Resolver GRC Cloud. Innovation in User Experience for Enterprise GRC SOLUTIONPERSPECTIVE. September 2015



Similar documents
Convercent Predictive Analytics

Chartis RiskTech Quadrant for Model Risk Management Systems 2014

Automate Complex Pay Rules While Streamlining Time and Attendance Management

ACHIEVE DIGITAL TRANSFORMATION WITH SALES AND SERVICE SOLUTIONS

Chartis RiskTech Quadrant for Data Management and BI for Risk 2013

Chartis RiskTech Quadrant for Operational Risk Management Systems

Formulate Winning Sales and Operations Strategies Through Integrated Planning

ECM Migration Without Disrupting Your Business: Seven Steps to Effectively Move Your Documents

Integrated Sales and Operations Business Planning for Chemicals

BUSINESS INTELLIGENCE

Briefing Paper Top 10 IT cost-saving benefits IT Managers should be getting from ITSM

Greater Continuity, Consistency, and Timeliness with Business Process Automation

An Oracle White Paper November Financial Crime and Compliance Management: Convergence of Compliance Risk and Financial Crime

Use Your Contact Center to Build a Better Customer Experience

Oracle Mobile Cloud Service. A Complete Strategy for Developing, Deploying, and Monitoring Mobile Apps

!!!!! White Paper. Understanding The Role of Data Governance To Support A Self-Service Environment. Sponsored by

The 2-Tier Business Intelligence Imperative

FAQ: How to create Effective Messages

SharePoint as a Business Application, Not Just a Collaboration Tool

Mobile App Quick Start

MANAGEMENT SUMMARY INTRODUCTION KEY MESSAGES. Written by: Michael Azoff. Published June 2015, Ovum

1 Introduction Product Description Strengths and Challenges Copyright... 5

WHITE PAPER. CRM Evolved. Introducing the Era of Intelligent Engagement

ORACLE FUSION PROJECT MANAGEMENT CLOUD SERVICE

Elevate Your Customer Engagement Strategy with Cloud Services

The Magic Quadrant Framework

INSIGHT NAV. White Paper

Veramark White Paper: Reducing Telecom Costs Why Invoice Management is the Best Place to Start. WhitePaper. We innovate. You benefit.

5 Things You re Missing

A Tag Management Systems Primer

SAP Audit Management A Preview

Transform Audit Practices and Move Beyond Assurance

MANAGEMENT AND ORCHESTRATION WORKFLOW AUTOMATION FOR VBLOCK INFRASTRUCTURE PLATFORMS

Time better spent. Take your organisation somewhere new with Fujitsu Mobile Business Solutions. Reshaping ICT, Reshaping Business

Enhance Performance Management Reporting

The Business-Centric CIO

INFORMATION MANAGED. Project Management You Can Build On. Primavera Solutions for Engineering and Construction

Principled Performance & GRC

Chartis RiskTech Quadrant for Anti-Money Laundering Solutions 2013

Application Test Management and Quality Assurance

DEMONSTRATING THE ROI FOR SIEM

GETTING STARTED GUIDE. 1.3 September D. Polycom RealAccess

How Cloud Computing Will Change The Aviation Maintenance Operation

FireScope + ServiceNow: CMDB Integration Use Cases

IDC MarketScape: Worldwide Business Consulting Strategy for Digital Operations 2015 Vendor Assessment

WHITE PAPER. Written by: Michael Azoff. Published Mar, 2015, Ovum

Reshaping the enterprise for the future of work. Are you ready?

ORACLE HYPERION PLANNING

Mobile app for Android Version 1.2.x, December 2015

2016 GRC Technology Strategy

INFORMATION CONNECTED

Modernizing the User Experience with SAP

Cisco Unified Communications and Collaboration technology is changing the way we go about the business of the University.

Improve Information Governance Through Clarity and Collaboration

AGILE SOFTWARE TESTING

Effective Model Risk Management for Financial Institutions: The Six Critical Components

ORACLE ENTERPRISE GOVERNANCE, RISK, AND COMPLIANCE MANAGER FUSION EDITION

What's a Digital Marketing Platform? What Isn't?

3D Business Visualization

Five Core Principles of Successful Business Architecture. STA Group, LLC Revised: May 2013

Discover, Cleanse, and Integrate Enterprise Data with SAP Data Services Software

IBM Tivoli Netcool network management solutions for enterprise

Visualization Starter Pack from SAP Overview Enabling Self-Service Data Exploration and Visualization

User Manual for Web. Help Desk Authority 9.0

BMC Remedyforce Asset Management. Frequently Asked Questions

Addressing IT governance, risk and compliance (GRC) to meet regulatory requirements and reduce operational risk in financial services organizations

Barcode Essentials Synchronization Explained

Minutes on Modern Finance Midsize Edition

Securing Mobile Apps in a BYOD World

Establishing a Mature Identity and Access Management Program for a Financial Services Provider

Five Secrets to Contact Center E-learning and Coaching Success

An Enterprise Resource Planning Solution (ERP) for Mining Companies Driving Operational Excellence and Sustainable Growth

Transform Invoice Management with a Hybrid of Cloud and On-Premise Software

Business Process Services. White Paper. Personalizing E-Commerce: Improving Interactivity to Increase Revenues

Run Better in Weeks to Address Current and Future Business Needs

In an ERP implementation how the entire organization works changes forever

Evolving the IT Service Experience to Meet New Business and User Demands

Oracle Hyperion Planning

CLIENT ONBOARDING SOLUTION BROCHURE

Four Advantages an Online International Payments Platform Gives Your Business

IMPROVING RISK VISIBILITY AND SECURITY POSTURE WITH IDENTITY INTELLIGENCE

Power Smart Business Operations with Real-Time Process Intelligence

The power of collaboration: Accenture capabilities + Dell solutions

An Enterprise Resource Planning Solution for Mill Products Companies

Datacenter Management Optimization with Microsoft System Center

Solution Provider Briefing

Rycan Revenue Cycle Management Solutions Overview. Target Audience: Evident and Healthland May 18, 2016

Transcription:

September 2015 Resolver GRC Cloud Innovation in User Experience for Enterprise GRC SOLUTIONPERSPECTIVE Governance, Risk Management & Compliance Insight

2015 GRC 20/20 Research, LLC. All Rights Reserved. No part of this publication may be reproduced, adapted, stored in a retrieval system or transmitted in any form by any means, electronic, mechanical, photocopying, recording or otherwise, without the prior permission of GRC 20/20 Research, LLC. If you are authorized to access this publication, your use of it is subject to the Usage Guidelines established in client contract. The information contained in this publication is believed to be accurate and has been obtained from sources believed to be reliable but cannot be guaranteed and is subject to change. GRC 20/20 accepts no liability whatever for actions taken based on information that may subsequently prove to be incorrect or errors in analysis. This research contains opinions of GRC 20/20 analysts and should not be construed as statements of fact. GRC 20/20 disclaims all warranties as to the accuracy, completeness or adequacy of such information and shall have no liability for errors, omissions or inadequacies in such information. Although GRC 20/20 may include a discussion of related legal issues, GRC 20/20 does not provide legal advice or services and its research should not be construed or used as such. 2

Table of Contents The Exposure of GRC at the Front-Lines of the Organization...4 Operationalizing GRC Means Employee Engagement...4 GRC: Back-Office or Front-Office?...5 Resolver GRC Cloud...6 Innovation in User Experience for Enterprise GRC...6 What Resolver GRC Cloud s Innovation Is About...6 How Is the Resolver GRC Cloud Innovation Different?...7 Benefits of the Resolver GRC Cloud...8 Considerations in Context of Resolver GRC Cloud...9 About GRC 20/20 Research, LLC...10 Research Methodology...10 TALK TO US... We look forward to hearing from you and learning what you think about GRC 20/20 research. GRC 20/20 is eager to answer inquiries from organizations looking to improve GRC related processes and utilize technology to drive GRC efficiency, effectiveness, and agility. 3

Resolver GRC Cloud Innovation in User Experience for Enterprise GRC The Exposure of GRC at the Front-Lines of the Organization Governance, risk management and compliance (GRC) is a capability to reliably achieve objectives [governance] while addressing uncertainty [risk management] and acting with integrity [compliance]. 1 This involves a coordinated set of activities designed to protect the organization and its employees and ensure the organization s performance continues as was planned. GRC is part of everyone s job. The scenarios of GRC exposure across business operations and frontline employees could represent a full spectrum from malicious employees to inadvertent mistakes. The organization has to effectively engage employees and educate them about GRC in the context of their role in the organization. The challenge is that organizations need to find a way to get everyone involved and owning GRC to build integrity across the whole organization and the extended enterprise. The user experience for GRC has been typically poor in most organizations, resulting in time-consuming and redundant processes, a check-box mentality and lack of central coordinated efforts for GRC communications. Organizations have ended up with multiple sources of policy, training, surveys, assessments, and issue reporting hotlines. Interaction with these systems has consumed human and financial capital and often inconsistently logged in documents and spreadsheets, if they are logged at all. There is no coordination of GRC communication and no way to prioritize messages and employee tasks. The result is emails and documents that fly about, slip through cracks, are never responded to, or are simply forgotten. Operationalizing GRC Means Employee Engagement For GRC to be successful, organizations must engage employees. It is no longer good enough to just have well documented policies and controls. Organizations must demonstrate GRC is active and operational across the organization. To do this would involve bringing GRC to the coal-face of the organization through employee engagement with systems that are simple, mobile, and easy to use at the frontline of the business. The term coal-face is a term the British use to define frontline operations of the organization. It comes from miners deep in mineshafts at the coal-face harvesting coal. Every organization has a coal-face the front line employees engaged 1 This is the official definition of GRC established in the OCEG GRC Capability Model that GRC 20/20 has been active in developing. 4

in business operations. To maintain integrity and execute on strategy, the organization must be able to engage GRC in the context of its coal-face. GRC: Back-Office or Front-Office? Historically, the focus of GRC was on the back office: risk management, finance, security, compliance, and audit. The ability to manage workflow, tasks, conduct assessments, maintain policies, manage incidents, document controls, and report and analyze risk. This was and still is critical to GRC, but it is no longer enough. To this point, the experience to the frontlines of the organization has been fair to poor. Most implementations were overly technical and often confused average employees instead of helping them get questions answered and understand what is expected of them. GRC needs to move to engage all levels of employees in the organization as each plays a critical role in GRC in the context of distributed roles and responsibilities. The teller in a bank, salesperson in life sciences, field agent in insurance, contractor in the call center of a hospital, the receptionist at the front desk, the factory worker in manufacturing, or procurement personnel onboarding the supply-chain all have a part in GRC. GRC extends in all directions throughout the organization. Up to executives and the board, down to the front lines of employees and across the extended enterprise. The result: GRC for the average employee of the organization has been confusing and disconnected from what they do. Too often they see GRC activities as a burdensome task that gets in the way of real work with no real value provided. The next generation of GRC solutions expands the focus on GRC in context of employees and stakeholders at all levels of the organization. Backend management and oversight of risk and compliance is still needed, however the frontend user experience is dramatically improved to engage employees and stakeholders to ensure they are connected to GRC in the context of their role and responsibilities. In GRC, employee engagement is critical, not optional. GRC today is about delivering value, integration, and alignment of strategy, process, information, and technology throughout the organization in the context of GRC. It is an integration of GRC information, processes, and systems to engage employees and agents at all levels of the organization. Characteristics of engaging and intuitive GRC include: n GRC intuitive interface design. GRC solutions need to use leading concepts in interface design to make user experience of GRC applications simpler, easy to navigate, aesthetically appealing and minimizing complexity. n GRC collaboration. GRC collaboration is used to conduct risk workshops, understand compliance in the context of business and get individuals involved in GRC at all levels of the organization. 5

n GRC mobility. GRC is embracing mobile technology on tablets and other devices to engage employees in their preferred languages and bring GRC to all levels of business operations. The bottom line: GRC is only as good as your front-line understanding, participation, and alignment with GRC. It is no longer enough to have the right GRC documentation; you have to show it is operationally effective. This requires employee engagement in GRC. The next generation of GRC solutions need to deliver an exceptional enduser experience: getting employees involved by providing intuitive interfaces into GRC that are interactive, engaging, and collaborative. GRC solutions need to instruct, inform, and be easy to use at all levels. It engages employees in GRC without leaving them overwhelmed and confused. Employee engagement happens through intuitive interfaces, collaboration, and mobility. Resolver GRC Cloud Innovation in User Experience for Enterprise GRC Resolver s GRC Cloud is a GRC solution that GRC 20/20 has researched, evaluated, and reviewed with organizations that are using it in changing, distributed, and dynamic business environments. GRC 20/20 has evaluated and verified the innovation in user experience found in the Resolve GRC Cloud and sees this as a compelling offering for Enterprise GRC implementations as well as department focused needs. It delivers an intuitive and engaging user experience that makes organizations more efficient, effective, and agile. In this context, GRC 20/20 has recognized Resolver GRC Cloud with a 2015 GRC Innovation Award for the best user experience in Enterprise GRC in 2015. What Resolver GRC Cloud s Innovation Is About The heart of what Resolver is delivering to make GRC more engaging is what they call GRC Programs. GRC Programs are contextually relevant to the user and their job, providing the right information and resources when and where they need it. Resolver accomplishes this by targeted, intuitive guidance that helps users know what to do and where to go. GRC Programs is a structure to organize internal work processes that span roles, workflows, and objects, abstracting the complexity of the GRC data model and enabling client-specific nomenclature. It also provides the flexibility to support unique and evolving methodologies and it is fully configurable by end users through the user interface. Organizations can adapt the solution themselves instead of relying on expensive engagements to customize and build out the solution that is found with many leading GRC platforms in the market. The innovation in user experience in Resolver GRC Cloud can be traced to: n Usability and intuitiveness. GRC Programs and Activities enables filter views that are based on what a user should do rather than what a user is allowed to do. By defining why a user is in the application the prompts do not need to encompass everything the superset of all of their role memberships will allow. Instead, the 6

specific fields, information, layout, and workflow buttons for the specific activity they are performing are presented. n Flexibility and agility to change. Many other GRC solutions tackle the usability problem identified above with purpose built screens that they create. For example most applications have an audit workpaper screen which has a certain set of buttons, functions, reports, and options. This approach is so common that some analyst firms erroneously believe that this is a good thing, and award evaluation points for domain specific functionality. However, as regulations and best practices change this configuration loses its relevance; the Institute of Internal Auditors recently released a new IPPF for auditors and most vendors will struggle with adapting their software to a new methodology. If an organization is using Resolver GRC Cloud the administrator simply edits the Internal Audit Program and full alignment is immediately achieved. Resolver preconfigures profiles to the latest information so that the application comes with best practices in place (e.g., ISO, IIA, PCAOB, ISACA). n Interactive adaptability & support. Resolver GRC Cloud delivers greater contextually relevant support to the user by transforming the modern day enterprise application: Administrators can define their own programs using their own terminology and align that to the roles within their organization. There is no longer a need to use a vendor s nomenclature or to adapt an internal process to align with the navigation that is built into an application. There s no longer a need to deliver external documents that teach a user how to do something. Every GRC Activity contains within it a guidance section that enables administrators to provide in-application guidance to the end user including links to external references (e.g the PCAOB website, a YouTube video) or tutorials that can be downloaded (e.g. a how to PPT). This means that as a user selects the Control Self-Assessment activity they are automatically prompted with exactly the guidance their administrator thinks they need. Who wants to look through a help file or go find that introduction email or search google when the guidance is onscreen directly attached to the task at hand. How Is the Resolver GRC Cloud Innovation Different? Prior to Resolver s implementation of GRC Programs and Activities, screens and options were configured possible functions and then limited by role membership to Simplify the user interface. This resulted in confusion for users that had multiple roles. Consider an example of a department head, perhaps a Vice-President for a particular Process. This user may have role memberships for Process Owner, Issue Owner, Risk Owner, and Action Owner. When they clicked on their Process they would see options and commands for anything their role was allowed to do regardless of why they clicked on the Process. This resulted in a busy interface, confusion, and a steep learning curve. With GRC Programs and Activities the process comes first and the role quickly and intuitively understands activities in context of the process. 7

Other elements of key differentiation GRC 20/20 has seen in Resolver GRC Cloud include: n Configuration. GRC Cloud is highly adaptable and configurable by the end user. Configuration is done entirely through the user interface and is non-technical, it does not involve coding. End users can configure their own data models which results in highly varied environments. n Finding information. GRC Cloud provides targeted intuitive guidance that helps users know what to do and where to go. New client-side angular JavaScript technology enables extremely fast interaction, configuration, searching, and filtering on GRC data. Resolver s intelligent caching enables a perfect balance of performance and availability. Light users who access the software infrequently don t know what to do or where to go and need simple interfaces. Heavy users prefer interfaces that present a large amount of data on one screen to minimize navigation Benefits of the Resolver GRC Cloud One of the benefits of Resolver s GRC Cloud is found in their approach to GRC Programs and Activities. This enables the organization to reduce their documentation, improve navigation through the application, and simplify the end user experience. To put it another way, it has been stated that: Any intelligent fool can make things bigger, more complex and more violent. It takes a touch of genius and a lot of courage to move in the opposite direction. 2 A primary directive of GRC should be to provide GRC engagement that is simple yet gets the job done. Like Apple with its innovative technologies, organizations must approach GRC engagement in a way that re-architects the way it works as well as the way it interacts. The GRC goal is simple: it is itself Simplicity. Simplicity is often equated with minimalism. Yet true simplicity is more than just absence of clutter or removal of embellishment. It s about offering up the right GRC information, in the right place, when the individual needs it. It s about bringing interaction and engagement to GRC process and data. GRC interactions should be intuitive. Through intuitive interface design centered on GRC Program and Activities, the result is more collaborative users with higher participation and quality of data. Another critical benefit is Resolver GRC Cloud s flexibility to adapt to new and emerging regulations. Organizations can create new programs and activities that tailor specifically to their need. The end results that clients of Resolver GRC Cloud state they have achieved, include: Reduced documentation 2 This quote has been attributed both to Einstein and E.F. Schumacher. 8

Reduced training Reduced assessment time Improved employee use of the solution Enhanced reporting & dashboards Flexibility to adapt to changing standards and regulations Support for a wide variety of GRC roles and use cases Support for users with multiple roles Considerations in Context of Resolver GRC Cloud Every solution has its strengths and weaknesses, and may not be the ideal fit for all organizations in all situations. While GRC 20/20 has identified many positive attributes of Resolver GRC Cloud to enable Enterprise GRC programs with an intuitive and agile user experience readers should not see this as a complete and unquestionable endorsement of Resolver GRC Cloud. Overall, clients have shown a high degree of satisfaction with their use and implementation of Resolver GRC Cloud for Enterprise GRC as well as a variety of department, regulatory, and risk specific use cases. Clients have a lot of positive feedback on Resolver as a company as well as the Resolver GRC Cloud solution and find it to be an easy to use and adaptable solution for their GRC strategy and processes. GRC 20/20 is finding that Resolver GRC Cloud is establishing itself as a next generation GRC platform that is breaking free of the rigidity, complexity, and cost of legacy GRC platforms of the past decade. 9

About GRC 20/20 Research, LLC GRC 20/20 Research, LLC (GRC 20/20) provides clarity of insight into governance, risk management, and compliance (GRC) solutions and strategies through objective market research, benchmarking, training, and analysis. We provide objective insight into GRC market dynamics; technology trends; competitive landscape; market sizing; expenditure priorities; and mergers and acquisitions. GRC 20/20 advises the entire ecosystem of GRC solution buyers, professional service firms, and solution providers. Our research clarity is delivered through analysts with real-world expertise, independence, creativity, and objectivity that understand GRC challenges and how to solve them practically and not just theoretically. Our clients include Fortune 1000 companies, major professional service firms, and the breadth of GRC solution providers. Research Methodology GRC 20/20 research reports are written by experienced analysts with experience selecting and implementing GRC solutions. GRC 20/20 evaluates all GRC solution providers using consistent and objective criteria, regardless of whether or not they are a GRC 20/20 client. The findings and analysis in GRC 20/20 research reports reflect analyst experience, opinions, research into market trends, participants, expenditure patterns, and best practices. Research facts and representations are verified with client references to validate accuracy. GRC solution providers are given the opportunity to correct factual errors, but cannot influence GRC 20/20 opinion. GRC 20/20 Research, LLC 4948 Bayfield Drive Waterford, WI 53185 USA +1.888.365.4560 info@grc2020.com www.grc2020.com

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information