Jul 2018

The Seven Performance Steps to Managing Risk, the NIST Way

Blog Highlights

  • Understand Cyber Risk priorities and scope

  • Orient - Identify related systems and assets

  • Create a current profile

  • Conduct a Cyber Risk review

  • Create a target profile

  • Determine, analyze, and prioritize the gaps

  • Implement a Cyber Risk action plan

Jun 2018

What Senior Execs Need to Know about their Cyber Risk Program

Blog Highlights

  • The Senior Exec’s contributions to the success of the program

  • Defining the program's scope and boundaries

  • Improving information exchanges between the Senior Exec and their staff

  • Recommended performance steps to a comprehensive Cyber program

  • Targets need to be mindful of goals, mission, customers, and strategies

  • Choosing a framework that follows your program and organization is extremely important

  • Selecting reports that help Senior Execs understand the current state, actions, and expectations

May 2018

Why a Great ERM System Matters

Blog Highlights

  • GRC fulfills a critical role in the support of risk and security across the enterprise

  • ERM’s unitary authoritative repository for risk information, including cyber risk

  • Mapping of corporate policies to framework standards, and risk status findings to remediation

  • Providing context to raw IT metrics and data often associated with cyber risk monitoring and detective tools and processes

  • Criticality of report creation and publications

  • ERM’s contribution to the organizational efficiency of the risk program

  • ERM’s cumulative features and how they ground risk management efforts firmly in the roots of the business

Apr 2018

What Your Board Expects of Cyber Risk Management

Blog Highlights

  • Boards need to understand that cybersecurity, and therefore cyber risk, is an enterprise matter

  • Cyber risk extends beyond the sphere of IT management

  • Boards need to understand how cyber risk is unique

  • Relating cyber risks to key corporate objectives is critical, and so are mitigation strategies

  • Expecting clarity of its risk leadership

  • Understanding what Cyber Risk management will cost and why

  • Why GRC can help

Mar 2018

ERM - Enterprise Risk Management

How Technology Enables Enterprise Risk Management

Blog Highlights

  • Learn how risk management information architecture supports the process architecture and overall risk management strategy

  • Integrate information across risk management systems and business systems

  • Understand how to operationalize the information and process architecture to support the overall risk management strategy

  • Review key technology choices

  • See how the right risk management technology architecture choice for an organization often involves the integration of several components into a core risk management platform solution

  • Learn what core capabilities organizations should consider in a risk management platform

Feb 2018

ERM - Enterprise Risk Management

Components for Developing an ERM Strategy

Blog Highlights

  • Understand why an organization needs to have holistic visibility and situational awareness into risk relationships across the enterprise

  • Uncover the differences in approaches Organizations take for managing risk

  • Review the difference between Anarchy, Monarchy, and Federated approaches

  • Learn the core elements of the risk management strategic plan

Feb 2018

The Evolution Of GRC As Compliance And Risk Management Become More Complex

Blog Highlights

  • Realize the importance of tailoring the user interface to a particular role within the organization

  • Determine how Use-Case modeling improves efficiency and effectiveness of stakeholders

  • Understand why a "single source of truth" is critical to help an organization obtain consistent and meaningful insights into its performance across the enterprise

Feb 2018

A Director’s View Of Risk: Opportunities For True Enterprise GRC

Blog Highlights

  • Learn the three crucial aspects of the board of directors’ engagement with enterprise risk and compliance activities

  • Understand why lack of GRC reporting sophistication limits the kind of information provided to directors

  • See how the configurability of a system’s workflows can assist in the adaption of information delivery to board needs

  • Uncover how the use of analytics and visualization can assist in the comprehension of risk and compliance

  • Discover effective uses of visualization that can facilitate board members’ interrogation of data and recognition of patterns in compliance changes

Feb 2018

The Configurability of Workflows With GRC

Blog Highlights

  • Learn how solutions with “configurable” workflows are predesigned to be adaptable to particular use cases without customization

  • Understand how they offer a closer fit to the organization’s processes without incurring the additional costs and delays of customizing the solution

  • Weigh how configurable solutions help to control the implementation costs of the investment, which helps to speed time to value of the investment

  • See how they enhance the total impact of the solution by helping to match the solution’s workflow capabilities to the organization’s needs

  • Controls total cost and ownership of the solution

  • Help to speed time to value and improve the ultimate return on the investment

  • View the advantages of configurable workflows and the many factors that an organization needs to consider

Feb 2018

Managing Risk & Compliance Across 3rd Party Relationships

Blog Highlights

  • Understand the need to focus on intuitiveness and ease of use in a Vendor Management software deployment

  • Learn how to deliver a holistic understanding and prioritization of risk and compliance aligned with the business

  • Uncover how GRC effectiveness is validated through greater assurance of the design and operational effectiveness of controls to mitigate risk, achieve performance, protect the integrity of the organization, and meet regulatory requirements

  • Find out how GRC solutions can deliver business agility when organizations respond rapidly to changes in the business environment

  • Learn how Vendor Management solutions can deliver critical capabilities that make GRC programs effective as well as efficient and agile

Feb 2018

The Building Blocks Of An Effective, Efficient & Agile Third-party Risk Management Program

Blog Highlights

  • Learn how to attest that risk and compliance are managed across extended business relationships

  • Understand how reputation and economic disaster can occur when establishing or maintaining the wrong business relationships or maintaining weak oversight

  • Uncover the common mistakes made with Third party relationships and how they introduce critical and significant exposure to risk to business today

  • Create the building blocks of an effective, efficient, and agile third-party risk management program

  • Realize the organizational benefits that an ideal platform delivers between extended business partners and employees as well as internal staff

Feb 2018

SOX Compliance Solution Implementation Outcomes

Blog Highlights

  • Review deployment comparisons regarding timing, user adaption and acceptance, business user impact, SOX Controls assessment administration and management impacts, and reports creation and consumption

  • Compare Implementation outcomes to benchmarks

  • Analysis of Implementation Best Practices demonstrated

  • Review factors contributing to implementation effectiveness

  • Importance of obtaining Executive-level support

  • Adapt a Show-Me approach to vendor claims

  • Review formalized Project Management practices

  • Review key observations and takeaways

Feb 2018

SOX Compliance Solution Investment and Implementation Process Review

Blog Highlights

  • Understand Business Case, Requirements Development timelines, and Solution Evaluation and Selection timelines

  • See how a Fortune 500 firm alignment solution requirements to underlying business needs

  • Examine how they executed Solution Discovery and Selection, the RFP process, Vendor Demonstrations, Solution selection, and deployment and rollout plans

  • Review deployment roles and responsibilities in a RACI (responsible, accountable, consulted, and informed) Matrix

  • Learn implementation process components and strategic approaches

  • Uncover additional contributing factors to GRC success

Feb 2018

SOX Controls Management and Best Practices in Compliance System Implementation

Blog Highlights

  • Learn how speed and effectiveness of implementation tie closely to the success of and satisfaction with the investment in a GRC platform

  • Identify crucial best practices which will enable organizations to achieve similar results in their own implementations

  • Review the experiences of a public, global professional services and technology provider, as it installed a new compliance system dedicated to supporting its Sarbanes Oxley (SOX) controls testing and review processes

  • Review and understand Best Practices used in a deployment

  • Understand how this new process succeeded with approximately 400 testers, reviewers, and peer reviewers

  • Uncover key technology challenges and investment drivers

  • Review key features and characteristics of a Controls Management Platform

Feb 2018

Business Value Observed In Audit Process Automation

Blog Highlights

  • Identify how Audit process automation, by contrast, places separate, siloed solutions into a single, integrated solution

  • Uncover efficiencies that ultimately frees the audit team to engage in more value-adding tasks

  • Address the complex audit environment with a solution that focuses on assurance, risk avoidance, internal overhead, and speed of business operations

  • Learn how to create a stronger and more efficient organization

  • Understand the three main value propositions associated with the automated audit process

  • Identify the characteristics and observed business impact benefits of Audit Process Automation

Feb 2018

Investigating And Analyzing The Impact And Business Value Of Multi-Functional Audit Process Automation Strategy

Blog Highlights

  • Analyze the relative impact and business value of audit process automation strategy, solution components, and value propositions for organizations confronted by complex audit environments

  • Learn about the characteristics of the audit environment, the business pressures on audit performance, obstacles and objectives leading to investment in audit management, components of the audit management solution employed, and resulting operational and business impact of the investment

  • See how key audit process automation impacted the functional and business operations of two distinct firms

Feb 2018

The Impact of Audit Process Automation in Complex Audit Environments

Blog Highlights

  • Learn the characteristics (and definitions) of a complex Audit environment

  • View examples of organizations facing complex audit environments

  • Understand the four pillars of effective audit automation software

  • Discover the core value proposition of audit process automation in the context of complex audits

  • Uncover the benefits of audit process automation and how they lead to a repeatable, efficient process that removes manual, ad hoc, and unnecessary steps

Feb 2018

Business Intelligence And Analytics In The Place Of GRC Reporting

Blog Highlights

  • Discover why GRC systems must be able to track and maintain historical data as well as relationships between data

  • Learn the advantages offered in advanced methods of report generation versus manual data management

  • Understand why static “snapshots” of information lack intelligence to assist in interpretation or the identification of trends

  • See how Business intelligence (BI) or analytics tools embedded within the GRC platform provide the ability to recognize crucial relationships, and identify trends and insights in a way that is not provided by basic reports

  • Review how Visualization tools impact both the speed of review and the ability of reviewers to draw conclusions and identify trends

Feb 2018

Components Of An Enterprise Risk Reporting And Management Platform

Blog Highlights

  • Glean learning points from interviews with senior Risk Management executives

  • Learn specific key differentiators of Risk Management platforms

  • Understand cross-organization and cross-functional management of governance, assurance, risk, and compliance activities

  • Identify the importance of use-case sensitive work environments, the incorporation of analytics, data visualization capabilities, and configurable workflows

  • Explore the dynamics of each differentiator and identifies potential market needs in light of growing demands for cross-enterprise insight

  • Uncover insights to developing individual user productivity

Feb 2018

ERM - Enterprise Risk Management

What Effective Risk Management Looks Like

Blog Highlights

  • Understanding the holistic awareness of risks

  • Establishing risk culture and policy

  • Integrating risk strategy with business strategy

  • Benefits of multi-dimensional risk analysis and planning

  • Visibility of risks in relation to performance and strategy

  • Reaping additional benefits by increasing risk management maturity

Jan 2018

Best Case And Worst Case Scenarios In GRC Implementations

Blog Highlights

  • Building from a clear vision of business needs and process change

  • Aligning implementation milestones to business value requirements

  • Involving IT at the earliest stage of the investment

  • Seeking configurability over customization, where possible

Jan 2018

Including IT Is Crucial To GRC Implementation Strategy

Blog Highlights

  • Understanding the importance of including IT leadership from the start

  • Need to involve IT expertise with enterprise platform implementations equally along with their peers in other areas of the organization

  • Learning the key IT questions related to the success of the implementation

  • Ensuring that IT is not left to solely coordinate with the vendor and outside consultants to “make it work”

  • Involving IT in the identification of potential issues which can impact solution selection and deployment plans

  • The Costs of Customization

Jan 2018

The Key Factors That Contribute To GRC Implementation Effectiveness

Blog Highlights

  • Discovering significant differences in the characteristics, strategies, and methods adopted in GRC implementations

  • Uncovering characteristics that necessarily impact cost and length of the GRC implementation

  • Learning the key factors involved with GRC implementation costs, challenges, and delays

  • Understanding factors that make a difference in practice and prioritization, such as solution evaluation/project planning, implementation strategic development, and technical needs assessments and deployment

Jan 2018

How To Minimize The Cost And Time Required in GRC Implementation

Blog Highlights

  • Helping organizations to manage the complexities of business processes and organizational change

  • Improving visibility into and mitigation of risk factors while reducing manual efforts on the part of compliance management, risk management, and other stakeholders

  • Discovering how implementation delays and missteps result in unnecessary costs

  • Identifying and avoiding common implementation obstacles

Jan 2018

ERM - Enterprise Risk Management

Why Enterprise Risk Management (ERM) is Critical to Modern Business

Blog Highlights

  • Managing risk effectively to achieve optimal operational performance and meet strategic objectives

  • Gauging the impact risk has on strategy, performance, project, process, department, division, and enterprise levels

  • Gathering information needed to quickly respond to and avoid risk exposure, and also to seize risk-based opportunities

  • Monitoring key risk indicators across critical projects and processes

  • Optimally measuring and modeling risk

Nov 2017

GRC Implementation Success

Part 8: Future Proofing GRC

Blog Highlights

  • Extending the life-cycle of your GRC platform investment

  • Continuing the value of the GRC platform

  • How to handle change

  • Re-looking at application configurability

  • Anticipated changes in Information needs

  • Benefits of Embedded Business Intelligence (BI) and Analytics

Nov 2017

GRC Implementation Success

Part 7: Deployment as a Project and a Partnership

Blog Highlights

  • Disciplined adherence to implementation project management fundamentals

  • Cultivation of a close, collaborative relationship with the vendor through the implementation

  • Effective Project Management

  • Using the Project Plan and Schedule

  • The Dedicated Project Manager

  • Vendor Engagement and Deployment Support

Oct 2017

GRC Implementation Success

Part 6: Cloud Matters (but not all Clouds are Created Equal)

Blog Highlights

  • The Role of Cloud in Technical Deployment

  • Factors Contributing to the Success of the KBR Implementation

  • Different Cloud Models Affect Implementation Differently

  • Relative Technical Deployment Impact by Cloud Model

  • Evaluating Cloud Options

Sep 2017

GRC Implementation Success

Part 5: Application Tailoring Without Extended Deployment

Blog Highlights

  • Why Do We Customize GRC

  • The Importance of Application Configurability

  • Factors Contributing to the Success of an Implementation

  • Levels of Configurability

Aug 2017

GRC Implementation Success

Part 4: The “Show Me” Approach to Vendor Evaluation

Blog Highlights

  • The importance of “How” in addition to “What” in vendor evaluation process.

  • The need for a “Show Me” Approach

  • Critical Data Points in the RFP Process

  • Vendor Demonstrations – Accurately adhering to the demo “script”

Aug 2017

GRC Implementation Success

Part 3: Business Requirement Definition

Blog Highlights

  • Defining Business Processes and Needs

  • Requirements of a Controls Management Platform Sourced by Business Need

  • Defining Business Requirements

  • Understanding the Relationship to the Effectiveness of the Implementation

Aug 2017

GRC Implementation Success

Part 2: GRC’s Place in the Business

Blog Highlights

  • Common business role and objectives that underlie the various use cases for GRC

  • Essential Elements of GRC

  • GRC’s Role in the Business

  • Essential Business Drivers of GRC

Jul 2017

GRC Implementation Success

Part 1: Implementation Success is GRC Success

Blog Highlights

  • Implementation success is a key factor in the overall success or failure of an organization’s GRC investment.

  • Charting Implementation Success and Failure

  • Profiles of Best Case and Worst Case Implementations

  • The Relationship between Implementation Success and Investment Success

People Who Trust Us