Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Expertool GRC Accelerator

1,109 views

Published on

Expertool Governance, Risk and Compliance Accelerator

  • Be the first to comment

  • Be the first to like this

Expertool GRC Accelerator

  1. 1. Expertool GRC Acceleration <ul><li>Improving Time to Value for Enterprise GRC Solutions </li></ul><ul><li>Enabling Cost Effective GRC Agility </li></ul>E X PERTOOL PARADIGM CAPTURING AND APPLYING HUMAN EXPERTISE
  2. 2. Agenda <ul><li>Introductions </li></ul><ul><li>The GRC Problem </li></ul><ul><li>Expertool GRC Acceleration </li></ul><ul><li>Fit Within GRC Environments </li></ul><ul><li>GRC Acceleration Project Deliverables </li></ul><ul><li>GRC Acceleration Project Implementation </li></ul><ul><li>Next Steps </li></ul>
  3. 3. Expertool Overview <ul><li>Consulting for Fortune 500 and international clients </li></ul><ul><li>History of innovation </li></ul><ul><li>Privately held company established in 1996 </li></ul><ul><li>Unique product developed iteratively to solve real-world problems </li></ul><ul><li>Successful engagements in variety of sectors and problem domains: </li></ul>
  4. 4. Expertool Successes
  5. 5. Current State GRC Complexity Source: Expertool Client Presentation Describing Their “Before EM” State 300 analysts 3000+ issues 2500+ SOP documents 20+ groups & divisions Regulatory change is announced! Revised policies, standards, SOP’s and controls developed Impact is assessed Line managers must decide what applies to them and how to implement the change Documented decisions Recommendations, new content delivered Inform vendors Update GRC Application
  6. 6. The GRC Problem <ul><li>GRC involves many experts in many functional areas </li></ul><ul><li>Best-in-class enterprise GRC platforms* take months or years to implement due to the hidden requirement to build the bridge between the vendor’s solution and the company’s compliance architecture, business taxonomy, practices, procedures, and policies. </li></ul><ul><li>Once rolled out to segments of the corporate population, GRC content updates require months for the evaluation of alternatives, change impact analysis, governance approval, technical update and testing, and user retraining. </li></ul>*platforms such as Archer, CA GRC Manager, etc.
  7. 7. Expertool GRC Accelerator <ul><li>Expertool GRC Accelerator is a software-enabled service to help company GRC professionals and their consultants better plan, populate, integrate, and operate their GRC solution </li></ul><ul><li>Our solutions fill the gaps between GRC platforms and complex human activities </li></ul>
  8. 8. Architectural View (Client’s Slide) Source: Expertool Client Presentation Describing Their Architecture <ul><li>Required human tasks optimized, rationalized and centralized </li></ul><ul><li>Automation requirements defined, tested and centralized </li></ul>Upstream Downstream GRC Tool Expertool GRC Acceleration Support for GRC Content Governance
  9. 9. Architectural View (Client’s Slide) Source: Expertool Client Presentation Describing Their Architecture <ul><li>Required human tasks optimized, rationalized and centralized </li></ul><ul><li>Automation requirements defined, tested and centralized </li></ul>Upstream Downstream GRC Tool Expertool GRC Acceleration <ul><li>Phase 1: Consolidate/Update Control Set </li></ul><ul><li>Expertool GRC Acceleration Role: </li></ul><ul><li>Issue Management </li></ul><ul><li>Impact Analysis </li></ul><ul><li>GRC Content Governance </li></ul>Support for GRC Content Governance
  10. 10. Architectural View (Client’s Slide) Source: Expertool Client Presentation Describing Their Architecture <ul><li>Required human tasks optimized, rationalized and centralized </li></ul><ul><li>Automation requirements defined, tested and centralized </li></ul>Upstream Downstream GRC Tool Expertool GRC Acceleration <ul><li>Phase 1: Consolidate/Update Control Set </li></ul><ul><li>Expertool GRC Acceleration Role: </li></ul><ul><li>Issue Management </li></ul><ul><li>Impact Analysis </li></ul><ul><li>GRC Content Governance </li></ul><ul><li>Phase 1: Consolidate/Update Control Set </li></ul><ul><li>Phase 2: Replace Legacy Platform with COTS GRC </li></ul><ul><li>Expertool GRC Acceleration Role: </li></ul><ul><li>Stakeholder Needs and Requirements Analysis </li></ul>Support for GRC Content Governance
  11. 11. Architectural View (Client’s Slide) Source: Expertool Client Presentation Describing Their Architecture <ul><li>Required human tasks optimized, rationalized and centralized </li></ul><ul><li>Automation requirements defined, tested and centralized </li></ul>Upstream Downstream GRC Tool Expertool GRC Acceleration <ul><li>Phase 1: Consolidate/Update Control Set </li></ul><ul><li>Expertool GRC Acceleration Role: </li></ul><ul><li>Issue Management </li></ul><ul><li>Impact Analysis </li></ul><ul><li>GRC Content Governance </li></ul><ul><li>Phase 1: Consolidate/Update Control Set </li></ul><ul><li>Phase 2: Replace Legacy Platform with COTS GRC </li></ul><ul><li>Expertool GRC Acceleration Role: </li></ul><ul><li>Stakeholder Needs and Requirements Analysis </li></ul><ul><li>Phase 1: Consolidate/Update Control Set </li></ul><ul><li>Phase 2: Replace Legacy Platform with COTS GRC </li></ul><ul><li>Phase 3: Add GRC Platform Vendor Content </li></ul><ul><li>Expertool GRC Acceleration Role: </li></ul><ul><li>GRC Business Rules Prototyping </li></ul><ul><li>GRC Content Analysis </li></ul>Support for GRC Content Governance
  12. 12. Architectural View (Client’s Slide) Source: Expertool Client Presentation Describing Their Architecture <ul><li>Required human tasks optimized, rationalized and centralized </li></ul><ul><li>Automation requirements defined, tested and centralized </li></ul>Upstream Downstream GRC Tool Expertool GRC Acceleration <ul><li>Phase 1: Consolidate/Update Control Set </li></ul><ul><li>Expertool GRC Acceleration Role: </li></ul><ul><li>Issue Management </li></ul><ul><li>Impact Analysis </li></ul><ul><li>GRC Content Governance </li></ul><ul><li>Phase 1: Consolidate/Update Control Set </li></ul><ul><li>Phase 2: Replace Legacy Platform with COTS GRC </li></ul><ul><li>Expertool GRC Acceleration Role: </li></ul><ul><li>Stakeholder Needs and Requirements Analysis </li></ul><ul><li>Phase 1: Consolidate/Update Control Set </li></ul><ul><li>Phase 2: Replace Legacy Platform with COTS GRC </li></ul><ul><li>Phase 3: Add GRC Platform Vendor Content </li></ul><ul><li>Expertool GRC Acceleration Role: </li></ul><ul><li>GRC Business Rules Prototyping </li></ul><ul><li>GRC Content Analysis </li></ul><ul><li>Post GRC Implementation </li></ul><ul><li>Expertool GRC Acceleration Role: </li></ul><ul><li>Emerging Threat/Trend Analysis Support </li></ul><ul><li>GRC Content Governance </li></ul>Support for GRC Content Governance
  13. 13. Features and Benefits <ul><li>Expertool GRC Accelerator empowers the GRC team to rapidly implement and adapt their GRC solution to be integrated with company-specific policies, procedures, controls and with business and IT environments </li></ul><ul><li>Prior to rolling out or updating their GRC solution, the GRC team can rapidly prototype and evaluate the impact of changes to their control architecture and/or control sets </li></ul><ul><li>Once understood, analyzed and approved, the control solutions from Expertool GRC Accelerator can directly feed the GRC solution with controls related to control objectives, and grouped into tailored baselines. </li></ul>
  14. 14. Increase Value of Your GRC Solution <ul><li>Reduce Time-to-Value by 50%-80% </li></ul><ul><ul><li>Populate initial client content from synthesized spreadsheets and system extracts </li></ul></ul><ul><ul><li>Enable parallel and independent expert activities; integrate and upload results to GRC system </li></ul></ul><ul><ul><li>Minimize project risk due to schedule coordination </li></ul></ul><ul><li>Improve agility and effectiveness of GRC solution </li></ul><ul><ul><li>Minimize political friction for GRC solution sponsor </li></ul></ul><ul><ul><li>Frontload implementation quality control </li></ul></ul><ul><ul><li>Speed update cycle to deal with emerging issues </li></ul></ul>
  15. 15. GRC Acceleration Deliverables GRC Architecture and Solution Alignment GRC Content Understanding and Optimization GRC Impact Analysis GRC Content Governance GRC Issue, Emerging Threat, Regulation Evaluation GRC Business Rules Understanding and Optimization Element Deliverables Rules Prototype Environment, Specification for Validated Business Rules Content Understanding Environment, Taxonomy Maps, Content Gap, Optimized Production Content, Feed to GRC Platform GRC Architecture Alignment Environment, Solution Gaps, Implementation Scopes, Issue Management, Key Success Factors, Solution Risks Financial Impact of Change to GRC Architecture or Compliance Environment GRC Content Repository, GRC Content Governance Environment Scenario-Based Analysis Environment
  16. 16. Sample Content Optimization Process Source: Expertool Client Presentation Describing Content Optimization Process SME Performs Relevance Analysis App: Archer Data Migration SME Support Model Saved Spreadsheets SME Performs Equivalence Analysis App: Archer Data Migration Client Content-> Archer Content Model Saved Spreadsheets Expertool Updates Equivalence Model App: Archer Data Migration Client Content-> Archer Content Model Updated Model SME Performs Question Analysis App: Archer Data Migration Client Content-> Archer Content Model with Questions Saved Spreadsheets Extend Equivalence Model with Questions App: Archer Data Migration Client Content-> Archer Content Model with Questions Updated Model Expertool Create Policy Data Output App: Archer Data Migration Client Content-> Archer Content Model with Questions Policy Data for Archer Client Governance Data
  17. 17. Demonstrate Prototype Business Rule <ul><li>GRC Acceleration environment integrates </li></ul><ul><ul><li>Business Context </li></ul></ul><ul><ul><li>Regulatory Context </li></ul></ul><ul><ul><li>Process </li></ul></ul><ul><ul><li>Expertise </li></ul></ul><ul><ul><li>Knowledge </li></ul></ul><ul><ul><li>Data </li></ul></ul><ul><li>Used in production to validate approach </li></ul><ul><li>Suggested by some as a great “final” solution </li></ul>
  18. 18. The GRC Acceleration Project <ul><li>Knowledge sources integrated </li></ul><ul><li>Mappings deduced and suggested </li></ul><ul><li>Client internal taxonomy and architecture mapped to GRC product taxonomy </li></ul><ul><li>Client SMEs and consultants analyze and refine mappings in tailored model </li></ul><ul><li>Client Inputs </li></ul><ul><li>Previous projects </li></ul><ul><li>Reports </li></ul><ul><li>Existing documents </li></ul><ul><li>System output </li></ul><ul><li>New Insights </li></ul><ul><li>Expertise Gaps </li></ul><ul><li>Business Case </li></ul>Initial GRC OCU <ul><li>GRC Acceleration </li></ul><ul><li>Key Success Factors </li></ul><ul><li>Optimized Content </li></ul><ul><li>Validated Business Rules </li></ul><ul><li>Impact Analysis </li></ul><ul><li>Content Governance Environment </li></ul>On-Going Maintenance Continuous Improvement GRC Tool
  19. 19. Appendix
  20. 20. Key Concepts <ul><li>Expertise Management (EM) </li></ul><ul><ul><li>a proven management discipline applying cognitive science and complexity theory to business problems </li></ul></ul><ul><li>Organizational Competence Unit (OCU) </li></ul><ul><ul><li>the outcome of an Expertise Management initiative delivering continuous value </li></ul></ul><ul><li>Expertool </li></ul><ul><ul><li>a cognitive platform for modeling and integrating multidisciplinary human expertise, evolved during real-world engagements </li></ul></ul>
  21. 21. The Value Proposition Enabled by our Unique Technology Lengthy, costly and politically risky group activities Decisions documented, but not all options and views considered Insights that do not support the conclusion are lost Efforts must be repeated if similar issues arise Issues from synthesized documentation channeled to appropriate experts Governance team reviews options and tradeoffs preserved in context Individual expertise is reusable as organizational expertise Time-to-value accelerates as additional knowledge sources are integrated Accelerated: Organizational Competency Unit (OCU) Source: OCEG Presentation Typical: Slow Manual Activities
  22. 22. Expertise Management Initiative Deliverables Expert Application(s) Trained Resources System Integration Process Integration Documentation Package Standard Outcome – Basic Organizational Competence Unit Optional Outcome – Organizational Competence Unit Extensions
  23. 23. Complexity <ul><li>How many potential interactions are there between 100 GRC events? </li></ul>“ Combinational Explosion Complexity” The potential interactions of 100 factors is 1,267,650,600,228,230,000,000,000,000,000

×