Downloaded 81 times
Uploaded byFixNix Inc.,
GRC 101 ISACA Bengaluru on 28th Dec 2013
For more than 24 months, FixNix has researched compliance for leading Indian e-commerce brands, participated in security forums, and developed SMB GRC products. Now they are presenting on governance, risk, and compliance. The presentation will discuss prioritizing issues, organizing resources, and mobilizing people to drive lasting change in communities. It will also cover the GRC market landscape and trends such as increasing regulatory demands, enterprise risk management, and integrating risk data from new sources.
More Related Content
Similar to GRC 101 ISACA Bengaluru on 28th Dec 2013
GRC 101 ISACA Bengaluru on 28th Dec 2013
- 1. For more than24 months, FixNix has researched compliance for the India’s leading e-commerce brands, security thought leadership forums, and production of SMB GRC product. Now they bring you… GOVERNANCE, RISK & COMPLIANCE
- 2. To Get 200%Benefit of This Presentation FIRST Mute Your Cellphone SECOND Unlearn Whatever You Know in GRC World & Lend your Ears for next 60 minutes
- 10.
- 11.
- 12.
- 14. WHY THE WHAT THEY NEED TO SHOULDADOPT CAN DO FOR TO TAKE
- 17.
- 18.
- 23.
- 25.
- 29.
- 30.
- 35.
- 38. Community Development • Inorder to bring lasting change, we must first prioritize the things that will bring about the maximum impact • Then we must organize schedules and resources that will support the priorities • Finally, we need to mobilize people to be able to take action and bring about that change
- 39. Community Development • Inorder to bring lasting change, we must first prioritize the things that will bring about the maximum impact prioritize organize mobilize • Then we must organize schedules and resources that will support the priorities • Finally, we need to mobilize people to be able to take action and bring about that change
- 40.
- 41.
- 42.
- 47.
- 49.
- 69.
- 82. LEADERS ARE INNOVATINGWITH ADVANCED CAPABILITIES, HAVE LARGE CUSTOMER BASES, HAVE SOLID CAPABILITIES IN THE CORE PLATFORM FUNCTIONS — AUDIT MANAGEMENT, COMPLIANCE MANAGEMENT, RISK MANAGEMENT AND POLICY MANAGEMENT — AND HAVE EXECUTED ACROSS SEVERAL INDUSTRIES, WITH SUPPORT FOR MULTIPLE PROFESSIONAL ROLES.
- 90. SEVERAL VISIONARIES AREDRIVING INNOVATION IN THE MARKET THROUGH INTEGRATION WITH BUSINESS PROCESS MODELING, CCM, RISK ANALYTICS, TARGETED VERTICAL INDUSTRY SOLUTIONS, AND OTHER ADVANCED CAPABILITIES BEYOND THE CORE FUNCTIONS.
- 98. THE EGRC PLATFORM MARKETIS DERIVED FROM THE NEED FOR MANY ENTITIES TO IMPROVE THE OVERSIGHT OF CORPORATE GOVERNANCE — INCLUDING FINANCIAL REPORTING COMPLIANCE, ERM AND RELATED AUDITS.
- 99. AN EGRC PLATFORM MUSTSOLVE THE IMMEDIATE GRCM NEEDS ASSOCIATED WITH CORPORATE GOVERNANCE, AND ALSO ENABLE AN ENTERPRISE TO PURSUE CONSOLIDATION AND INTEGRATION OF A DIVERSE SET OF OPERATIONAL, IT, LEGAL AND FINANCE GRC ACTIVITIES.
- 100. IN A 2013GARTNER SURVEY OF 174 EGRC PLATFORM USERS, THE SIX LEADING USES WERE ENTERPRISE OR OPERATIONAL RISK MANAGEMENT (61%), AUDIT MANAGEMENT (53%), IT RISK MANAGEMENT (34%), CASE OR INCIDENT MANAGEMENT (32%), POLICY MANAGEMENT (30%), AND INTEGRATED PERFORMANCE AND RISK MANAGEMENT (29%).
- 101. MOST EGRC PLATFORMVENDORS ARE ADDING PREPACKAGE CAPABILITIES, OR APPLICATIONS, THAT MEET INDUSTRY-SPECIFIC OPERATIONAL GRC NEEDS, SUCH AS BASEL II/III, SOLVENCY II, EH&S COMPLIANCE AND SUSTAINABILITY, HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) AND OTHER HEALTHCARE COMPLIANCE, FOREIGN CORRUPT PRIVACY ACT (FCPA) AND OTHER ANTI-BRIBERY RULES, THIRD-PARTY RISK MANAGEMENT, REGULATORY CHANGE MANAGEMENT, GRAMM-LEACH-BLILEY ACT (GLBA), PCI, CONFLICT MINERALS AND OTHER DODD-FRANK ACT REQUIREMENTS, BCM, AND NERC/FERC COMPLIANCE
- 102. SOME VENDORS ALSOPROVIDE IT ASSET REPOSITORY, IT POLICY MANAGEMENT AND THE AUTOMATED COLLECTION OF IT CONTROLS DATA. ORGANIZATIONS WITH A PRIMARY INTEREST IN ITCENTRIC GRCM REQUIREMENTS SHOULD BE AWARE THAT MOST EGRC PLATFORMS BALANCE FINANCIAL, OPERATIONAL AND IT REQUIREMENTS AT THE EXPENSE OF IT-CENTRIC DEPTH.
- 103. demands on internalaudit organizations • Increased as they cope with increasing regulatory requirements, ERM oversight and demands for more business performance audits • An • ERM to support by business leaders increasing regulatory focus on anti-corruption and bribery in the aftermath of the 2008 global financial crisis transparency objectives of regulators and decision making • Risk analytics to support integration of risk management and performance management • Regulatory content services and change management to deal with regulatory proliferation
- 104. SOX knock-on effect •The , as organizations find that auditors and regulators worldwide are raising the bar on internal controls, even when the law is not as stringent as U.S. SOX (for example, Law 262 in Italy) • Consolidation, with a shift from dominance of the market by smaller best-of-breed players to one dominated by larger, wellestablished vendors • Third-party risk management to ensure that third parties do not present unacceptable compliance and risk challenges • Social risk management issues emerging from social marketing strategies and the need to ensure compliance with privacy and advertising regulations • Operational technology and critical infrastructure protection, which increases the variety and volume of risk and controls data
- 105. • Specifically, asGRC adapts to social, third-party monitoring and operational technology requirements, the volume of use cases will expand beyond what is reasonable to be included directly on the platform. • With the proliferation of use cases, the platform will need to integrate with many more external data sources and applications, thus reversing what has been the evolution during the past six years to support most GRC use cases directly on the platform. • Thus, the platform will fade in market positioning importance, but will remain foundational as an enabler for new GRC-related markets.
- 116.
Editor's Notes
- #2 To view this presentation, first, turn up your volume and second, launch the self-running slide show.
- #3 To get 200% benefit of this presentation, first, mute your cellphone and second, unlearn whatever you know in GRC world & lend your ears for next 60 minutes.
- #4 GRC is a powerful compliance program which can move & shake any organization.
- #5 For more than 24 months, FixNix has developed GRC programs…
- #6 …to improve compliance,
- #7 …align all departments,
- #8 …increase company value,
- #9 …and propel
- #10 …GRC program.
- #11 Along the way we’ve discovered…
- #12 …five simple rules for creating Governance, Risk & Compliance programs.
- #13 The first rule is: Treat your business as king.
- #14 Your business groups, management deserves to be treated like royalty. Design a GRC program that meets their needs, not just yours.
- #15 Management want to know what you can do for them, why they should adopt your view, and the steps they need to follow to take action.
- #16 Give them those things in a clear, easily understandable way…
- #17 …and you will undoubtedly find favor with the king.
- #18 The second rule is: Spread ideas and move people.
- #19 Your business didn’t show up to read your 60 page on screen dissertation.
- #20 They’re there to see you. To be inspired by your message…
- #21 …and witness the quality of your thought.
- #22 You are not giving your presentation to have another meeting. You are there to convey meaning.
- #23 So, consider including imagery that powerfully illustrates your point.
- #24 Which GRC product has it all ?
- #25 And a thought-provoking inclusive awareness training moves your business in a way that can change not only minds, but hearts.
- #26 The next rule is: Help them see what you are saying.
- #27 Half of the people in your business are verbal thinkers and the other half are visual.
- #28 Combining minimal text with meaningful visuals means that you’ll reach everyone.
- #29 Brainstorm graphics that will effectively communicate your message…
- #30 …and replace those words with a picture, chart or diagram. Then apply a consistent treatment to your graphics to give your whole GRC solution a unified look so that your business is attracted to, rather than distracted from, your message.
- #31 Rule number 4: Practice design, not decoration.
- #32 As tempting as it is to fill your GRC solution with stuff, often de-decorating is the best policy.
- #33 Any writer or designer will tell you that 90% of the creative process…
- #34 …is destructive.
- #35 Do you have a main point? Consider putting just one dashboard on the GRC solution by itself. Want them to remember a few items? Don’t show everything at once. Instead, show one item at a time. Have a snapshot that expresses your idea? Scale that snapshot so that it fills the overall solution. Have a single metric that says it all? Let’s depict it and remove everything else.
- #36 The last rule is: Cultivate healthy relationships (with your solution and your business )
- #37 Letting go is hard, we know.
- #38 But don’t hide behind your GRCsolution.
- #39 Breaking your dependence on your GRC solution can do a world of good for your relationship with your business.
- #40 Reduce the amount of metrics to a few key ones. Put the rest into your behind the scene pages.
- #41 And practice, practice, practice.
- #42 Thinking of your GRC solution as digital scenery,
- #43 Allows you to connect eye-to-eye with your business in a meaningful way.
- #44 So there are the rules.
- #45 But the question remains—Why go to all this trouble?
- #46 Why not do it the way you are used to?
- #47 The answer is simple. Because everyone else does it that way, too. You need to stand apart and be different.
- #48 When you apply these rules,
- #49 and keep the business’s needs top of mind,
- #50 your GRC solution will not only hold their attention,
- #51 But also change the company world . (Well, at least your part of the world.)
- #52 IT roadmap for GRC
- #53 How do we align our GRC initiatives ?
- #54 How do I assess risk ?
- #55 Policies, procedures and controls
- #56 What are the elements of privacy risk management and compliance ?
- #57 How can operational controls add value to a business process ?
- #58 How do I know if my GRC system or overall program is effective ?
- #60 How should we conduct investigation
- #61 Suspicious activity investigation lifecycle
- #62 What controls are needed for the extended enterprise ?
- #63 How do we broaden our awareness of incidents and risks?
- #64 How do we optimize our approach to GRC
- #65 How do we integrate IT to enable GRC ?
- #66 How do we manage the business risk of fraud ?
- #67 How do we measure the performance of GRC ?
- #68 How does a federated GRC approach apply to policy management ?
- #69 How can we use a lean approach for compliance and control ?
- #71 How can we use a lean approach for compliance and control ?
- #72 How can we use a lean approach for compliance and control ?
- #73 How can we use a lean approach for compliance and control ?
- #74 How can we use a lean approach for compliance and control ?
- #75 How can we use a lean approach for compliance and control ?
- #76 How can we use a lean approach for compliance and control ?
- #107 How can we use a lean approach for compliance and control ?
- #108 How can we use a lean approach for compliance and control ?
- #109 How can we use a lean approach for compliance and control ?
- #110 How can we use a lean approach for compliance and control ?
- #111 How can we use a lean approach for compliance and control ?
- #112 How can we use a lean approach for compliance and control ?
- #113 How can we use a lean approach for compliance and control ?
- #114 How can we use a lean approach for compliance and control ?
- #115 How can we use a lean approach for compliance and control ?
- #116 How can we use a lean approach for compliance and control ?
- #117 For more ways to harness the power of GRC, visit www.fixnix.co