integrated grc

Integrated GRC, financial justification

Stockholm – 15th of May, 2014

Rob van Straten

2

We are ranked

as a leader

by allindustry

analysts for

consecutive

6 years

All customers use

the sameconfigurable GRC

platform

Upgrades take

one hour

global alliance

program:

>200 certified

consultants

400+ Global

customers

>1 million users

Global leader in

IntegratedGRC

software

BWise® GRC platform

supports ‘GRC groups’:

Risk Management

Internal Audit

Internal Control

Compliance & Policy Management

IT GRC

Sustainability Performance

Management

Corporate control

Business Continuity Management

Case Management

Continuous

Monitoring/Auditing

Best practices

Best of breed:

Functionality

Security

Flexibility

Scalability

Performance

3

BWise supports all GRC functions

4

Banking

OpRisk Cycle

Risk Identification

RCSA

Loss & Incident Management

Action Management Risk Framework

Capital Calculation

Risk Reporting

KRI Management

5

Maintain Audit Universe

Workpaper Management

Audit Reporting

Findings & Issue Tracking

Yearly Audit Plan

Detailed Audit Planning

Audit Analytics

Audit Preparation

The Audit Cycle

6

Integrated GRC - Common Risk Language

Confidential information – Copyright 2013 BWise

Frameworks drive reporting

7

Operational Risk Management Dashboard

8

Personal Dashboard

9

Gerard Parker

Risk Management (RM)

Michael Bauer

Internal Control (IC)

Jackie McLaren

Compliance &

Policy Mngt (CPM)

Damian Thomson

IT GRC

Kim Lee

Sustainability

Performance

Management (SPM)

Integrated BWise® GRC Platform

Ann Green

Internal Audit (IA)

Planning Framework Assessment Data Reports

10

Data Driven Risk Management and ComplianceBusiness SystemsIT Management Systems

Assets CMDB

Vulnerability

Management

Intrusion

Detection

Log

Management

Incident

Management

Identity and Access ManagementITG

RC G

RC

ER

P

HR

Consolidation

PCI, COBIT, ITIL, ISO27002ICOFR, SOX, AML, FCPA, ABC,

GRI, TAX

BWise Enterprise GRC

CRM

11

FINANCIAL JUSTIFICATION OF

INTEGRATED GRC

12

report

Internal

Audit

HR Finance Business R&DSupply

chain

Com-

plianceERM

ORM

Internal

Control

report report report

Fragmented

data collection

Siloed

IT systems

Duplicative

reporting

Fragmented GRC:

Multiple frameworks and systems, duplicative efforts,

multiple versions of the truth

13

HR Finance Business R&DSupply

chain

Integrated GRC platformIA, ERM/ORM, Compliance, Internal Control

Asking

questions once

Integrated

GRC platform

Integrated

reporting

Integrated GRC:

Single framework and system, reusing information,

one version of the truth

reports

14

The 3 Elements of Benefit

Efficiency

improvement

Loss Prevention

Performance Enhancement

Improved Steering

Possible to prove

Possible to claim

Possible to prove

Hard to claim

Hard to prove

Hard to claim

15

Improved Steering

“After a risk assessment gave

us better insights into our

supply chain risks, we have

made ample investments in our

partner supply network, which

has prevented major damage

after the Fukushima disaster.”

“With our risk management

program, we were able to

reduce our regulatory capital

charge by ## million, which has

given us ## extra revenue with

## extra profit.”

16

Non-Compliance Financial Consequences

108M USD

384M USD

36M USD

250M USD

13,2M USD

48M USD

398M USD

700k USD

4M USD

4,5M USD

492M USD

754,4M USD

17

Sample Fines

18

C-Level: Held Personally Responsible

Confidential information – Copyright 2013 BWise

19

Elements of Efficiency Improvement

IT Cost

• IT infrastructure cost– Hardware

– Software

• IT maintenance cost

• IT staffing cost

• Upgrades & Updates

• Training cost

Process Efficiencies

• Reporting efficiency

• Issue tracking efficiency

• Control testing efficiency

• Risk assessment efficiency

• Incident management efficiency

• Compliance tracking efficiency

• Risk monitoring efficiency

• …

20

Cost Reduction – IT Systems

-2 000 000

-1 000 000

0

1 000 000

2 000 000

3 000 000

4 000 000

5 000 000

6 000 000

Cost Savings

Cost Saving Cumulative Cost Saving

21

22

How to start the eGRC Journey? Practical advice

Create

IT visionfor eGRC

Develop unified taxonomy;

single Risk language

define

pain

points and/or

quick wins

Reduce

complexity by

Best

Practices and

Standards

It’s a

journey, not a

destination

Connect

Risks to

processesand define

controls