1) The document discusses an integrated GRC platform called BWise that supports all key GRC functions like risk management, internal audit, compliance, and policy management across various industries. 2) BWise is a leader in integrated GRC software with over 400 global customers, 1 million users, and a global alliance network of over 200 certified consultants. 3) The integrated BWise platform allows for continuous monitoring, reuse of data, and provides a single version of truth, reducing duplicative efforts compared to a fragmented GRC approach using multiple systems.

1. Integrated GRC, financial justification
Stockholm – 15th of May, 2014
Rob van Straten

2. 2
We are ranked
as a leader
by all
industry
analysts for
consecutive
6 years
All customers use
the same
configurable GRC
platform
Upgrades take
one hour
global
alliance
program:
>200
certified
consultants
400+
Global
customers
>1 million
users
Global
leader in
Integrated
GRC
software
BWise® GRC platform
supports ‘GRC groups’:
 Risk Management
 Internal Audit
 Internal Control
 Compliance & Policy Management
 IT GRC
 Sustainability Performance
Management
 Corporate control
 Business Continuity Management
 Case Management
 Continuous
Monitoring/Auditing
 Best practices
Best of breed:
Functionality
Security
Flexibility
Scalability
Performance

3. 3
BWise supports all GRC functions

4. 4
Banking
OpRisk Cycle
Risk Identification
RCSA
Loss & Incident Management
Action Management Risk Framework
Capital Calculation
Risk Reporting
KRI Management

5. 5
Maintain Audit Universe
Workpaper Management
Audit Reporting
Findings & Issue Tracking
Yearly Audit Plan
Detailed Audit Planning
Audit Analytics
Audit Preparation
The Audit Cycle

6. 6
Integrated GRC - Common Risk Language
Confidential information – Copyright 2013 BWise
Frameworks drive reporting

7. 7
Operational Risk Management Dashboard

8. 8
Personal Dashboard

9. 9
Gerard Parker
Risk Management (RM)
Michael Bauer
Internal Control (IC)
Jackie McLaren
Compliance &
Policy Mngt (CPM)
Damian Thomson
IT GRC
Kim Lee
Sustainability
Performance
Management (SPM)
Integrated BWise® GRC Platform
Ann Green
Internal Audit (IA)
Planning Framework Assessment Data Reports

10. 10
Data Driven Risk Management and Compliance
Business SystemsIT Management Systems
Assets
CMDB
Vulnerability
Management
Intrusion
Detection
Log
Management
Incident
Management
Identity and Access Management
ITGRC
GRC
ERP
HR
Consolidation
PCI, COBIT, ITIL, ISO27002
ICOFR, SOX, AML, FCPA, ABC,
GRI, TAX
BWise Enterprise GRC
CRM

11. 11
FINANCIAL JUSTIFICATION OF
INTEGRATED GRC

12. 12
report
Internal
Audit
HR Finance Business R&D
Supply
chain
Com-
pliance
ERM
ORM
Internal
Control
report report report
Fragmented
data collection
Siloed
IT systems
Duplicative
reporting
Fragmented GRC:
Multiple frameworks and systems, duplicative efforts,
multiple versions of the truth

13. 13
HR Finance Business R&D
Supply
chain
Integrated GRC platform
IA, ERM/ORM, Compliance, Internal Control
Asking
questions once
Integrated
GRC platform
Integrated
reporting
Integrated GRC:
Single framework and system, reusing information,
one version of the truth
reports

14. 14
The 3 Elements of Benefit
Efficiency
improvement
Loss Prevention
Performance Enhancement
Improved Steering
Possible to prove
Possible to claim
Possible to prove
Hard to claim
Hard to prove
Hard to claim

15. 15
Improved Steering
“After a risk assessment gave
us better insights into our
supply chain risks, we have
made ample investments in our
partner supply network, which
has prevented major damage
after the Fukushima disaster.”
“With our risk management
program, we were able to
reduce our regulatory capital
charge by ## million, which has
given us ## extra revenue with
## extra profit.”

16. 16
Non-Compliance Financial Consequences
108M USD
384M USD
36M USD
250M USD
13,2M USD
48M USD
398M USD
700k USD
4M USD
4,5M USD
492M USD
754,4M USD

17. 17
Sample Fines

18. 18
C-Level: Held Personally Responsible
Confidential information – Copyright 2013 BWise

19. 19
Elements of Efficiency Improvement
IT Cost
• IT infrastructure cost
– Hardware
– Software
• IT maintenance cost
• IT staffing cost
• Upgrades & Updates
• Training cost
Process Efficiencies
• Reporting efficiency
• Issue tracking efficiency
• Control testing efficiency
• Risk assessment efficiency
• Incident management
efficiency
• Compliance tracking
efficiency
• Risk monitoring efficiency
• …

20. 20
Cost Reduction – IT Systems
-2 000 000
-1 000 000
0
1 000 000
2 000 000
3 000 000
4 000 000
5 000 000
6 000 000
Cost Savings
Cost Saving Cumulative Cost Saving

21. 21

22. 22
How to start the eGRC Journey? Practical advice
Create
IT vision
for eGRC
Develop unified
taxonomy;
single Risk
language
define
pain
points
and/or
quick wins
Reduce
complexity by
Best
Practices
and
Standards
It’s a
journey,
not a
destination
Connect
Risks to
processes
and define
controls