Your SlideShare is downloading. ×
0
GRC for the Little Guys.
How Abiomed faces its compliance reporting challenges.
              Sharon Kaiser, CIO, Abiomed
...
Introducing




       Sharon Kaiser         Dan Wilhelms
       CIO – Abiomed      President – SymSoft




              ...
Agenda
•   About Abiomed & SymSoft Corporation
•   What is Sarbanes-Oxley (SOX) compliance?
•   Why SMEs should care
•   G...
About Abiomed
• Abiomed (NASDAQ: ABMD) is a global technology
  leader focused on RECOVERING HEARTS AND
  SAVING LIVES
• T...
Who is Abiomed
                                                                2010 Impella® 2.5 >1700 patients and in
   ...
About SymSoft Corporation
•   Makers of Governance, Risk and Compliance (GRC)
    solutions for SAP environments
•   Spin-...
Agenda
•   About Abiomed & SymSoft Corporation
•   What is Sarbanes-Oxley (SOX) compliance?
•   Why SMEs should care
•   G...
The Sarbanes-Oxley Act of 2002
• “Since when is it illegal to shaft innocent people
  for personal gain?” - 2002




     ...
About the Sarbanes-Oxley Act of 2002
• What is the intent of the Act?
   • Creation of a new standard for reporting of int...
Section 404 Compliance
  … “Establishing and maintaining an adequate internal
             control structure” … From Secti...
Differences Between Controls
• What’s the difference between a preventative
  and a mitigating control?
   • Preventative ...
What Are Segregation of Duty (SOD) Controls?

• Primary control of Section 404 intended to prevent or
  decrease the risk ...
What Are Excessive Access Controls?
•   Primary control of Section 404 intended to prevent or
    decrease the risk of err...
The “New” World with Management Involvement




                      Professional Solutions for Compliance Automation
   ...
Agenda
•   About Abiomed & SymSoft Corporation
•   What is Sarbanes-Oxley (SOX) compliance?
•   Why SMEs should care
•   G...
Why Should You Care About SOX Compliance?

• Documentation
   • Documented business processes work better
   • Documentati...
Why Should You Care About SOX Compliance?

•   Cost of errors
     • Inappropriate access can lead to invalid transaction ...
Why Should You Care About SOX Compliance?

• Protection of trade secrets
   • Excessive access can allow users to download...
Getting Started with SOX
• Focus more on documenting and maintaining
  your business processes
   • Develop formal require...
5 Things SMEs Can Do
• Monitor security
• Implement parameters for logons and passwords
• Reduce sensitive authorizations
...
Agenda
•   About Abiomed & SymSoft Corporation
•   What is Sarbanes-Oxley (SOX) compliance?
•   Why SMEs should care
•   G...
Abiomed’s Situation
• Abiomed is a small company but publicly traded,
  requiring compliance with the Sarbanes-Oxley act
•...
Abiomed’s Challenges
•   Being such a small company, we were constantly struggling
    with identifying and managing our S...
Goal 1. Cost Reductions and Efficiencies
• Objectives:
   • Reduce the time, expense, and distractions associated with
   ...
Goal 2. Risks and Mitigation
•   Objectives:
    • Eliminate potential audit risks due to complex user access
      requir...
Goal 3. Compliance & Reporting
• Objectives:
   • Ensure Abiomed is meeting requirements
   • Automate monitoring and repo...
Solution Selected: Why SymSoft was Chosen
• Read a lot of press on governance and risk mitigation
  solutions
• Didn’t fee...
Agenda
•   About Abiomed & SymSoft Corporation
•   What is Sarbanes-Oxley (SOX) compliance?
•   Why SMEs should care
•   G...
Solution Implemented
•   One Solution – “2nd Generation” SymSoft ControlPanelGRC
    – met Abiomed’s needs; multiple compo...
Drill Down: Risk Analyzer
•   Comes with a set of pre-defined business rules that can be
    customized based on Abiomed’s...
The Risk was Already Defined in Abiomed’s Rulebook




                         Professional Solutions for Compliance Auto...
Was Able to Identify Functions Identified for the Risk




                         Professional Solutions for Compliance ...
Was then Able to Locate Users That Could Violate Risk




                         Professional Solutions for Compliance A...
Can Even Identify if a User has Executed the Risk




                        Professional Solutions for Compliance Automa...
Answering Goal 1. Cost Reduction and Efficiencies

• Automated processing of change request transports
  for review and ap...
Return on Investment – Specific Results
•   Reduced the time, expense, and distractions associated
    with manual audits
...
Answering Goal 2. Risks and Mitigation
• Real-time risk analysis and mitigation of
  authorizations for SOD and sensitive ...
Risk Mitigation – Specific Results
• Receive immediate notification of activation of
  Emergency Access (Firecall) activit...
Answering Goal 3: Compliance and Reporting
• Scheduling and automatic execution of predefined or
  custom compliance repor...
Compliance & Reporting – Specific Results
• Receive reports that are required to support defined
  audit controls, either ...
What Abiomed Learned
•   There are reasonably priced GRC solutions on the market to
    meet a small company’s requirement...
Best Practices
•   Don’t tolerate energy sapping manual processes – look for
    a solution
•   Seek to “embed compliance”...
Key Learnings
• Smaller publically traded and other regulated
  enterprises face special challenges in
  addressing audit ...
Questions & Answers




         For more information please contact:
         Kevin Dunne
         Phone: 414-292-3113
  ...
For ControlPanelGRC
case studies, articles, and archived
       webinars please visit
   www.controlpanelgrc.com

        ...
Upcoming SlideShare
Loading in...5
×

GRC for the Little Guys. How Abiomed faces its SAP compliance reporting challenges.

1,026

Published on

Like many smaller, regulated enterprises, medical device manufacturer Abiomed is required to operate its SAP systems according to the same standards as large publicly traded enterprises under Sarbanes-Oxley (SOX) legislation. With a small IT staff and numerous initiatives, Abiomed was able to turn "pain into gain" with several strategies that kept its Total Cost of Compliance within reason.

In this webinar Sharon Kaiser, CIO at Abiomed and Dan Wilhelms, President of SymSoft to learn how Abiomed:

- Established a pro-active working relationship with its internal and external auditors
-Utilized new GRC software solutions
-Tactically used external resources to streamline costs and turn its compliance mandates into a strategic asset.

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,026
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
42
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Transcript of "GRC for the Little Guys. How Abiomed faces its SAP compliance reporting challenges."

  1. 1. GRC for the Little Guys. How Abiomed faces its compliance reporting challenges. Sharon Kaiser, CIO, Abiomed Dan Wilhelms, CEO, SymSoft Corporation Professional Solutions for Compliance Automation www.ControlPanelGRC.com
  2. 2. Introducing Sharon Kaiser Dan Wilhelms CIO – Abiomed President – SymSoft Professional Solutions for Compliance Automation www.ControlPanelGRC.com
  3. 3. Agenda • About Abiomed & SymSoft Corporation • What is Sarbanes-Oxley (SOX) compliance? • Why SMEs should care • Getting started with SOX: 5 things SMEs can do • Abiomed’s Situation • Abiomed’s Challenges • Organizational Compliance Goals • Solution Selected • Solution Implemented • Results • Best Practices • Questions Professional Solutions for Compliance Automation www.ControlPanelGRC.com 3
  4. 4. About Abiomed • Abiomed (NASDAQ: ABMD) is a global technology leader focused on RECOVERING HEARTS AND SAVING LIVES • The company develops, manufactures and markets advanced medical technologies designed to assist or replace the pumping function of the failing heart • Abiomed Market Overview • Global leader for products in acute heart failure market • Ships more Ventricle Assist Devices (VADs) than any other company worldwide Professional Solutions for Compliance Automation www.ControlPanelGRC.com 4
  5. 5. Who is Abiomed 2010 Impella® 2.5 >1700 patients and in • Medical Device manufacturer over 350 hospitals in the U.S. headquartered in Massachusetts 2009 Impella 5.0 available in U.S. for with additional mfg facility in broad clinical use Germany 2009 AB Portable™ driver FDA approved • Over 300+ employees and first patient discharge • Experts in Pumping Blood for over 2008 Impella 2.5 FDA cleared in U.S. for 25 years broad clinical use • World’s smallest heart pumps for 2005 Impella Available in Europe cardiologists and surgeons 2001 First AbioCor Artificial Heart • Over 200 patents or patents patient pending from over $200m in R&D ® 1992 First FDA approved VAD • Over 12,000 patients supported in over 40 countries worldwide 1987 First heart recovery patient 1981 Abiomed Founded Professional Solutions for Compliance Automation www.ControlPanelGRC.com HCS-P110-051509 5
  6. 6. About SymSoft Corporation • Makers of Governance, Risk and Compliance (GRC) solutions for SAP environments • Spin-off of Milwaukee-based Symmetry Corporation • 14 years of technical implementation solutions for the SAP and Enterprise Security marketplace • One of the largest dedicated SAP Basis/security consulting organizations in the U.S. • 10 years of software development and marketing experience • Previous reseller of Virsa (now SAP GRC) • 200 SAP implementations • 90 outsourcing customers • SAP Certified Hosting Partner Professional Solutions for Compliance Automation www.ControlPanelGRC.com 6
  7. 7. Agenda • About Abiomed & SymSoft Corporation • What is Sarbanes-Oxley (SOX) compliance? • Why SMEs should care • Getting started with SOX: 5 things SMEs can do • Abiomed’s Situation • Abiomed’s Challenges • Organizational Compliance Goals • Solution Selected • Solution Implemented • Results • Best Practices • Questions Professional Solutions for Compliance Automation www.ControlPanelGRC.com 7
  8. 8. The Sarbanes-Oxley Act of 2002 • “Since when is it illegal to shaft innocent people for personal gain?” - 2002 Professional Solutions for Compliance Automation www.ControlPanelGRC.com 8
  9. 9. About the Sarbanes-Oxley Act of 2002 • What is the intent of the Act? • Creation of a new standard for reporting of internal control effectiveness, design, and documentation • Creation of management accountability for internal controls • Which companies are required to comply? • Companies publically traded on U.S. stock exchanges • Regulated industries (e.g. food, pharmaceutical, hazmat) • Which sections are applicable to SAP operations? • Section 404 requires CEO, CFO, and auditors to confirm the design and effectiveness of internal controls Professional Solutions for Compliance Automation www.ControlPanelGRC.com 9
  10. 10. Section 404 Compliance … “Establishing and maintaining an adequate internal control structure” … From Section 404 • Four parts to Section 404 compliance 1. Take an inventory of internal controls • Where are they sufficient and deficient? • Assess those controls against a framework to measure or rate their effectiveness 2. Document how the controls have been assessed • Policies and procedures will be used to remedy any control deficiencies 3. Test to ensure that the controls work as intended 4. Management must incorporate phase 1-3 activities into a formal report Professional Solutions for Compliance Automation www.ControlPanelGRC.com 10
  11. 11. Differences Between Controls • What’s the difference between a preventative and a mitigating control? • Preventative controls prohibit inappropriate access • Authorizations, configuration, user-exits, and so on • Mitigating controls rely on other processes to identify inconsistencies • You’re allowed to do something potentially wrong, but we can track what you did • Alerts, periodic reporting, system monitoring Professional Solutions for Compliance Automation www.ControlPanelGRC.com 11
  12. 12. What Are Segregation of Duty (SOD) Controls? • Primary control of Section 404 intended to prevent or decrease the risk of errors or irregularities • Requires the assignment of conflicting “duties” to different employees • Generally involve transactions that permit data modification • Examples: • Creation of vendor and purchase order could result in purchase orders being issued to fictitious vendors • Creation of purchase order and ability to receive goods could result in goods being procured for personal instead of business reasons Professional Solutions for Compliance Automation www.ControlPanelGRC.com 12
  13. 13. What Are Excessive Access Controls? • Primary control of Section 404 intended to prevent or decrease the risk of errors or irregularities • Authorization to sensitive transactions or authorizations that are not required for normal job function • Authorization to sensitive system functions that could impact data confidentiality, availability, and integrity • Generally permit data modification • Examples: • Customer service representatives should not be able to create vendors • End users should not have S_ADMI_FCD with value of “RSET” because they could delete data without archiving Professional Solutions for Compliance Automation www.ControlPanelGRC.com 13
  14. 14. The “New” World with Management Involvement Professional Solutions for Compliance Automation www.ControlPanelGRC.com 14
  15. 15. Agenda • About Abiomed & SymSoft Corporation • What is Sarbanes-Oxley (SOX) compliance? • Why SMEs should care • Getting started with SOX: 5 things SMEs can do • Abiomed’s Situation • Abiomed’s Challenges • Organizational Compliance Goals • Solution Selected • Solution Implemented • Results • Best Practices • Questions Professional Solutions for Compliance Automation www.ControlPanelGRC.com 15
  16. 16. Why Should You Care About SOX Compliance? • Documentation • Documented business processes work better • Documentation provides training for new employees • Increases efficiency by identifying processes required for completion • Reduction in errors • Users are restricted to authorized functions and therefore cannot accidentally change or delete data • Example: Accidental modification to vendor address impacts delivery of AP payments Professional Solutions for Compliance Automation www.ControlPanelGRC.com 16
  17. 17. Why Should You Care About SOX Compliance? • Cost of errors • Inappropriate access can lead to invalid transaction processing • Example: Incorrectly scrapped materials may be re-manufactured to ensure availability for customer resale • Loss of customers • Incorrect documents can be sent to partners via invalid transaction processing • Example: Accidental modification of customer address impacts delivery location for sales orders • Fraud happens • Fraud can impact all levels of an organization • Example: Warehouse employee could receive goods and then hide them by adjusting the physical inventory count Professional Solutions for Compliance Automation www.ControlPanelGRC.com 17
  18. 18. Why Should You Care About SOX Compliance? • Protection of trade secrets • Excessive access can allow users to download information related to proprietary processes or methodologies that are not required in their job function • Example: Employees with excessive authorization could download company recipes before accepting a new position at a competitor • Preserve confidential information • Excessive access can allow users to view sensitive company data, including customer pricing, material costs, or employee master data • Example: Employee with inappropriate access could review their performance appraisal before it has been completed Professional Solutions for Compliance Automation www.ControlPanelGRC.com 18
  19. 19. Getting Started with SOX • Focus more on documenting and maintaining your business processes • Develop formal requirements for documentation and controls for business processes • Think about how to measure and control the execution of your business processes • Start at “what could go wrong” and work back to reports that can identify instances • Implement controls and recommendations detailed in “The 5 Things SMEs Can Do” Professional Solutions for Compliance Automation www.ControlPanelGRC.com 19
  20. 20. 5 Things SMEs Can Do • Monitor security • Implement parameters for logons and passwords • Reduce sensitive authorizations • Establish security change controls and documentation • Implement periodic user maintenance processes Professional Solutions for Compliance Automation www.ControlPanelGRC.com 20
  21. 21. Agenda • About Abiomed & SymSoft Corporation • What is Sarbanes-Oxley (SOX) compliance? • Why SMEs should care • Getting started with SOX: 5 things SMEs can do • Abiomed’s Situation • Abiomed’s Challenges • Organizational Compliance Goals • Solution Selected • Solution Implemented • Results • Best Practices • Questions Professional Solutions for Compliance Automation www.ControlPanelGRC.com 21
  22. 22. Abiomed’s Situation • Abiomed is a small company but publicly traded, requiring compliance with the Sarbanes-Oxley act • Risk management is a high priority for Abiomed’s controller • After years of bottoms-up SOX controls, we wanted to focus on more top-down, broader risk based controls • We needed something affordable that could help in three major areas: • Cost Reduction and Efficiencies • Risks and Mitigation • Compliance & Reporting Professional Solutions for Compliance Automation www.ControlPanelGRC.com 22
  23. 23. Abiomed’s Challenges • Being such a small company, we were constantly struggling with identifying and managing our SOD (segregation of duties) issues on a global basis – US and Europe • Most of our IT general controls were managed manually and tested manually • Information was available, but limited and hard to obtain making compliance reporting labor intensive, both for IT and for our business partners • We have a very limited IT staff that has to be knowledgeable of, and stay on top of, IT SOX controls on a daily basis • A substantial amount of IT time is required, in a short period of time, to prepare for and support the SOX audits Professional Solutions for Compliance Automation www.ControlPanelGRC.com 23
  24. 24. Goal 1. Cost Reductions and Efficiencies • Objectives: • Reduce the time, expense, and distractions associated with audits and allow more time on higher value work • Automate data gathering, monitoring and reporting • Automate and streamline user and role maintenance in SAP • Challenges: • Some audit requests required data reconstruction • Audit test data requests had to be pulled manually and were highly labor intensive • Quarterly SOD reports had to be compiled and distributed manually, requiring constant and repeated follow-up to obtain approvals Professional Solutions for Compliance Automation www.ControlPanelGRC.com 24
  25. 25. Goal 2. Risks and Mitigation • Objectives: • Eliminate potential audit risks due to complex user access requirements • Consolidate data and processes • Provide more efficient and timely review of SAP emergency access and super roles • Challenges: • Some functional owners didn’t understand the content of the SOD reports or the purpose of their review - or even initial approval of role requests • Change management transports required routing and approval from multiple business owners • Emergency access review was conducted monthly by manual review – too late to really question or prevent abuse Professional Solutions for Compliance Automation www.ControlPanelGRC.com 25
  26. 26. Goal 3. Compliance & Reporting • Objectives: • Ensure Abiomed is meeting requirements • Automate monitoring and reporting • Move to exception based reporting • Provide on-line, on-demand reporting and review capability • Provide more information, with higher value and less work • Challenges: • Native compliance reporting in SAP difficult to obtain, usually requiring reformatting and manual compilation • Data was for the most part available, but hard to find, extract and report Professional Solutions for Compliance Automation www.ControlPanelGRC.com 26
  27. 27. Solution Selected: Why SymSoft was Chosen • Read a lot of press on governance and risk mitigation solutions • Didn’t feel Abiomed could internally justify ‘any’ purchase • Too many competing requests for funds in a growing business required to support R&D and manufacturing • Symmetry had done a webinar to our controller and sold the benefits of SymSoft months earlier • SymSoft later made a reasonable offer that we just couldn’t turn down • We decided to leverage our existing partnership with Symmetry and evolve to the next level with SymSoft Professional Solutions for Compliance Automation www.ControlPanelGRC.com 27
  28. 28. Agenda • About Abiomed & SymSoft Corporation • What is Sarbanes-Oxley (SOX) compliance? • Why SMEs should care • Getting started with SOX: 5 things SMEs can do • Abiomed’s Situation • Abiomed’s Challenges • Organizational Compliance Goals • Solution Selected • Solution Implemented • Results • Best Practices • Questions Professional Solutions for Compliance Automation www.ControlPanelGRC.com 28
  29. 29. Solution Implemented • One Solution – “2nd Generation” SymSoft ControlPanelGRC – met Abiomed’s needs; multiple components; written in ABAP • Risk Analyzer – SOD and sensitive authorization analysis • Usage Analyzer – Tracking & reporting of actual system usage • Transport Manager – Automates change request process via workflow, with audit trail • User and Role Manager – Automated workflows to optimize security administration • Emergency Access Manager – Temporary authorization and tracking to troubleshoot production issues • AutoAuditor – Automated execution and delivery of compliance reports • Batch Manager – Central scheduling and monitoring of batch jobs Professional Solutions for Compliance Automation www.ControlPanelGRC.com 29
  30. 30. Drill Down: Risk Analyzer • Comes with a set of pre-defined business rules that can be customized based on Abiomed’s specific needs • Allows real-time review of SOD and sensitive authorization risks • Routes new role requests to a designated functional owner identifying any potential risk identified by the Rulebook • Real life Abiomed example: Prior to a recent audit, I needed to identify and provide information regarding an identified risk: • Does any user have the ability to create a sales order and the ability to change a customer’s credit limit? Professional Solutions for Compliance Automation www.ControlPanelGRC.com 30
  31. 31. The Risk was Already Defined in Abiomed’s Rulebook Professional Solutions for Compliance Automation www.ControlPanelGRC.com 31
  32. 32. Was Able to Identify Functions Identified for the Risk Professional Solutions for Compliance Automation www.ControlPanelGRC.com 32
  33. 33. Was then Able to Locate Users That Could Violate Risk Professional Solutions for Compliance Automation www.ControlPanelGRC.com 33
  34. 34. Can Even Identify if a User has Executed the Risk Professional Solutions for Compliance Automation www.ControlPanelGRC.com 34
  35. 35. Answering Goal 1. Cost Reduction and Efficiencies • Automated processing of change request transports for review and approval • Abiomed has a specific requirement that 3 functional owners must review and approve any transport to production • Configurable workflow to route requests to appropriate parties for review and approval • Extensive change request tracking and reporting that allows easy access to details for our auditors • Acceleration of day-to-day SAP security administration via workflow and automatic provisioning Professional Solutions for Compliance Automation www.ControlPanelGRC.com 35
  36. 36. Return on Investment – Specific Results • Reduced the time, expense, and distractions associated with manual audits • Actual 50% reduction in time spent by 3rd party pre-auditors • Reduction in internal staff time spent supporting ad hoc requests from external audit • Reduction in time spent analyzing and mitigating SOD issues • Significantly reduced time spent on compiling, distributing and following-up on Abiomed quarterly SOD reports • One week prep time condensed to two hour review time by IT resource • Review and approval by 7 functional owners received within one week time period versus 5 months with paper process • Workflow distribution • Electronic approval documented and captured Professional Solutions for Compliance Automation www.ControlPanelGRC.com 36
  37. 37. Answering Goal 2. Risks and Mitigation • Real-time risk analysis and mitigation of authorizations for SOD and sensitive authorization risks • Pre-defined and customizable Rulebook to meet Abiomed’s specific needs • Automatic monitoring of transaction execution and alerts to compliance owners • Integrated role management via workflows that provide risk analysis, owner approval and facilitated request processing • Immediate notification for emergency access with activity monitoring and reporting Professional Solutions for Compliance Automation www.ControlPanelGRC.com 37
  38. 38. Risk Mitigation – Specific Results • Receive immediate notification of activation of Emergency Access (Firecall) activity • Previously, IT management team would meet monthly and review prior month’s firecall activity • Reviews are now done upon close of emergency access and any questions and potential mitigation activities can be timely • During audit preparation, Risk Analyzer identified user with the ability to create a sales order and the ability to change a customer’s credit limit (previous example) • Was able to address and mitigate before actual audit started Professional Solutions for Compliance Automation www.ControlPanelGRC.com 38
  39. 39. Answering Goal 3: Compliance and Reporting • Scheduling and automatic execution of predefined or custom compliance reports, routed to predefined users for review • Sensitive role and profile assignments • Mitigating control assignments • Invalid logon attempts or initial passwords • User and role changes over a time period • Management of batch jobs providing central scheduling and monitoring of batch processes • Provides documentation and monitoring of batch jobs • Notifies appropriate owners of job success or failure, with the appropriate details Professional Solutions for Compliance Automation www.ControlPanelGRC.com 39
  40. 40. Compliance & Reporting – Specific Results • Receive reports that are required to support defined audit controls, either from an event trigger or via a time requirement • For example, the first of each month, IT management receives the following reports for review and analysis: • System Environment Report • Critical Authorizations Report • Inactive Logons • Non-Employee Logons • Users with SAP_ALL Professional Solutions for Compliance Automation www.ControlPanelGRC.com 40
  41. 41. What Abiomed Learned • There are reasonably priced GRC solutions on the market to meet a small company’s requirements • First, identify your goals and what you actually need • Find the solution that fits your goals and don’t overbuy • Deployment was quick and painless – almost a non-event • Be prepared and plan the transition – change in processes? training requirements? • Understand what you are getting and determine what functionality you will use and how • The controller and his team are all over risk mitigation – get the business involved and don’t make this an IT solution only • SOX Audits don’t have to be quite so time consuming and painful! Professional Solutions for Compliance Automation www.ControlPanelGRC.com 41
  42. 42. Best Practices • Don’t tolerate energy sapping manual processes – look for a solution • Seek to “embed compliance” – automate capture of audit data at the time of execution • Enable ad hoc, on-demand audit reporting • Look for tools that will streamline routine IT operations • More time supporting initiatives, less time “keeping the lights on” • Embrace GRC – view it as a tool for innovation, not as a necessary evil • Understand management’s need for GRC data • What does the CFO lose sleep over? Professional Solutions for Compliance Automation www.ControlPanelGRC.com 42
  43. 43. Key Learnings • Smaller publically traded and other regulated enterprises face special challenges in addressing audit and compliance concerns • Creativity and newly available solutions can reduce the cost and complexity of compliance • Efforts in preparing for audits can be streamlined and become less intrusive Professional Solutions for Compliance Automation www.ControlPanelGRC.com 43
  44. 44. Questions & Answers For more information please contact: Kevin Dunne Phone: 414-292-3113 Email: kdunne@sym-corp.com Professional Solutions for Compliance Automation www.ControlPanelGRC.com
  45. 45. For ControlPanelGRC case studies, articles, and archived webinars please visit www.controlpanelgrc.com Thank You! Professional Solutions for Compliance Automation www.ControlPanelGRC.com
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×