboarding. Evaluation of risk and compliance needs to be integrated with the process of procurement and vendor/supplier/partner relations. A business 5
6 relationship is to be evaluated against defined criteria to determine if the relationship should be established or avoided. When there is a high degree of inherent risk, but the relationship still is necessary, manage the risk within tolerance level by establishing compensating controls and monitoring requirements. 4. Ongoing Monitoring. A variety of environmental and geo-political factors can affect the success or failure of any given business relationship. This includes the potential for natural disasters, disruptions, commodity availability and pricing, industry developments, and geopolitical risks. The potential risks relevant to each business partner should be taken into consideration to monitor the health and success of business relationships on an individual and aggregate level. This also involves monitoring relevant legal and regulatory environments in corresponding jurisdictions to identify changes that could impact the business and its extended relationships. 5. Resolve Issues. Even the most successful business relationships encounter issues. These may arise from quality, health and safety, regulatory, environmental, business continuity, economic, fraud, or legal and regulatory mishaps. The fallout from incidents is exacerbated when everyone scrambles because nobody developed defined action and resolution plans ahead of time. Management of risk across extended business relationships should account for issues and plan for containment, mitigation, and resolution. The challenge is that many organizations try to manage all of this with spreadsheets, documents and . These approaches are prone to failure as they bury the organization in mountains of data that is difficult to maintain, aggregate, and report on, consuming valuable resources. The organization ends up spending more time in data management and reconciling as opposed to active risk monitoring of ex tended business relationships. Bottom Line: Third-party risk management is enabled at an enterprise level through implementation of an integrated third-party risk management platform. This offers the adaptability needed as a result of the dynamic nature and geographic dispersion of the modern enterprise. The right third-party risk management platform enables the organization to effectively manage risk across extended business relationships and facilitate the ability to document, communicate, report, and monitor the range of assessments, documents, tasks, responsibilities, and action plans. Effectively managing and monitoring risk across third party relationships requires a centralized platform to document, communicate, report, and monitor the range of 6
7 assessments, documents, tasks, responsibilities, and action plans. The ideal platform engages extended business partners and employees as well as internal staff. Ideally, these systems provide capabilities that help the organization: n Ensure ownership and accountability are clearly established and understood n Manage the on-boarding and the ongoing risk and compliance scoring and assessment processes n Conduct initial and ongoing assessments n Actively monitor all business partners for adherence to code-of-conduct and related policies n Make changes in risk profiles based on targeted risk assessments n Leverage built-in question sets to streamline surveys and questionnaires n Initiate and mange incident follow-ups and investigations n Use verifiable evidence to readily attest to in compliance status n Third-party risk management is enabled at an enterprise level through implementation of an integrated third-party risk management platform. DoubleCheck Vendor Management Managing Risk & Compliance Across 3rd Party Relationships DoubleCheck is a GRC solution that GRC 20/20 has researched, evaluated, and reviewed with organizations that are using it in distributed and dynamic business environments across industries and of varying size. DoubleCheck has recently updated their Vendor Management solution to 3.0 which provides increased capabilities to manage third parties on an ongoing and continuous basis. GRC 20/20 has seen signficant progress in user interface design with a focus on intuitiveness and ease of use in the 3.0 release. The Value of DoubleCheck Vendor Management Successful governance, risk management, and compliance (GRC) delivers the ability to effectively mitigate risk, meet requirements, satisfy auditors, achieve human and financial efficiency, and meet the demands of a changing business environment with agility. GRC solutions should achieve better performing processes that utilize more reliable information. This enables a better performing, and a less costly, more flexible business environment. Clients engage DoubleCheck with the goals of understanding and managing risk, ensuring compliance with obligations, improving human and financial efficiencies, enhancing transparency, and managing GRC in the context of business change. 7
8 GRC 20/20 measures the value of GRC engagement around the elements of efficiency, effectiveness and agility. Organizations need to be: n Effective. At the end of the day GRC is about effectiveness to ensure that the organization manages risk and compliance and is properly understood, monitored and managed at all levels of the organization. Effectiveness delivers a holistic understanding and prioritization of risk and compliance aligned with the business and kept under control. GRC effectiveness is validated through greater assurance of the design and operational effectiveness of controls to mitigate risk, achieve performance, protect integrity of the organization, and meet regulatory requirements. DoubleCheck Vendor Management is effective. Organizations that GRC 20/20 interviewed utilizing DoubleCheck for Vendor Management stated that they had increased ability to manage all parts of the vendor/ third party lifecycle on a regular ongoing basis to identify and respond to risk and compliance concerns as they arose in the changing nature of business and the relationship. n Efficient. GRC solutions provide efficiency and savings in human and financial capital resources. Technology solutions that support business and GRC processes reduce operational costs by automating processes, particularly those that take a lot of time consolidating and reconciling information in order to manage and mitigate risk and meet compliance requirements. GRC efficiency is achieved when there is a measurable reduction in human and financial capital resources needed to address GRC in the context of business operations. GRC should reduce operational costs by providing access to the right information at the right time, and reduce the time spent searching for answers. DoubleCheck Vendor Management is efficient. Organizations that GRC 20/20 interviewed utilizing DoubleCheck for Vendor Management reported that they were able to conduct more assessments of more relationships over a time period than they could with their previous approach. Overall they were able to streamline processes, and reduce employee time on individual assessments. They saw significant savings in the time spent aggregating and reporting on risk across their third party relationships. n Agile. GRC solutions deliver business agility when organizations can respond rapidly to changes in the business environment (e.g., employees, business relationships, mergers and acquisitions, new laws and regulations) as well as the external environment (e.g. economic risk, new laws, and regulations) and communicate changes to employees. GRC s agility is also measured in responsiveness to events and issues; organizations can identify and react quickly to incidents so that action can be taken. DoubleCheck Vendor Management is agile. Organizations that GRC 20/20 interviewed utilizing DoubleCheck for Vendor Management 8
9 reported that the flexibility of the solution allowed them to adapt and expand it as they needed to keep current with their changing business, as well as risk and regulatory environments. A financial services firm specifically stated they have seen value in being able to manage risk and compliance in vendor relationships as regulatory scrutiny in this area has increased with enhanced requirements. Capabilities of DoubleCheck DoubleCheck Vendor Management enables an organization to be proactive in managing dynamic and extended business relationships across a range of third parties. It assures stakeholders and the board that their third party business relationships do not bring unnecessary exposure to organization operations and strategy. GRC 20/20 has evaluated the DoubleCheck Vendor Management solution and finds that it delivers a capable offering across the core needs of third party management. The DoubleCheck Vendor Management solution delivers the following capabilities to make GRC programs effective as well as efficient and agile: n Ease-of-use. A critical quality of a third party management solution is easeof-use. A system that is difficult to use is an impediment to effectiveness, and inhibits the acceptance and use across an organizations extended business relationship network. DoubleCheck Vendor Management is designed to adapt to the way risk is logically managed, enabling the solution to function and allow staff to concentrate on their tasks rather than working around the limitations of tools. n Process lifecycle. Going beyond a pure risk and compliance view of third party relationships, DoubleCheck delivers a solution that helps with the onboarding, the ongoing lifecycle and monitoring of the relationship, and the final offboarding of the relationship. n Role and use case focus. The DoubleCheck solution goes beyond complex dashboads that just simply pump metrics in all direction. The 3.0 version has show specific focus on the development of portals with integration and reporting of information in context of specific roles and use cases. n Onboarding. With DoubleCheck Vendor Management, organizations gain a solution that can be used to define the relationship, store and manage contracts, establish service levels, and conduct initial due diligence. The onboarding process allows for the efficient establishment of a relationship and the ability to move it to an ongoing continuous monitoring function. Checklist for 3rd Party Risk Management Ease of Use Process Lifecycle Role and Use-Case Focus Onboarding System of Record Issue Management Dashboarding & Reporting Relationship Documentation Policy Communication & Attestation Risk & Compliance Assessments Due Diligence Workflow Automation & Task Management Audit Management 9
10 n System of record. DoubleCheck Vendor Management is the system of record for the state of risk and compliance across the range of third party relationships. Everyone with a role in risk management the risk management team, procurement, internal audit, and the compliance department can securely access the system, enter information, notes, and analysis into their respective systems of record within the application. n Issue management. Managing incident response efforts and day-to-day issues across third party relationships requires effective coordination and collaboration between the organization and its GRC roles, and the third party. DoubleCheck Vendor Management provides the ability to report, document, track, and manage incidents from identification to resolution. The system keeps a complete record of issues that can feed back into risk models and analysis of business relationships. n Dashboards and reporting. DoubleCheck s dashboarding capability means that key risk indicators of third party relationships can be pushed directly to responsible parties, enabling them to make informed decisions. Through speedometers, graphs and tables, the solution transforms critical risk metrics into actionable information in easy-to-understand visuals. Drill-down capabilities allow leaders to obtain further details and to interact with generated results. n Relationship documentation. DoubleCheck Vendor Management allows for an organization to store relationship related information such as contracts, insurance documents, and certifications. These can be referred back to and mapped to other parts of the solution to keep context of risk and compliance throughout. n Policy communication and attestation. The DoubleCheck solution allows an organization to manage the communication and attestation of policies, procedures, and code-of-conduct to each third party relationship where appropriate representative(s) must read, acknowledge, and attest to adherence. n Risk and compliance assessments. The solution allows for the management, delivery, and analysis of assessments that each business partner has to answer on a periodic basis or as a specific need arises. n Due diligence. The DoubleCheck Vendor Management solution is easily configured to manage workflow and tasks to ensure that the monitoring of business relationships against risk criteria and watch-lists (e.g., verification for companies and individuals, such as OFAC checking) is completed and that the organization is doing business with lawful entities. n Workflow automation and task management. DoubleCheck has a solid workflow automation engine to streamline repetitive tasks and ensure tasks are assigned and monitored based on pre-defined milestones and deadlines. n Audit management. The DoubleCheck Vendor Management modules integrates with other DoubleCheck solutions such as Audit Management to 10
11 provide an interface for consultants and auditors to validate risk and controls and exercise right-to-audit clauses. This involves independent audits to validate controls, risk, and compliance to laws and contractual requirements. Considerations for DoubleCheck Vendor Management Every solution has its strengths and weaknesses, and may not be the ideal fit for all organizations in all situations. While GRC 20/20 has identified many positive attributes of DoubleCheck Vendor Management readers should not see this as a complete and unquestionable endorsement of DoubleCheck Vendor Management. DoubleCheck s Vendor Management offering delivers the core functionality that meets the requirements of the majority of third party risk and compliance needs within organizations. The solution has expanded significantly to take on broader third party management capabilities. The solution is ideally fit for managing the risk and compliance aspects of third party relationships in the context of third party lifecycle management. The solution has contract management capabilities, but does not offer advanced capabilities in this particular area in redlining and contract development. Overall, clients have shown a high degree of satisfaction with DoubleCheck. Client references for DoubleCheck have been very strong and many showing a long history of client satisfaction. Clients are particularly happy with the level of personal interaction and support they receive from DoubleCheck. GRC 20/20 s Final Perspective... Managing third party relationships requires a systematic process to monitor important aspects of business relationships and apply remedial action as soon as risks escalate past an organization s risk tolerances. Risk and compliance issues and corresponding processes are constantly coming to bear on these relationships. Organizations can t afford to use a fragmented approach to managing risk, compliance, and performance of business relationships. A new paradigm for managing third party relationships is needed. A targeted strategy that addresses risk, compliance, and performance is needed to address the root problems and deliver cost savings and efficiency. The more extended and distributed the business, the more challenging risk and compliance is to manage. A common architecture and process can make this efficient and manageable. Inefficiencies, redundancy, errors, and potential risks are identified, averted, or contained. This reduces risk exposure, enhances business agility, and aligns risk to third party performance and enables better-performing, less costly, and more flexible business relationships. 11
12 About GRC 20/20 GRC 20/20 Research, LLC (GRC 20/20) provides clarity of insight into governance, risk management, and compliance (GRC) solutions and strategies through objective market research, benchmarking, training, and analysis. We provide objective insight into GRC market dynamics; technology trends; competitive landscape; market sizing; expenditure priorities; and mergers and acquisitions. GRC 20/20 advises the entire ecosystem of GRC solution buyers, professional service firms, and solution providers. Our research clarity is delivered through analysts with real-world expertise, independence, creativity, and objectivity that understand GRC challenges and how to solve them practically and not just theoretically. Our clients include Fortune 1000 companies, major professional service firms, and the breadth of GRC solution providers. Research Methodology GRC 20/20 research reports are written by experienced analysts with experience selecting and implementing GRC solutions. GRC 20/20 evaluates all GRC solution providers using consistent and objective criteria, regardless of whether or not they are a GRC 20/20 client. The findings and analysis in GRC 20/20 research reports reflect analyst experience, opinions, research into market trends, participants, expenditure patterns, and best practices. Research facts and representations are verified with client references to validate accuracy. GRC solution providers are given the opportunity to correct factual errors, but cannot influence GRC 20/20 opinion. GRC 20/20 Research, LLC 4948 Bayfield Drive Waterford, WI USA info@grc2020.com
Convercent Predictive Analytics
September 2015 Convercent Predictive Analytics Innovation in User Experience for Issue Reporting & Management SOLUTIONPERSPECTIVE Governance, Risk Management & Compliance Insight 2015 GRC 20/20 Research,
More informationResolver GRC Cloud. Innovation in User Experience for Enterprise GRC SOLUTIONPERSPECTIVE. September 2015
September 2015 Resolver GRC Cloud Innovation in User Experience for Enterprise GRC SOLUTIONPERSPECTIVE Governance, Risk Management & Compliance Insight 2015 GRC 20/20 Research, LLC. All Rights Reserved.
More informationSolution Viewpoint Governance, Risk Management & Compliance Insight ERP MAESTRO. March 2014. Automated Security & Access Controls Through the Cloud
March 2014 ERP MAESTRO Automated Security & Access Controls Through the Cloud Solution Viewpoint Governance, Risk Management & Compliance Insight INNOVATOR 2014 Table of Contents Executive Summary....
More informationApril 2014 SAI GLOBAL. Delivering Effective Compliance Solutions & Architecture. Solution Viewpoint Governance, Risk Management & Compliance Insight
April 2014 SAI GLOBAL Delivering Effective Compliance Solutions & Architecture Solution Viewpoint Governance, Risk Management & Compliance Insight Table of Contents Executive Summary.... 3 Surmounting
More informationChartis RiskTech Quadrant for Model Risk Management Systems 2014
Chartis RiskTech Quadrant for Model Risk Management Systems 2014 The RiskTech Quadrant is copyrighted June 2014 by Chartis Research Ltd. and is reused with permission. No part of the RiskTech Quadrant
More informationAn Oracle White Paper November 2011. Financial Crime and Compliance Management: Convergence of Compliance Risk and Financial Crime
An Oracle White Paper November 2011 Financial Crime and Compliance Management: Convergence of Compliance Risk and Financial Crime Disclaimer The following is intended to outline our general product direction.
More informationKNOW YOUR THIRD PARTY
Thomson Reuters KNOW YOUR THIRD PARTY EXECUTIVE SUMMARY The drive to improve profitability and streamline operations motivates many organizations to collaborate with other businesses, increase outsourcing
More informationHow To Improve Your Business
IT Risk Management Life Cycle and enabling it with GRC Technology 21 March 2013 Overview IT Risk management lifecycle What does technology enablement mean? Industry perspective Business drivers Trends
More informationWHITE PAPER Third-Party Risk Management Lifecycle Guide
WHITE PAPER Third-Party Risk Management Lifecycle Guide Develop and maintain compliant third-party relationships by following these foundational components of a best-practice assessment program. Third
More informationSoftware Asset Management on System z
Software Asset Management on System z Mike Zelle Tivoli WW IT Asset Management Marketing SAM in SHARE Project Manager mzelle@us.ibm.com Agenda Why Software Asset Management (SAM) The Discipline of Software
More informationWhite Paper: The Seven Elements of an Effective Compliance and Ethics Program
White Paper: The Seven Elements of an Effective Compliance and Ethics Program Executive Summary Recently, the United States Sentencing Commission voted to modify the Federal Sentencing Guidelines, including
More informationRSA ARCHER AUDIT MANAGEMENT
RSA ARCHER AUDIT MANAGEMENT Solution Overview INRODUCTION AT A GLANCE Align audit plans with your organization s risk profile and business objectives Manage audit planning, prioritization, staffing, procedures
More informationSoftware as a Service: Guiding Principles
Software as a Service: Guiding Principles As the Office of Information Technology (OIT) works in partnership with colleges and business units across the University, its common goals are to: substantially
More informationSimplify the Complexity of Managing 3rd Party Anti-Bribery / FCPA Compliance
Simplify the Complexity of Managing 3rd Party Anti-Bribery / FCPA Compliance Arm Stakeholders with Critical Information to Assess 3rd Party Relationships and Comply with the Foreign Corrupt Practices Act
More informationACCELUS COMPLIANCE MANAGER FOR FINANCIAL SERVICES
THOMSON REUTERS ACCELUS ACCELUS COMPLIANCE MANAGER FOR FINANCIAL SERVICES PROACTIVE. CONNECTED. INFORMED. THOMSON REUTERS ACCELUS Compliance management Solutions Introduction The advent of new and pending
More informationRSA ARCHER OPERATIONAL RISK MANAGEMENT
RSA ARCHER OPERATIONAL RISK MANAGEMENT 87% of organizations surveyed have seen the volume and complexity of risks increase over the past five years. Another 20% of these organizations have seen the volume
More informationwww.pwc.com Third Party Risk Management 12 April 2012
www.pwc.com Third Party Risk Management 12 April 2012 Agenda 1. Introductions 2. Drivers of Increased Focus on Third Parties 3. Governance 4. Third Party Risks and Scope 5. Third Party Risk Profiling 6.
More informationSimply Sophisticated. Information Security and Compliance
Simply Sophisticated Information Security and Compliance Simple Sophistication Welcome to Your New Strategic Advantage As technology evolves at an accelerating rate, risk-based information security concerns
More informationHow To Manage It Asset Management On Peoplesoft.Com
PEOPLESOFT IT ASSET MANAGEMENT KEY BENEFITS Streamline the IT Asset Lifecycle Ensure IT and Corporate Compliance Enterprise-Wide Integration Oracle s PeopleSoft IT Asset Management streamlines and automates
More informationTHE UH OH MOMENT. Financial Services Enterprises Focus on Governance, Transparency and Supply Chain Risk
THE UH OH MOMENT Financial Services Enterprises Focus on Governance, Transparency and Supply Chain Risk By Lois Coatney, Chuck Walker and Joseph Yacura, ISG Directors www.isg-one.com INTRODUCTION A top
More informationVENDOR MANAGEMENT. General Overview
VENDOR MANAGEMENT General Overview With many organizations outsourcing services to other third-party entities, the issue of vendor management has become a noted topic in today s business world. Vendor
More informationMicrosoft s Compliance Framework for Online Services
Microsoft s Compliance Framework for Online Services Online Services Security and Compliance Executive summary Contents Executive summary 1 The changing landscape for online services compliance 4 How Microsoft
More informationBlind spot Banks are increasingly outsourcing more activities to third parties. But they can t outsource the risks.
Blind spot Banks are increasingly outsourcing more activities to third parties. But they can t outsource the risks. For anyone familiar with the banking industry, it comes as no surprise that banks are
More informationbuilding a business case for governance, risk and compliance
building a business case for governance, risk and compliance contents introduction...3 assurance: THe last major business function To be integrated...3 current state of grc: THe challenges... 4 building
More informationORACLE ENTERPRISE GOVERNANCE, RISK, AND COMPLIANCE MANAGER FUSION EDITION
ORACLE ENTERPRISE GOVERNANCE, RISK, AND COMPLIANCE MANAGER FUSION EDITION KEY FEATURES AND BENEFITS Manage multiple GRC initiatives on a single consolidated platform Support unique areas of operation with
More informationProduct Lifecycle Management in the Medical Device Industry. An Oracle White Paper Updated January 2008
Product Lifecycle Management in the Medical Device Industry An Oracle White Paper Updated January 2008 Product Lifecycle Management in the Medical Device Industry PLM technology ensures FDA compliance
More informationCA HalvesThe Cost Of Testing IT Controls For Sarbanes-Oxley Compliance With Unified Processes.
TECHNOLOGY BRIEF: REDUCING COST AND COMPLEXITY WITH GLOBAL GOVERNANCE CONTROLS CA HalvesThe Cost Of Testing IT Controls For Sarbanes-Oxley Compliance With Unified Processes. Table of Contents Executive
More informationForensic Services. Third Party Risks. March 2013
Forensic Services Third Party Risks Landscape of third party risk Focus on third parties that: perform functions on behalf of the company provide products and services that the company does not originate
More informationDomain 1 The Process of Auditing Information Systems
Certified Information Systems Auditor (CISA ) Certification Course Description Our 5-day ISACA Certified Information Systems Auditor (CISA) training course equips information professionals with the knowledge
More informationGovernance, Risk, and Compliance (GRC) White Paper
Governance, Risk, and Compliance (GRC) White Paper Table of Contents: Purpose page 2 Introduction _ page 3 What is GRC _ page 3 GRC Concepts _ page 4 Integrated Approach and Methodology page 4 Diagram:
More informationVulnerability Management
Vulnerability Management Buyer s Guide Buyer s Guide 01 Introduction 02 Key Components 03 Other Considerations About Rapid7 01 INTRODUCTION Exploiting weaknesses in browsers, operating systems and other
More informationIBM Tivoli Service Request Manager
Deliver high-quality services while helping to control cost IBM Tivoli Service Request Manager Highlights Streamline incident and problem management processes for more rapid service restoration at an appropriate
More information2010-02. Delivering Enterprise Value with Oracle Governance, Risk, and Compliance. Executive Summary. Table of Contents
2010-02 Prepared By: Michael Rasmussen Risk & Compliance Lecturer, Writer, & Advisor Delivering Enterprise Value with Oracle Governance, Risk, and Compliance Executive Summary Business is complex, and
More informationEnterprise Risk Management in Compliance 360
Enterprise Risk Management in Compliance 360 2 Enterprise Risk Management in Compliance 360 Effective risk management involves identifying and understanding the risks the organization is faced with, analyzing
More information3 rd Party Vendor Risk Management
3 rd Party Vendor Risk Management Session 402 Tuesday, June 9, 2015 (11 to 12pm) Session Objectives The need for enhanced reporting on vendor risk management Current outsourcing environment Key risks faced
More informationmysap ERP FINANCIALS SOLUTION OVERVIEW
mysap ERP FINANCIALS SOLUTION OVERVIEW EFFECTIVE FINANCIAL MANAGEMENT ... IS KEY TO BUSINESS SUCCESS mysap ERP FINANCIALS YOUR BUSINESS, YOUR FUTURE, YOUR SUCCESS mysap ERP is the world s most complete
More informationIBM Tivoli Netcool network management solutions for enterprise
IBM Netcool network management solutions for enterprise The big picture view that focuses on optimizing complex enterprise environments Highlights Enhance network functions in support of business goals
More informationPEOPLESOFT IT ASSET MANAGEMENT
PEOPLESOFT IT ASSET MANAGEMENT K E Y B E N E F I T S Streamline the IT Asset Lifecycle Ensure IT and Corporate Compliance Enterprise-Wide Integration P E O P L E S O F T F I N A N C I A L M A N A G E M
More informationChartis RiskTech Quadrant for Operational Risk Management Systems
Chartis RiskTech Quadrant for Operational Risk Management Systems The RiskTech Quadrant is copyrighted July 2012 by Chartis Research Ltd. and is reused with permission. No part of the RiskTech Quadrant
More informationWelcome to Modulo Risk Manager Next Generation. Solutions for GRC
Welcome to Modulo Risk Manager Next Generation Solutions for GRC THE COMPLETE SOLUTION FOR GRC MANAGEMENT GRC MANAGEMENT AUTOMATION EASILY IDENTIFY AND ADDRESS RISK AND COMPLIANCE GAPS INTEGRATED GRC SOLUTIONS
More informationCloud Computing: Legal Risks and Best Practices
Cloud Computing: Legal Risks and Best Practices A Bennett Jones Presentation Toronto, Ontario Lisa Abe-Oldenburg, Partner Bennett Jones LLP November 7, 2012 Introduction Security and Data Privacy Recent
More informationRisk Considerations for Internal Audit
Risk Considerations for Internal Audit Cecile Galvez, Deloitte & Touche LLP Enterprise Risk Services Director Traci Mizoguchi, Deloitte & Touche LLP Enterprise Risk Services Senior Manager February 2013
More information4 Testing General and Automated Controls
4 Testing General and Automated Controls Learning Objectives To understand the reasons for testing; To have an idea about Audit Planning and Testing; To discuss testing critical control points; To learn
More informationINTERNAL AUDIT SOFTWARE BUYER S GUIDE
BarnOwl Solutions INTERNAL AUDIT SOFTWARE BUYER S GUIDE CONTENTS 1. The need for internal audit 2. What do the standards say? 3. Why implement internal audit software 4. Steps to the successful implementation
More informationFINANCIAL INSTITUTIONS: MANAGING OPERATIONAL RISK WITH RSA ARCHER
FINANCIAL INSTITUTIONS: MANAGING OPERATIONAL RISK WITH RSA ARCHER As a board-level discussion topic at all financial institutions (FI) today, operational risk is real and public disclosure of significant
More informationWhite Paper. An Overview of the Kalido Data Governance Director Operationalizing Data Governance Programs Through Data Policy Management
White Paper An Overview of the Kalido Data Governance Director Operationalizing Data Governance Programs Through Data Policy Management Managing Data as an Enterprise Asset By setting up a structure of
More informationInformation Security Management System for Microsoft s Cloud Infrastructure
Information Security Management System for Microsoft s Cloud Infrastructure Online Services Security and Compliance Executive summary Contents Executive summary 1 Information Security Management System
More informationASTRAZENECA GLOBAL POLICY SAFEGUARDING COMPANY ASSETS AND RESOURCES
ASTRAZENECA GLOBAL POLICY SAFEGUARDING COMPANY ASSETS AND RESOURCES THIS POLICY SETS OUT THE REQUIREMENTS FOR SAFEGUARDING COMPANY ASSETS AND RESOURCES TO PROTECT PATIENTS, STAFF, PRODUCTS, PROPERTY AND
More informationMinimize Access Risk and Prevent Fraud With SAP Access Control
SAP Solution in Detail SAP Solutions for Governance, Risk, and Compliance SAP Access Control Minimize Access Risk and Prevent Fraud With SAP Access Control Table of Contents 3 Quick Facts 4 The Access
More informationFive steps to improving the customer service experience
Five steps to improving the customer service experience Metrics, tips, and tools for utilizing customer feedback An Ovum White Paper Sponsored by Publication Date: January 2012 INTRODUCTION As the use
More informationThe Modern Service Desk: How Advanced Integration, Process Automation, and ITIL Support Enable ITSM Solutions That Deliver Business Confidence
How Advanced Integration, Process Automation, and ITIL Support Enable ITSM Solutions That Deliver White Paper: BEST PRACTICES The Modern Service Desk: Contents Introduction............................................................................................
More informationVendor risk management leading practices Glenn Siriano KPMG LLP DRAFT
Vendor risk management leading practices Glenn Siriano KPMG LLP KPMG International is a Swiss cooperative that serves as a coordinating entity for a network of independent member firms. KPMG International
More informationFind the IT Service Management Solution that s Right for Your Business. A Buyer s Guide for Executives
Find the IT Service Management Solution that s Right for Your Business A Buyer s Guide for Executives Executive Summary Today, IT is relied upon to support a broad spectrum of users and business services
More informationCompliance Risk Assessment and 3 rd Party Due Diligence & Monitoring
Advisory Services May, 2011 Compliance Risk Assessment and 3 rd Party Due Diligence & Monitoring Compliance Risk Strategy 3 rd Party Due Diligence 3rd Party Auditing The differing ways in which a company
More informationApplication Test Management and Quality Assurance
SAP Brief Extensions SAP Quality Center by HP Objectives Application Test Management and Quality Assurance Deliver new software with confidence Deliver new software with confidence Testing is critical
More informationChartis RiskTech Quadrant for Anti-Money Laundering Solutions 2013
Chartis RiskTech Quadrant for Anti-Money Laundering Solutions 2013 The RiskTech Quadrant is copyrighted July 2012 by Chartis Research Ltd. and is reused with permission. No part of the RiskTech Quadrant
More informationAddressing IT governance, risk and compliance (GRC) to meet regulatory requirements and reduce operational risk in financial services organizations
White Paper September 2009 Addressing IT governance, risk and compliance (GRC) to meet regulatory requirements and reduce operational risk in financial services organizations Page 2 Contents 2 Executive
More informationInformation Security Managing The Risk
Information Technology Capability Maturity Model Information Security Managing The Risk Introduction Information Security continues to be business critical and is increasingly complex to manage for the
More informationData Quality for BASEL II
Data Quality for BASEL II Meeting the demand for transparent, correct and repeatable data process controls Harte-Hanks Trillium Software www.trilliumsoftware.com Corporate Headquarters + 1 (978) 436-8900
More informationCA Service Desk Manager
PRODUCT BRIEF: CA SERVICE DESK MANAGER CA Service Desk Manager CA SERVICE DESK MANAGER IS A VERSATILE, COMPREHENSIVE IT SUPPORT SOLUTION THAT HELPS YOU BUILD SUPERIOR INCIDENT AND PROBLEM MANAGEMENT PROCESSES
More informationDATASHEET CONTROL COMPLIANCE SUITE VENDOR RISK MANAGER 11.1
DATASHEET CONTROL COMPLIANCE SUITE VENDOR RISK MANAGER 11.1 Continuously Assess, Monitor, & Secure Your Information Supply Chain and Data Center Data Sheet: Security Management Is your organization able
More information8 Key Requirements of an IT Governance, Risk and Compliance Solution
8 Key Requirements of an IT Governance, Risk and Compliance Solution White Paper: IT Compliance 8 Key Requirements of an IT Governance, Risk and Compliance Solution Contents Introduction............................................................................................
More informationYour asset is your business. The more challenging the economy, the more valuable the asset becomes. Decisions are magnified. Risk is amplified.
Asset management Your asset is your business. The more challenging the economy, the more valuable the asset becomes. Decisions are magnified. Risk is amplified. Data is about more than numbers. It tells
More informationASSET ARENA PROCESS MANAGEMENT. Frequently Asked Questions
ASSET ARENA PROCESS MANAGEMENT Frequently Asked Questions ASSET ARENA PROCESS MANAGEMENT: FREQUENTLY ASKED QUESTIONS The asset management and asset servicing industries are facing never before seen challenges.
More informationRisk Management of Outsourced Technology Services. November 28, 2000
Risk Management of Outsourced Technology Services November 28, 2000 Purpose and Background This statement focuses on the risk management process of identifying, measuring, monitoring, and controlling the
More informationBuilding a Data Quality Scorecard for Operational Data Governance
Building a Data Quality Scorecard for Operational Data Governance A White Paper by David Loshin WHITE PAPER Table of Contents Introduction.... 1 Establishing Business Objectives.... 1 Business Drivers...
More informationBRIDGE. the gaps between IT, cloud service providers, and the business. IT service management for the cloud. Business white paper
BRIDGE the gaps between IT, cloud service providers, and the business. IT service management for the cloud Business white paper Executive summary Today, with more and more cloud services materializing,
More informationPrudential Practice Guide
Prudential Practice Guide SPG 220 Risk Management July 2013 www.apra.gov.au Australian Prudential Regulation Authority Disclaimer and copyright This prudential practice guide is not legal advice and users
More informationTHOMSON REUTERS ACCELUS
THOMSON REUTERS ACCELUS ACCELUS Screening Resolution Service Executive Summary Thomson Reuters Accelus offers Screening Resolution Service (SRS): an outsourced screening service for Corporates and Financial
More informationCentralize Supplier Information and Manage Performance
SAP Brief Ariba s Ariba Supplier Information and Performance Management Objectives Centralize Supplier Information and Manage Performance Get the most value from your suppliers Get the most value from
More informationOutperform Financial Objectives and Enable Regulatory Compliance
SAP Brief Analytics s from SAP SAP s for Enterprise Performance Management Objectives Outperform Financial Objectives and Enable Regulatory Compliance Drive better decisions and streamline the close-to-disclose
More informationThe rise of third party relationships means rise in risk and regulation. Non-compliance is risky business for financial institutions
The rise of third party relationships means rise in risk and regulation Non-compliance is risky business for financial institutions Increasing dependency on third parties by banks has resulted in mandatory
More informationDriving Excellence in Implementation and Beyond The Underlying Quality Principles
SAP Thought Leadership Paper SAP Active Quality Management Driving Excellence in Implementation and Beyond The Underlying Quality Principles 2014 SAP AG or an SAP affiliate company. All rights reserved.
More informationIT Governance: framework and case study. 22 September 2010
IT Governance: framework and case study Presenter Yaowaluk Chadbunchachai Advisory Services Ernst & Young Corporate Services Limited Presentation topics ERM and IT governance IT governance framework IT
More informationTHIRD PARTY. T i m L i e t z R e g i o n a l P r a c t i c e L e a d e r R i s k A d v i s o r y S e r v i c e s
MANAGING THIRD PARTY RISK T i m L i e t z R e g i o n a l P r a c t i c e L e a d e r R i s k A d v i s o r y S e r v i c e s Experis -- a different kind of talent company. Experis Tuesday, January 08,
More informationDEMONSTRATING THE ROI FOR SIEM
DEMONSTRATING THE ROI FOR SIEM Tales from the Trenches HP Enterprise Security Business Whitepaper Introduction Security professionals sometimes struggle to demonstrate the return on investment for new
More informationKey USP s. Multiple PCI level GRC tool
PCI GRC tool Introduction GP history Visa level 1 approved hosting facility Niche product for a specific problem Reduce BAU cost and cost of PCI compliance Reduce cost in managing 3rd parties PCI stakeholder
More informationAvanade Point of View. Getting it right with a project and portfolio management solution
Avanade Point of View Getting it right with a project and portfolio management solution Better control, higher value Orchestrating a portfolio of projects, and the resources for execution, challenges leaders
More informationComplete Financial Crime and Compliance Management
Complete Financial Crime and Management With Oracle Financial Services Financial Crime and Management applications, financial institutions can manage compliance risk and investigate appropriate information
More informationBusiness Service Management Links IT Services to Business Goals
WHITE PAPER: BUSINESS SERVICE MANAGEMENT Business Service Management Links IT Services to Business Goals JANUARY 2008 Sarah Meyer CA SOLUTIONS MARKETING Table of Contents Executive Summary SECTION 1 2
More informationIDENTIFYING VENDOR RISK THE CRITICAL FIRST STEP IN CREATING AN EFFECTIVE VENDOR RISK MANAGEMENT PROGRAM
IDENTIFYING VENDOR RISK THE CRITICAL FIRST STEP IN CREATING AN EFFECTIVE VENDOR RISK MANAGEMENT PROGRAM HEADQUARTERS 33 Bradford Street Concord, MA 01742 PHONE: 978-451-7655 THE CRITICAL FIRST STEP IN
More informationOPTIMUS SBR. Optimizing Results with Business Intelligence Governance CHOICE TOOLS. PRECISION AIM. BOLD ATTITUDE.
OPTIMUS SBR CHOICE TOOLS. PRECISION AIM. BOLD ATTITUDE. Optimizing Results with Business Intelligence Governance This paper investigates the importance of establishing a robust Business Intelligence (BI)
More informationUSING DATA DISCOVERY TO MANAGE AND MITIGATE RISK: INSIGHT IS EVERYONE S JOB
USING DATA DISCOVERY TO MANAGE AND MITIGATE RISK: INSIGHT IS EVERYONE S JOB If you manage risk in your organization, you re probably surrounded by paper right now. After all, you need reports to help mitigate
More informationSACM and CMDB Strategy and Roadmap. David Lowe ActionableITSM.com March 20, 2012
SACM and CMDB Strategy and Roadmap David Lowe ActionableITSM.com March 20, 2012 Disclaimer The strategy and roadmap information presented here is generic by nature and based on a highly hypothetical use
More informationBeyond Data Governance Beyond Definitions and into the Business Reality
Beyond Data Governance Beyond Definitions and into the Business Reality About Diaku 2008 Diaku begins as a data strategy & data governance consulting firm, running large data programmes for tier 1-2 banks
More informationIT Insights. Managing Third Party Technology Risk
IT Insights Managing Third Party Technology Risk According to a recent study by the Institute of Internal Auditors, more than 65 percent of organizations rely heavily on third parties, yet most allocate
More informationWhite Paper Achieving GLBA Compliance through Security Information Management. White Paper / GLBA
White Paper Achieving GLBA Compliance through Security Information Management White Paper / GLBA Contents Executive Summary... 1 Introduction: Brief Overview of GLBA... 1 The GLBA Challenge: Securing Financial
More informationHP Service Manager software
HP Service Manager software The HP next generation IT Service Management solution is the industry leading consolidated IT service desk. Brochure HP Service Manager: Setting the standard for IT Service
More informationORACLE HYPERION DATA RELATIONSHIP MANAGEMENT
Oracle Fusion editions of Oracle's Hyperion performance management products are currently available only on Microsoft Windows server platforms. The following is intended to outline our general product
More informationOBLIGATION MANAGEMENT
OBLIGATION MANAGEMENT TRACK & TRACE: CONTRACTUAL OBLIGATIONS Better Visibility. Better Outcomes RAMESH SOMASUNDARAM DIRECTOR, IT VENDOR MANAGEMENT SERVICES MARCH 2012 E N E R G I C A Governance Matter
More informationFeature. Log Management: A Pragmatic Approach to PCI DSS
Feature Prakhar Srivastava is a senior consultant with Infosys Technologies Ltd. and is part of the Infrastructure Transformation Services Group. Srivastava is a solutions-oriented IT professional who
More informationIT audit updates. Current hot topics and key considerations. IT risk assessment leading practices
IT audit updates Current hot topics and key considerations Contents IT risk assessment leading practices IT risks to consider in your audit plan IT SOX considerations and risks COSO 2013 and IT considerations
More information2016 GRC Technology Strategy
An OCEG Benchmark on the Use of GRC Technology within Organizations 2016 GRC Technology Strategy Findings of the 2016 OCEG GRC Technology Strategy Survey 1 About OCEG... OCEG is a global, nonprofit think
More informationTO: Chief Executive Officers of National Banks, Federal Branches and Data-Processing Centers, Department and Division Heads, and Examining Personnel
AL 2000 12 O OCC ADVISORY LETTER Comptroller of the Currency Administrator of National Banks Subject: Risk Management of Outsourcing Technology Services TO: Chief Executive Officers of National Banks,
More informationModule 6 Essentials of Enterprise Architecture Tools
Process-Centric Service-Oriented Module 6 Essentials of Enterprise Architecture Tools Capability-Driven Understand the need and necessity for a EA Tool IASA Global - India Chapter Webinar by Vinu Jade
More informationORACLE PROJECT MANAGEMENT
ORACLE PROJECT MANAGEMENT KEY FEATURES Oracle Project Management provides project managers the WORK MANAGEMENT Define the workplan and associated resources; publish and maintain versions View your schedule,
More informationGUIDANCE NOTE FOR DEPOSIT-TAKERS. Operational Risk Management. March 2012
GUIDANCE NOTE FOR DEPOSIT-TAKERS Operational Risk Management March 2012 Version 1.0 Contents Page No 1 Introduction 2 2 Overview 3 Operational risk - fundamental principles and governance 3 Fundamental
More informationWhite paper September 2009. Realizing business value with mainframe security management
White paper September 2009 Realizing business value with mainframe security management Page 2 Contents 2 Executive summary 2 Meeting today s security challenges 3 Addressing risks in the mainframe environment
More informationApplying ITIL v3 Best Practices
white paper Applying ITIL v3 Best Practices to improve IT processes Rocket bluezone.rocketsoftware.com Applying ITIL v. 3 Best Practices to Improve IT Processes A White Paper by Rocket Software Version
More informationOUTSOURCING INVOLVING SHARED COMPUTING SERVICES (INCLUDING CLOUD) 6 July 2015
OUTSOURCING INVOLVING SHARED COMPUTING SERVICES (INCLUDING CLOUD) 6 July 2015 Disclaimer and Copyright While APRA endeavours to ensure the quality of this publication, it does not accept any responsibility
More information