Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Integrated GRC, financial justification
Stockholm – 15th of May, 2014
Rob van Straten
2
We are ranked
as a leader
by all
industry
analysts for
consecutive
6 years
All customers use
the same
configurable GRC
p...
3
BWise supports all GRC functions
4
Banking
OpRisk Cycle
Risk Identification
RCSA
Loss & Incident Management
Action Management Risk Framework
Capital Calcul...
5
Maintain Audit Universe
Workpaper Management
Audit Reporting
Findings & Issue Tracking
Yearly Audit Plan
Detailed Audit ...
6
Integrated GRC - Common Risk Language
Confidential information – Copyright 2013 BWise
Frameworks drive reporting
7
Operational Risk Management Dashboard
8
Personal Dashboard
9
Gerard Parker
Risk Management (RM)
Michael Bauer
Internal Control (IC)
Jackie McLaren
Compliance &
Policy Mngt (CPM)
Dam...
10
Data Driven Risk Management and Compliance
Business SystemsIT Management Systems
Assets
CMDB
Vulnerability
Management
I...
11
FINANCIAL JUSTIFICATION OF
INTEGRATED GRC
12
report
Internal
Audit
HR Finance Business R&D
Supply
chain
Com-
pliance
ERM
ORM
Internal
Control
report report report
F...
13
HR Finance Business R&D
Supply
chain
Integrated GRC platform
IA, ERM/ORM, Compliance, Internal Control
Asking
questions...
14
The 3 Elements of Benefit
Efficiency
improvement
Loss Prevention
Performance Enhancement
Improved Steering
Possible to ...
15
Improved Steering
“After a risk assessment gave
us better insights into our
supply chain risks, we have
made ample inve...
16
Non-Compliance Financial Consequences
108M USD
384M USD
36M USD
250M USD
13,2M USD
48M USD
398M USD
700k USD
4M USD
4,5...
17
Sample Fines
18
C-Level: Held Personally Responsible
Confidential information – Copyright 2013 BWise
19
Elements of Efficiency Improvement
IT Cost
• IT infrastructure cost
– Hardware
– Software
• IT maintenance cost
• IT st...
20
Cost Reduction – IT Systems
-2 000 000
-1 000 000
0
1 000 000
2 000 000
3 000 000
4 000 000
5 000 000
6 000 000
Cost Sa...
21
22
How to start the eGRC Journey? Practical advice
Create
IT vision
for eGRC
Develop unified
taxonomy;
single Risk
languag...
Upcoming SlideShare
Loading in …5
×

Integrated GRC

5,379 views

Published on

Presentation från GRC 2014 den 15 maj. Kontakta gärna talaren om du har några frågor. Hela schemat för eventet hittar du här: http://www.transcendentgroup.com/sv/har-har-du-hela-schemat-for-grc-2014/

  • Be the first to comment

Integrated GRC

  1. 1. Integrated GRC, financial justification Stockholm – 15th of May, 2014 Rob van Straten
  2. 2. 2 We are ranked as a leader by all industry analysts for consecutive 6 years All customers use the same configurable GRC platform Upgrades take one hour global alliance program: >200 certified consultants 400+ Global customers >1 million users Global leader in Integrated GRC software BWise® GRC platform supports ‘GRC groups’:  Risk Management  Internal Audit  Internal Control  Compliance & Policy Management  IT GRC  Sustainability Performance Management  Corporate control  Business Continuity Management  Case Management  Continuous Monitoring/Auditing  Best practices Best of breed: Functionality Security Flexibility Scalability Performance
  3. 3. 3 BWise supports all GRC functions
  4. 4. 4 Banking OpRisk Cycle Risk Identification RCSA Loss & Incident Management Action Management Risk Framework Capital Calculation Risk Reporting KRI Management
  5. 5. 5 Maintain Audit Universe Workpaper Management Audit Reporting Findings & Issue Tracking Yearly Audit Plan Detailed Audit Planning Audit Analytics Audit Preparation The Audit Cycle
  6. 6. 6 Integrated GRC - Common Risk Language Confidential information – Copyright 2013 BWise Frameworks drive reporting
  7. 7. 7 Operational Risk Management Dashboard
  8. 8. 8 Personal Dashboard
  9. 9. 9 Gerard Parker Risk Management (RM) Michael Bauer Internal Control (IC) Jackie McLaren Compliance & Policy Mngt (CPM) Damian Thomson IT GRC Kim Lee Sustainability Performance Management (SPM) Integrated BWise® GRC Platform Ann Green Internal Audit (IA) Planning Framework Assessment Data Reports
  10. 10. 10 Data Driven Risk Management and Compliance Business SystemsIT Management Systems Assets CMDB Vulnerability Management Intrusion Detection Log Management Incident Management Identity and Access Management ITGRC GRC ERP HR Consolidation PCI, COBIT, ITIL, ISO27002 ICOFR, SOX, AML, FCPA, ABC, GRI, TAX BWise Enterprise GRC CRM
  11. 11. 11 FINANCIAL JUSTIFICATION OF INTEGRATED GRC
  12. 12. 12 report Internal Audit HR Finance Business R&D Supply chain Com- pliance ERM ORM Internal Control report report report Fragmented data collection Siloed IT systems Duplicative reporting Fragmented GRC: Multiple frameworks and systems, duplicative efforts, multiple versions of the truth
  13. 13. 13 HR Finance Business R&D Supply chain Integrated GRC platform IA, ERM/ORM, Compliance, Internal Control Asking questions once Integrated GRC platform Integrated reporting Integrated GRC: Single framework and system, reusing information, one version of the truth reports
  14. 14. 14 The 3 Elements of Benefit Efficiency improvement Loss Prevention Performance Enhancement Improved Steering Possible to prove Possible to claim Possible to prove Hard to claim Hard to prove Hard to claim
  15. 15. 15 Improved Steering “After a risk assessment gave us better insights into our supply chain risks, we have made ample investments in our partner supply network, which has prevented major damage after the Fukushima disaster.” “With our risk management program, we were able to reduce our regulatory capital charge by ## million, which has given us ## extra revenue with ## extra profit.”
  16. 16. 16 Non-Compliance Financial Consequences 108M USD 384M USD 36M USD 250M USD 13,2M USD 48M USD 398M USD 700k USD 4M USD 4,5M USD 492M USD 754,4M USD
  17. 17. 17 Sample Fines
  18. 18. 18 C-Level: Held Personally Responsible Confidential information – Copyright 2013 BWise
  19. 19. 19 Elements of Efficiency Improvement IT Cost • IT infrastructure cost – Hardware – Software • IT maintenance cost • IT staffing cost • Upgrades & Updates • Training cost Process Efficiencies • Reporting efficiency • Issue tracking efficiency • Control testing efficiency • Risk assessment efficiency • Incident management efficiency • Compliance tracking efficiency • Risk monitoring efficiency • …
  20. 20. 20 Cost Reduction – IT Systems -2 000 000 -1 000 000 0 1 000 000 2 000 000 3 000 000 4 000 000 5 000 000 6 000 000 Cost Savings Cost Saving Cumulative Cost Saving
  21. 21. 21
  22. 22. 22 How to start the eGRC Journey? Practical advice Create IT vision for eGRC Develop unified taxonomy; single Risk language define pain points and/or quick wins Reduce complexity by Best Practices and Standards It’s a journey, not a destination Connect Risks to processes and define controls

×