Solution Viewpoint Governance, Risk Management & Compliance Insight ERP MAESTRO. March 2014. Automated Security & Access Controls Through the Cloud



Similar documents
April 2014 SAI GLOBAL. Delivering Effective Compliance Solutions & Architecture. Solution Viewpoint Governance, Risk Management & Compliance Insight

Convercent Predictive Analytics

Resolver GRC Cloud. Innovation in User Experience for Enterprise GRC SOLUTIONPERSPECTIVE. September 2015

DOUBLECHECK VENDOR MANAGEMENT

Transform Invoice Management with a Hybrid of Cloud and On-Premise Software

Policy Management Build vs. Buy: Why Policy Management Software Makes Sense

Minimize Access Risk and Prevent Fraud With SAP Access Control

EMPOWERING THE TAX DEPARTMENT With ERP and Tax Depreciation Integration. >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> White Paper

Chartis RiskTech Quadrant for Model Risk Management Systems 2014

How Can I Better Manage My Software Assets And Mitigate The Risk Of Compliance Audits?

Managing Expansion and Complexity in Growing Chemical Enterprises

Elevate Your Customer Engagement Strategy with Cloud Services

1 Introduction Product Description Strengths and Challenges Copyright... 5

Streamline Processes and Gain Business Insights in the Cloud

Start Anywhere and Go Everywhere with Cloud Services for HR

Master Data Governance Find Out How SAP Business Suite powered by SAP HANA Delivers Business Value in Real Time

Chartis RiskTech Quadrant for Operational Risk Management Systems

ECM Migration Without Disrupting Your Business: Seven Steps to Effectively Move Your Documents

Infosys: Treating Governance and Compliance Strategically with SAP Access Control

The Cloudburst: Hitting New Heights With Cloud-Based Environmental Software. White Paper. Enviance

Automate Complex Pay Rules While Streamlining Time and Attendance Management

Strategies for assessing cloud security

SaaS and Cloud ERP Trends, Observations, and Performance 2011

Chartis RiskTech Quadrant for Solvency II Technology Solutions

Issue in Focus: Integrating Cloud PLM. Considerations for Systems Integration in the Cloud

S24 - Governance, Risk, and Compliance (GRC) Automation Siamak Razmazma

Reaching New Heights: Providing Consistent and Sustainable High Performance at the State Level

An Oracle White Paper January Access Certification: Addressing & Building on a Critical Security Control

A TECHNICAL WHITE PAPER ATTUNITY VISIBILITY

Governed Migration using Dell One Identity Manager

Business-Driven, Compliant Identity Management

agility made possible

Outperform Financial Objectives and Enable Regulatory Compliance

Jabil builds momentum for business analytics

Integrated Sales and Operations Business Planning for Chemicals

Increase Business Velocity with Connected, Insightful, Cloud-Based Software

PwC The Path Forward for Data Analysis and Continuous Auditing May 2011

ENTERPRISE MANAGEMENT AND SUPPORT IN THE TELECOMMUNICATIONS INDUSTRY

SAP ERP FINANCIALS ENABLING FINANCIAL EXCELLENCE. SAP Solution Overview SAP Business Suite

Professional Services in Cloud ERP

Top 5 reasons to choose HP Information Archiving

Enterprise Information Management Services Managing Your Company Data Along Its Lifecycle

2016 GRC Technology Strategy

Security management White paper. Develop effective user management to demonstrate compliance efforts and achieve business value.

Tapping the benefits of business analytics and optimization

How can Content Aware Identity and Access Management give me the control I need to confidently move my business forward?

Improve Information Governance Through Clarity and Collaboration

END TO END DATA CENTRE SOLUTIONS COMPANY PROFILE

Delivering Enterprise Value with Oracle Governance, Risk, and Compliance. Executive Summary. Table of Contents

Increase Business Intelligence Infrastructure Responsiveness and Reliability Using IT Automation

The Business Case for Using Big Data in Healthcare

Detect, Prevent, and Deter Fraud in Big Data Environments

Discover, Cleanse, and Integrate Enterprise Data with SAP Data Services Software

Field Service in the Cloud: Solving the 5 Biggest Challenges of Field Service Delivery

Cloud Services Catalog with Epsilon

Optimizing government and insurance claims management with IBM Case Manager

Effective Model Risk Management for Financial Institutions: The Six Critical Components

SAP BusinessObjects Edge BI, Standard Package Preferred Business Intelligence Choice for Growing Companies

Governance, Risk, and Compliance (GRC) White Paper

Top 5 reasons to choose HP Information Archiving

SOLUTION BRIEF Improving SAP Security With CA Identity and Access Management. improving SAP security with CA Identity and Access Management

Business Transformation with Cloud ERP

IBM Tivoli Netcool network management solutions for enterprise

IT audit updates. Current hot topics and key considerations. IT risk assessment leading practices

Five steps to improving the customer service experience

IMPROVING AUDIT READINESS BY MANAGING YOUR DYNAMICS ERP

APPROACHES TO SPEND ANALYSIS AND SOURCING WITH IMMEDIATE ROI THAT NO ONE TOLD YOU ABOUT, UNTIL NOW

ENTERPRISE MANAGEMENT AND SUPPORT IN THE INDUSTRIAL MACHINERY AND COMPONENTS INDUSTRY

Brochure. ECM without borders. HP Enterprise Content Management (ECM)

The Advantages of Common Data Management Software (LLRW)

Table of contents. Best practices in open source governance. Managing the selection and proliferation of open source software across your enterprise

Manufacturing Strategies that Win: Executive View of the Cloud Executive Brief

I D C V E N D O R S P O T L I G H T

Microsoft Dynamics NAV for Government Contractors


BEST PRACTICES IN AP AUTOMATION

Speed Business and Delight Customers with Signature Management

ORACLE PROCUREMENT AND SPEND ANALYTICS

OCC 98-3 OCC BULLETIN

An Oracle White Paper November Financial Crime and Compliance Management: Convergence of Compliance Risk and Financial Crime

ORACLE PLANNING AND BUDGETING CLOUD SERVICE

A Buyer s Guide to Enterprise Performance Management Suites

Drive Performance and Growth with Scalable Solutions for Midsize Companies

Reducing Cost and Risk Through Software Asset Management

Get Invoice Processing That s Ready for the Digital Economy and Your IT Landscape

SOLUTION BRIEF CA SERVICE MANAGEMENT - SERVICE CATALOG. Can We Manage and Deliver the Services Needed Where, When and How Our Users Need Them?

Making Business Intelligence Easy. White Paper Spreadsheet reporting within a BI framework

A Risky Business: The True Costs of Spreadsheets

An Enterprise Resource Planning Solution (ERP) for Mining Companies Driving Operational Excellence and Sustainable Growth

Cloud Security Benchmark: Top 10 Cloud Service Providers Appendix A E January 5, 2015

TALKING LICENSE MANAGEMENT AND THE IT LIFECYCLE

SAP Solution Manager: The IT Solution from SAP for IT Service Management and More

RESEARCH NOTE TECHNOLOGY VALUE MATRIX: ANALYTICS

Brazil T&E Management

Buyers Guide to ERP Business Management Software

How To Understand The Benefits Of Cloud Computing

2013 WAN Management Spectrum. October 2013

8 Tips for Winning the IT Asset Management Challenge START

Driving Excellence in Implementation and Beyond The Underlying Quality Principles

Module 6 Essentials of Enterprise Architecture Tools

Transcription:

March 2014 ERP MAESTRO Automated Security & Access Controls Through the Cloud Solution Viewpoint Governance, Risk Management & Compliance Insight INNOVATOR 2014

Table of Contents Executive Summary.... 3 Growing Need for Access Control and Segregation of Duties... 3 However, Existing Access Control/SoD Solutions are Out of Reach for Many... 4 ERP Maestro: An Integrated Capability for GRC Management & Analytics 4 The Value of ERP Maestro... 4 Capabilities of ERP Maestro... 6 Considerations About ERP Maestro... 6 GRC 20/20 s Final Perspective...... 7 TALK TO US... We look forward to hearing from you and learning what you think about GRC 20/20 research. GRC 20/20 is eager to answer inquiries from organizations looking to improve GRC related processes and utilize technology to drive GRC efficiency, effectiveness, and agility.

ERP MAESTRO Automated Security & Access Controls Through the Cloud EXECUTIVE SUMMARY Organizations face increased pressure to ensure business applications such as Enterprise Resource Planning (ERP) systems are secure and access control risks are managed in the context of a dynamic business environment. Segregation of Duties (SoD), inherited rights, critical and super user access, and changes to roles are too much for today s organization to manage adequately in manual processes involving spreadsheets, documents, and email as they are time-consuming, prone to mistakes and errors, and can leave the business exposed. By automating access controls, organizations take a proactive approach to avoiding risk while cutting down the cost and time required maintaining controls, being compliant, and mitigating risk. However, automated access control/sod solutions are known to be exorbitantly expensive and take a considerable amount of consulting resources and time to implement. ERP Maestro is an innovative access control/sod solution that GRC 20/20 has researched that takes a cost effective approach by using the cloud to make automated access control/sod efficient and agile as well as effective. ERP Maestro has proven that it is as or more effective in access control and SoD as its competitors but it does this at a fraction of the cost to implement and maintain. GROWING NEED FOR ACCESS CONTROL AND SEGREGATION OF DUTIES Business is all about change. Change is the single greatest governance, risk management, and compliance (GRC) challenge today. Today s organization is in a continuous state of change as with shifting employees: new ones are hired, others change roles, while others leave or are terminated. As your business relationships change with suppliers, vendors, contractors, outsourcers, service providers and temporary workers, each will have access to internal systems at different times. These businesses also have constantly changing employees. Business processes and technology change at a rapid pace. In the context of change, internal controls over financial reporting, regulatory requirements (e.g., SOX), internal and external auditors, and fraud risk put increased pressure on corporations to ensure ERP systems are secure and access control risks are managed in the context of a dynamic business environment. Growing exposure to risk and increasing regulations require greater oversight of access to critical ERP systems with audit validation. Access control is not just about compliance; it is also about consistent operations. The organization needs segregated and defined responsibilities and processes that are reliable and behave consistently. Access control delivers a structured system of access governance that enables processes to work as intended without malicious or inadvertent issues. To address access control risk, organizations are establishing a strategy for access control and SoD with process and technology to build and maintain an access control program that balances business agility, control, and security to mitigate risk, reduce loss/exposure, and satisfy auditors and regulators while enabling users to perform their jobs. SoD, inherited rights, critical and super user access, and changes to roles are too much for today s organization to manage adequately in manual processes involving spreadsheets and email. The Bottom Line: Manual approaches to managing access in the ERP environment are timeconsuming, prone to mistakes and errors, and leave the business exposed. By automating access controls, organizations take a proactive approach to avoiding risk while cutting down the cost and time required maintaining controls, being compliant, and mitigating risk 2014 GRC 20/20, LLC; Licensed to ERP Maestro for Redistribution Solution Viewpoint www.grc2020.com 3

Surprisingly, many organizations still use these document centric and manual processes to manage access control and SoD risk. This is primarily done through spreadsheets, word processing documents, and email. Not only are these approaches inefficient and ineffective, slowing the business down, but they introduce greater exposure to risk and noncompliance, as it is nearly impossible to keep up with the changing pace of the business. The challenge of managing access control in the ERP environment is burdensome when done with manual and document centric approaches. The typical organization runs a combination of security and access reports, and compiles access information into documents and spreadsheets that are sent out via email (used as an improvised workflow tool) for review and analysis. At the end of the day, significant time is spent running reports and compiling and integrating that information into documents and spreadsheets to send out for review. This ends up costing the organization in wasted resources, errors in manual reporting, and audit time drilling into configurations and testing access controls in the ERP environment. Organizations often miss things, as there is no structure of accountability with audit trails. This approach is not scalable and becomes unmanageable over time. It leads to a false sense of control due to reliance on potentially inaccurate and misleading results from errors produced by manual access control processes. Access control and SoD issues multiply when you consider the complex interrelationship of different ERP instances and access across the business environment. Organizations struggle to manage access risk within one instance of ERP; managing access across multiple ERP systems causes an exponential growth in time and resources when done by a manual and document-centric approach. In a heterogeneous environment, these challenges only become more complicated. The bottom line: manual approaches to managing access in the ERP environment are time-consuming, prone to mistakes and errors, and leave the business exposed. By automating access controls, organizations take a proactive approach to avoiding risk while cutting down the cost and time required maintaining controls, being compliant, and mitigating risk. HOWEVER, EXISTING ACCESS CONTROL/SOD SOLUTIONS ARE OUT OF REACH FOR MANY To meet this challenge there are robust and effective access control/sod solutions on the market. However, they have only been effective for large organizations with the budget to embrace them. While effective in these circumstances, these solutions are not efficient (e.g., human and financial capital) or agile. Automated access control/sod solutions are known to be exorbitantly expensive and take a considerable amount of consulting resources and time to implement. These solutions remain out of reach for many organizations while the pressure from auditors to be thorough in access control and SoD controls continues to build. The large software fees, hardware costs, consultant fees and complex training projects remain a challenge today for organizations of all sizes, particularly the small to medium sized organizations, to implement access control/sod solutions. Existing solutions, while often effective in addressing the SoD and access control risk, cost too much in capital and time to implement. Average costs to implement these solutions has been similar to the following: Software. These solutions come with initial product price tags of $300,000 - $500,000 (in many cases even more). That is just to purchase the solutions and implementation, maintenance, and upgrade costs add to this. Consulting. Consulting time to implement these solutions can take up to 6 months or more to complete at an additional cost of $200,000 - $300,000 (or more). Hardware & IT resources. There are also hardware and IT resource costs, as these solutions require the use of capital-intensive corporate servers, and IT staff to oversee the installation, operations, and maintenance of these solutions. ERP MAESTRO: AN INTEGRATED CAPABILITY FOR GRC MANAGEMENT & ANALYTICS ERP Maestro is a GRC (governance, risk management, and complianc) solution that GRC 20/20 has researched, evaluated, and reviewed with organizations that are using it in distributed and dynamic business environments. The solution is innovative as it takes a cost effective approach by using the cloud to make automated access control/ SoD efficient and agile as well as effective. ERP Maestro delivers on GRC value by enabling management of access governance, risk management, and compliance across the SAP ERP environment. THE VALUE OF ERP MAESTRO Successful GRC delivers the ability to effectively mitigate risk, meet requirements, satisfy auditors, achieve human and financial efficiency, and the agility meet the demands of a changing business environment. GRC solutions should achieve better performing processes that utilize more reliable information. This enables a better performing, less costly, more flexible business environment. Focusing on the challenge of managing access in ERP environments, GRC 20/20 interviewed several organizations using ERP Maestro to determine their overall experience. 4 www.grc2020.com Solution Viewpoint 2014 GRC 20/20, LLC; Licensed to ERP Maestro for Redistribution

These interviews included a Big 4 advisory/accounting firm, a global security & asset protection company with 69,000 employees, and a global post-ipo manufacturer. Each articulated value they have achieved in greater efficiency, effectiveness, and agility to their business and its operations. By consolidating a variety of approaches - from manual processes, documents, spreadsheets, and e-mail as workflow to custom-developed solutions or other software solutions, they were able to drive greater levels of efficiency, effectiveness, and agility in their ERP environment and related business processes. GRC Efficiency GRC solutions provide efficiency and savings in human and financial capital resources. Technology solutions that support business and GRC processes reduce operational costs by automating processes, particularly those that take a lot of time consolidating and reconciling information in order to manage and mitigate risk and meet compliance requirements. GRC efficiency is achieved when there is a measurable reduction in human and financial capital resources needed to address GRC in the context of business operations. The organizations researched by GRC 20/20 identified the following efficiencies in their access control and SoD processes as a direct result of implementing ERP Maestro: Minimized staff resources and time in addressing access controls and segregation of duties in their ERP environment. Reduced implementation time & cost by leveraging ERP Maestro s cloud approach. Automation of provisioning, certification, and review by the business. Reduction in internal audit time to assure that access controls and SoD is enforced in the ERP environment. Expectation of potential reduction in external audit fees in evaluating access control and SoD in providing assurance. Of particular note: automated access control and SoD solutions are known to be exorbitantly expensive and take a considerable amount of resources to implement. ERP Maestro s solution provides access control, SoD and sensitive access analytics and reporting over a completely cloud-based architecture. With a cloud-based access control solution customers receive cost benefits of a multi-tenant environment as well as the exclusivity and security of a dedicated server. GRC Effectiveness GRC solutions achieve effectiveness in risk, control, compliance, audit, and business process. This is delivered through greater assurance of the design and operational effectiveness of controls to mitigate risk, achieve performance, protect integrity of the organization, and meet regulatory requirements. GRC effectiveness is validated when business processes are operating within the controls and policies set by the organization and provide greater reliability of information to auditors and regulators. The organizations GRC 20/20 interviewed reported the following effectiveness in their access control and SoD processes as a direct result of implementing ERP Maestro: Reduction in errors in reporting that were inherent in manual processes. Ease of integration and implementation with their ERP environment. Accuracy and elimination of false positives that competitive solutions had in the environment. Audit effectiveness in being complete in access control and SoD analysis as opposed to random sampling. Access risk intelligence to understand where risks were and be able to monitor them. Removal of manual processes that were ineffective at controls. Note, one organization set up five test cases when testing ERP Maestro thinking that is all it would find. ERP Maestro actually found six: it discovered another issue in the environment that the organization was entirely unaware of. GRC Agility GRC solutions deliver business agility when organizations are able to rapidly respond to changes in the internal business environment (e.g. employees, business relationships, operational risks, mergers and acquisitions) as well as the external environment (e.g. economic risk, new laws, and regulations). GRC agility is also achieved when organizations can identify and react quickly to control failures/weaknesses, non-compliance, and adverse events in a timely manner so that action can be taken. The organizations interviewed reported the following agilities in their access control and SoD processes as a direct result of implementing ERP Maestro: Speed of fulfilling access audits/assessments went from weeks in manual processes with random sampling to a matter of hours for complete review. 2014 GRC 20/20, LLC; Licensed to ERP Maestro for Redistribution Solution Viewpoint www.grc2020.com 5

Ability to quickly integrate new ERP systems using an easy to install agent with ERP Maestro s cloud-based architecture. Closed loop access control and elimination of partial random sampling. Agility through consistency in regular automated monitoring and reporting. Shared resources in the cloud-based architecture allow for scalability of processing when it is needed to get the job done quicker than what competitors offer. CAPABILITIES OF ERP MAESTRO The ERP Maestro Access Analyzer solution is innovative as it is contained within a cloud-based architecture that dynamically grows and shrinks based on demand. The solution provides SoD and sensitive access analytics and reporting over this completely cloud-based architecture. Their unique reporting graphically identifies risks and remediation paths. With a cloud-based delivery mechanism of an access control solution, customers receive cost benefits of a multi-tenant environment and the exclusivity and security of a dedicated server. The cost savings associated with on demand allocation of servers is passed on the subscribing customer, allowing small to medium enterprises to afford an enterprise Access Control solution. The solution is innovative as it pools a massive amount of cloud-based resources to provide on demand server allocation as a dedicated server when needed by the client, while dormant servers are deactivated or recycled to other customers. The solution is contained within a deployment that dynamically grows and shrinks based on its demand (number of organizations using the system). End users have anywhere, anytime access to a web interface that allows them to connect to their ERP system (SAP is the only ERP currently supported by ERP Maestro). The data is securely analyzed using an on demand, dedicated server located in a server farm, then the results are compiled into multiple reports for consumption. While cloud technology isn t new, ERP Maestro s ability to process analytics on hundreds/thousands of client simultaneously based on it analytics engine is indeed new and innovative technology, which empowers them to offer a premium service at a low subscription fee. Interestingly, this can serve as a bridge for companies implementing SAP GRC10. Large companies want a stopgap solution for the complex implementation process that represents GRC10. Some companies are waiting for budget approvals and/or developing a business case. ERP Maestro s solution price point allows it to serve, as that stopgap solution to address SoD needs until the SAP GRC solution ERP Maestro has proven that it is as or more effective in access control and SoD as its competitors but it does this at a fraction of the cost to implement and maintain. is implemented. ERP Maestro is of particular interest to small and medium sized organization that can now afford the implementation of an enterprise access control solution because of ERP Maestro s model. The entire process is no longer expensive, complex and drawn out, allowing funds to be focused on remediation efforts. The simplicity of their subscriptionbased service empowers companies that traditionally would not pursue an access control solution, to now proliferate the capability and manage the risk of SoD more effectively. Particular capabilities of the ERP Maestro solution allows the organization to: Identify Access Control Issues Remediate/Monitor/Resolve Access Risk Reduce Sensitive Access Risk Audit Access Authorizations Meet Regulatory Requirements Prevent Fraud & Embezzlement Manage & Mitigate User/Role Conflicts What-If User Simulations CONSIDERATIONS ABOUT ERP MAESTRO Every solution has its strengths and weaknesses, and may not be the ideal fit for all organizations in all situations. While GRC 20/20 has identified a lot of positive things about ERP Maestro and their innovative approach in access control and SoD analytics readers should not see this as a complete and unquestionable endorsement of ERP Maestro. ERP Maestro is a small solution provider that is young and has a lot of growth potential before it. Small vendors do bring risk as they have not fully established themselves, but ERP Maestro is already showing promising signs as the technology has proven itself in real world client implementations that were nearly flawless in implementation. 6 www.grc2020.com Solution Viewpoint 2014 GRC 20/20, LLC; Licensed to ERP Maestro for Redistribution

ERP Maestro is also still growing in capabilities. They currently only support SAP but are working to add in other ERP solutions. Their solution also does not offer all of the features of some of their established competition but this is something they are also working on as they grow. They have current development projects in process to bring emergency access management and Oracle ERP support in the future. GRC 20/20 S FINAL PERSPECTIVE... There are successful access control and SoD solutions in the market today that organizations have found very effective though very expensive to implement and maintain. ERP Maestro is taking a fresh and innovative approach by using a cloud-based architecture to make access control and SoD efficient and agile as well as effective. The major point is efficiency. ERP Maestro has proven that it is as or more effective in access control and SoD as its competitors but it does this at a fraction of the cost to implement and maintain. Organizations have become conditioned that access control projects have to be costly, lengthy and complex and are not aware that new and innovative solutions overcome these obstacles. This makes ERP Maestro attractive to small to mid-sized organizations that have always seen access control and SoD solutions as needed, while previously out of reach. But it also makes ERP Maestro a competitive force for large organizations that want to be as effective in access control and SoD, but with less cost to implement and maintain. INNOVATOR 2014 ERP Maestro Awarded GRC 20/20 s 2014 GRC Technology Innovation Award 2014 GRC 20/20, LLC; Licensed to ERP Maestro for Redistribution Solution Viewpoint www.grc2020.com 7

ABOUT THE AUTHOR Michael Rasmussen, J.D., GRCP, CCEP and OCEG Fellow Chief GRC Pundit @ GRC 20/20 Research, LLC Michael Rasmussen is an internationally recognized pundit on governance, risk management, and compliance (GRC) with specific expertise on the topics of enterprise GRC strategy, process, and technologies. He helps organizations improve GRC processes and choose technologies that are effective, efficient and agile. He is a sought-after keynote speaker, author, and advisor and is noted as the Father of GRC being the first to define and model the GRC market in February 2002. ABOUT GRC 20/20 GRC 20/20 Research, LLC (GRC 20/20) provides clarity of insight into governance, risk management, and compliance (GRC) solutions and strategies through objective market research, benchmarking, training, and analysis. We provide independent and objective insight into leading GRC practices and processes, including market dynamics and intelligence; risk, regulatory and technology trends; competitive landscapes; market sizing; expenditure priorities; and mergers and acquisitions. GRC 20/20 advises the entire ecosystem of GRC solution buyers, professional service firms, and solution providers. We serve the needs of organizations that seek clarity, guidance and advice in dealing with a dizzying array of disruptive issues, processes, information and technologies while trying to maintain control of a distributed and dynamic business environment. Whether focused on a specific risk or regulatory issue, or even enterprise-wide GRC strategy, organizations seek clarity through GRC 20/20. This clarity is delivered through analysts with real-world expertise, independence, creativity, and objectivity that understand GRC challenges and how to solve them practically and not just theoretically. Our clients include Fortune 1000 companies, major professional service firms, and the breadth of GRC solution providers. GRC 20/20 Research, LLC 4948 Bayfield Drive Waterford, WI 53185 USA +1.888.365.4560 info@grc2020.com www.grc2020.com RESEARCH METHODOLOGY GRC 20/20 research reports are written by experienced analysts with hands-on experience selecting, developing, and implementing GRC management systems and processes globally for international organizations across industries. GRC 20/20 evaluates all GRC solution providers using consistent and objective criteria, regardless of whether or not they are a GRC 20/20 client. The findings and analysis in GRC 20/20 research reports reflect analyst experience, opinions, research into market trends, participants, expenditure patterns, and best practices. Research facts and representations are verified with actual client references to validate accuracy. GRC solution providers are given the opportunity to correct factual errors, but cannot influence GRC 20/20 opinion. GRC 20/20 uses a combination of sources to gather market intelligence. These include (but are not limited to): GRC Solutions Provider Evaluation Forms. A detailed set of questions covering functional and nonfunctional aspects of GRC solutions, as well as market factors. GRC Solution User Surveys. As part of its on-going research cycle, GRC 20/20 systematically surveys GRC solution users and buyers, eliciting feedback on solution providers, satisfaction levels, and preferences. Interviews with Subject Matter Experts. GRC 20/20 undertakes comprehensive interviews and briefing sessions with leading industry experts, academics, and consultants to provide insight into market trends, vendor solutions, and evaluation criteria. Customer Reference Checks. These are telephone and email reference checks with named customers of solution providers to validate strengths and weaknesses, and to assess experience and satisfaction levels. Vendor Briefings. These are face-to-face and/or web-based briefings and product demonstrations by solution providers. During these sessions, GRC 20/20 asks probing questions to understand the strengths and weaknesses of each provider. Third Party Sources. GRC 20/20 uses other third party sources of information such as conferences, academic and regulatory studies, collaboration with leading consulting firms, knowledge providers, and industry associations such as the Open Compliance and Ethics Group (www.oceg.org). 2013 GRC 20/20 Research, LLC. All rights reserved. No part of this publication may be reproduced, adapted, stored in a retrieval system or transmitted in any form by any means, electronic, mechanical, photocopying, recording or otherwise, without the prior written permission of GRC 20/20. If you are authorized to access this publication, your use of it is subject to the Usage Guidelines established in client contract. The information contained in this publication is believed to be accurate and has been obtained from sources believed to be reliable. Please note that the findings, conclusions and recommendations that GRC 20/20 delivers in this research is based on information gathered in good faith, whose accuracy we cannot guarantee and is subject to change. It also consists of opinions of GRC 20/20 analysts and should not be construed as statements of fact. GRC 20/20 disclaims all warranties as to the accuracy, completeness or adequacy of such information and shall have no liability for errors, omissions or inadequacies in such information. Although GRC 20/20 may include a discussion of related legal issues, GRC 20/20 does 2014 not provide GRC legal 20/20, advice LLC; Licensed or services to ERP and Maestro its research for Redistribution should not be construed or used as such. Solution Viewpoint www.grc2020.com 8

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information