Building A Risk Management Program—The Risk Register

Subconsciously, we all manage risk throughout our daily lives. We pack an umbrella in case it rains, (unless we live in the Pacific Northwest where that’s considered unnecessary). We check our car tire pressure and fluid levels before a long road trip. We bring along water for a summer hike, and so on. You can[…]

The Building Blocks Of An Effective, Efficient & Agile Third-party Risk Management Program

This blog is an extract from the white paper Managing Risk & Compliance Across 3rd Party Relationships, written by Michael Rasmussen of GRC 20/20 Research. The paper, in its entirety, can be found by clicking here.   No company is an island. Organizations are a complex and diverse network of business relationships in which risk and[…]

SOX Compliance Solution Implementation Outcomes

SOX Compliance Solution Implementation Outcomes Having completed a full controls test management solution implementation from inception to user rollout in approximately 30 weeks, KBR reports an overall high level of satisfaction. This assessment is derived from reports with respect to a number of outcomes related to implementation processes and objectives, including: Timing: KBR completed its SOX[…]

SOX Compliance Solution Investment and Implementation Process Review

Arriving at the implemented solution from the recognition of investment need is the result of a journey that begins with scoping need and business case and ends with technical implementation and rollout. Invariably, these processes are complex. Often, they are long, extending to a year or more of effort. Notably, KBR accomplished all of these[…]

Business Value Observed In Audit Process Automation

Audit process automation addresses many of the issues associated with a traditional audit approach. In particular, a traditional audit approach does not adequately address the organizational complexity that the audit department faces. The traditional approach to an audit is spreadsheet-based and requires manual processes as data must be transferred from one best-of-breed solution to the[…]

SOX Controls Management and Best Practices in Compliance System Implementation

Governance, risk, and compliance (GRC) solutions provide value by helping organizations to manage the complexity of information management, process execution, and stakeholder coordination within complex compliance or risk management operations. However, as highlighted in Blue Hill Research’s July 2015 Benchmark Report Contributors to GRC Implementation Success: Avoiding Worst- Case Scenarios, the value offered by these[…]

The Impact of Audit Process Automation in Complex Audit Environments

As organizations find increasing pressure both from regulatory bodies and other stakeholders both inside and outside the organizations to comply with a growing list of by laws and regulations, audit departments increasingly find themselves trying to navigate complex audit environments. A complex audit environment differs from a traditional audit environment based on a number of[…]

Investigating And Analyzing The Impact And Business Value Of Multi-Functional Audit Process Automation Strategy

This research report summarizes Blue Hill observations and conclusions following a series of research interviews conducted between February and March 2016. The objective of this research was to investigate and analyze the relative impact and business value of the DoubleCheck audit process automation strategy, solution components, and value propositions described above among organizations confronted by[…]

Components Of An Enterprise Risk Reporting And Management Platform

Risk Management & Reporting For Enterprises Governance, risk, and compliance (GRC) solutions evolved in response to growing information and process complexity of compliance and risk management. Initially launched in large part by Sarbanes-Oxley requirements, GRC has evolved into a full enterprise application for compliance and risk management. While the GRC vendor landscape remains fragmented, the[…]

Best Case And Worst Case Scenarios In GRC Implementations

Blue Hill Research found that companies experiencing Worst-Case GRC implementations largely shared: (1) limited consideration of underlying business needs and process change, (2) lack of involvement of IT stakeholders and consideration of IT needs in implementation planning, (3) big bang solution rollouts, and (4) a large degree of solution customization. The various delays and costs[…]


DoubleCheck ERM One™

An out-of-the-box tool that delivers an integrated ERM process together with a comprehensive, high-level categorization of exposures (Financial, Core Business, Operational and Strategic), fully loaded with over 60 associated, pre-populated risks to be used as a starting point.