SlideShare a Scribd company logo

Maclear’s IT GRC Tools – Key Issues and Trends

Maclear LLC
Maclear LLC

Maclear specializes in enterprise governance, risk and compliance (eGRC) solutions. The IT GRC Solution integrates various business functions such as IT governance, policy management, risk management, compliance management, audit management, and incident management. Enables an automated and workflow driven approach to managing, communicating and implementing IT policies and procedures across the enterprise Read More at: http://www.maclear-grc.com/

Business
1 of 11
Download to read offline
IT GRC www.maclear-grc.com
Introduction IT GRC Landscape IT GRC Tools - Key Issues & Trends Key Challenges Benefits of Integrating IT GRC IT Risk Management Framework IT GRC Solution IT GRC Solution - Key Features IT GRC Framework - Implementation 360 Degree of Risk Aggregating across IT and Security Ecosystem Sustainability and Best Practices for Deploying IT GRC IT GRC Automation Conclusion 3 3 4 4 5 6 7 7 8 8 9 9 10 10 CONTENTS
IT GRC INTRODUCTION IT GRC LANDSCAPE 2013, already being referred to as the “Year of Data Leaks”, witnessed a total of 2164 separate cases of data breaches which exposed over 822 million records. Hacking accounted for almost 60% of incidents, and over 70% of leaked records. A report by Symantec put the average cost of data breaches in 2013 between $1.1 million on the lowest end and $5.4 million on the highest. When we consider that data security breach is just one of the many threats facing an organization, the business impact estimate of security breaches, regulatory non-compliance and lack of effective governance is staggering. The modern organization operates in a complex high risk environment. At one level, it is affected by macro changes in the environment such as economic downturns, political instability and disasters. At the other level it has to contend with unprecedented volumes of data, ensure data security and effective data validation amidst increasing consumerization of IT, digital convergence and ever changing compliance regulations. Organizations today are under tremendous pressure to ensure optimum governance, operational transparency and effective risk management while maintaining profitability and competitive edge. This necessitates a comprehensive focus on IT GRC with state of the art technology enabled solutions to create and manage the necessary governance frameworks. This whitepaper focuses on the ways in which IT GRC can be implemented, its best practices and key benefits for an organization. Technology enablement has been at the forefront of paradigm shifts in the GRC space over the last few years. It has been proven beyond doubt now that organizations that use technology to enable their GRC processes have significant advantages over others. Some of these are the potential to reduce the cost of risk management, enhance compliance and audit controls and processes, and streamline reporting and analytics, and better risk management. It is, however, important to note the key issues that are faced by IT GRC and some of the recent trends in this space. 3
IT GRC TOOLS - KEY ISSUES & TRENDS KEY CHALLENGES ISSUES TRENDS • Non‐standard definition of GRC across industries - unstable future state and ability to define requirements • Multiple and increasingly complex regulatory environments • Legacy GRC systems are application-specific. Vendors find dificulty in generalizing their product or find alternate uses • Lack of maturity of the enterprise GRC solutions to handle complex organization structures and data flows • Lack of visualization and advanced dashboarding • Lack of Analytics capabilities • Issues with gaining real-time data feeds across disparate sources • More often than not GRC initiatives are not driven from the top layers of leadership • Rapid growth of GRC solutions with organizations realising need for robust risk management frameworks • Increasing technology enablement of GRC processes within the organization • Entrance of many top technology companies in the GRC space including acquisitions and alliances • Focus on performing advanced analytics and Business Intelligence in the GRC space • Adoption of web-based solutions for GRC products which are easily accessible and maintained • Increasing use of Business Process Mangament (BPM) for GRC processes • Robust testing mechanisms of GRC solutions incuding continuous monitoring With the IT enterprise generating unprecedented volumes of data, the biggest challenge before CIOs is the effective management and analysis of information to aid the business without compromising data security. On an average, at least one third of the information generated by an enterprise needs to be assessed for risk and compliance. At the same time, organizations need relevant information delivered at the right time to the right people in order to not only leverage customer insights but also maintain and deepen the organization’s edge over competition in the market. To leverage big data effectively and securely poses significant operational challenges in terms of IT infrastructure, governance, risk management, data quality and compliance, especially when departments work in silos. Evolving technologies like mobility, BYOD, cloud computing, machine to machine communication, connected devices and trends like social media add to the CIOs GRC challenge. There is a need to extend GRC processes to newer technologies and devices and services used by employees and the business as a whole. In fact, most CIOs today want to work towards integrating risk and compliance awareness into regular employee communication to ensure maximum data security and regulatory compliance. At the same time, organizations need to evaluate and assess the effectiveness of data security measures. 4
BENEFITS OF INTEGRATING IT GRC The biggest question in context of a technology enabled IT GRC solution is about the benefits that it can bring to the organization. Given the elaborate and complex implementation and deployment process of IT GRC it is important to have a clear view of the benefits offered by the IT GRC solution: The IT GRC solution benefit analysis can also be approached from a different angle, namely, quantitative or qualitative benefits: REDUCED RISK LOWER ONGOING COSTS QUANTITATIVE BENEFITS IMMEDIATE ROI BETTER BUSINESS DECISIONS QUALITATIVE BENEFITS • Ongoing risk detection and assessment • Enhanced risk mitigation • Assured compliance • Reduced number of IT controls • Lower headcount requirements • Reduction in audit and external fees • Lower IT costs • Tight control over recommendations and action plans - process and resources • Focus risk, compliance, audit and functional resources on highest risk or opportunities • Closed loop management of issues, findings, remediation and action plans • Greater ROI for fees for external auditors and consultants • Lower risk of non-compliance based on audit finding and observations • Compliance and Controls • Risk and Losses • Reputation Management • Revenue Management • Visibility • Transparency • Strategic Value • Increase risk & compliance management efficiency and effectiveness • Drive year over year performance through continuous improvements • Greater cross-organizational visibility for risk issues and compliance deficiencies • Corporate culture stressing higher compliance awareness – reduce the need for mitigation and remediation • Build shareholder value through better auditing and compliance practices 5
IT RISK MANAGEMENT FRAMEWORK IT risk management practices are deep-rooted in the organization Analyze riskManage risk Business Objectives Risk EvaluationRisk Response IT related risk and opportunities are proactively identified, analyzed and presented in business terminology IT related risk issues, handled in a cost effective manner and aligned to business priorities Maintain risk profile React to events Collect data Articulate risk Integrate with ERMEstablish and maintain Make risk-aware RISK GOVERNANCE 6
IT GRC SOLUTION IT GRC SOLUTION - KEY FEATURES An advanced and comprehensive enterprise level IT GRC software solution can enable streamlining IT GRC processes, effectively managing risk, and meeting regulatory requirements. The solution enables companies to implement a formal framework to rigorously measure, mitigate, and monitor risks. It also simplifies and reduces the cost of compliance with many regulations governing data retention, privacy, confidential information, financial accountability, and recovery from disasters. Business Functions - Integrates various business functions such as IT governance, policy management, risk management, compliance management, audit management, and incident management Governance Frameworks - Create, measure, monitor, and manage IT governance programs based on control frameworks like COBIT, ISO 27001, NIST, and ITIL Compliance Requirements - Access to various compliance requirements like, FFIEC, PCI, FISMA, GLBA, HIPAA, NIST, and many others Threat Management - Standardized Investigation Processes to address organization level global security threats Workflow - Enables an automated and workflow driven approach to managing, communicating and implementing IT policies and procedures across the enterprise Process Management - Provides a mechanism for managing IT surveys, certifications, self-assessments, and audits IT Audit Management - streamline and strengthen the entire life cycle of audit management by helping to understand, measure, analyze and improve the organization’s functions and processes Documentation - Provides a centralized solution for storing documents related to IT risks, mitigation plans, questionnaires, checklists, assets, defining controls, and risk assessments Risk & Issue Management - Provides a robust issue management system for capturing and tracking IT issues, incidents, and threats as well as implementing corrective and preventive actions (CAPA) KRIs - Provides well defined key risk indicators with scope for customizations, assessment results, and compliance initiatives Reporting - Provides dashboarding and integrated reporting capabilities including self-assessments, manual assessments, and automated control mechanisms. In built data analytics and IT GRC intelligence capabilities 7
IT GRC FRAMEWORK - IMPLEMENTATION 360 DEGREE OF RISK There are two strategies that an organization can take when implementing an IT GRC framework. These are (1) Obtaining a 360 degree view of Enterprise Risk, and (2) Aggregating across the IT and Security Ecosystems in the organization. What is the likely loss of magnitude? Business Impact Risk Appetite VulnerabilitiesThreats What is the threat landscape? What is our appetite and how does that translate into thresholds? How are we vulnerable? • Ultimate Objective: Risk Intelligence - right metrics for better business performance through active governance • Threat, Vulnerability, Risk, mean different things to different stakeholders - common model and taxonomy • Threat Intelligence, Incident Response and Crisis Management - integrated, agile processes to protect against advanced, persistent threats and complex attacks • Information Security Eco-system is orthogonal to IT - embedded in the business process • Governance, Risk and Compliance Management - single repository for analytics and one version of the truth 8
AGGREGATING ACROSS IT AND SECURITY ECOSYSTEM SUSTAINABILITY AND BEST PRACTICES FOR DEPLOYING IT GRC • Leverage a common GRC platform, with an asset inventory, risk and control framework and nomenclature • Integrate with Security and IT monitoring systems – provide business context for security and IT • Leverage Heat maps, KRIs, KPIs for decision support and business intelligence • Use customized automated notifications when thresholds are breached • Integrate tests and exercises with Business Continuity and Disaster Recovery programs • Streamline risk management – single information model, cross-functional collaboration, multi-dimensional risk assessments Automation of IT GRC processes is a must have item on most CIO wish lists today. While implementing IT GRC solutions it is crucial to remember no solution can be truly effective without the right monitoring systems. A comprehensive overview of the objectives for IT GRC automation, coupled with the expected deliverables and benefits against which to evaluate performance, is an effective way of implementing a sustainable cutting edge IT GRC platform. 9
IT GRC AUTOMATION CONCLUSION With an automated IT GRC platform organizations can not only do away with redundancies but also reduce manual efforts and thereby minimize the room for human error. It important to have a clear picture of the desired deliverables and the expected benefits of such an automated solution: That the modern organization faces multiple serious threats from different quarters is an unarguable fact of business today. As risk and compliance complexities evolve and increase, it will be impossible for CIOs to ensure seamless foolproof GRC processes unless they actively adopt a technology leadership position. A solution which integrates various systems, documents risk needs and applicable remediation strategies, allows real-time data ingestion and issue tracking mechanisms. There is no denying that such a solution can not only serve the IT GRC needs of an organization efficiently, but also reduce costs and help drive risk-driven business decision-making. • Definition of a target framework to be implemented within the selected groups for both functional and IT departments • Definition of the stepwise transformation roadmap • Definition of a consistent target framework (process, system and norms) ensuring data quality and coherence of indicators throughout the group • Reduced non productive time periods and optimized the operational efficiency • Substantial contribution to strategic targets and concentration on core business • Risks and cost reduction; controls and response time improvements • Improvement of overall data integrity homogeneity and availability • Substantial reduction of production & reporting cycle times and costs DELIVERABLES BENEFITS 10
CONTACT Visit: www.maclear-grc.com Email: info@maclear-grc.com USA: +1 630 839 9214 UK: +44 203 006 2558 ABOUT US Maclear specializes in enterprise governance, risk and compliance (eGRC) solutions. Our core capabilities cover roadmap design, solutions scoping, design & implementation, training & awareness and solutions support. Our integrated holistic approach to eGRC helps drive efficiency, effectiveness and agility for our clients by minimizing risk and compliance threats, enabling process improvement, fostering collaboration and facilitating automation. Our client base spans industries including banking, financial services, insurance, healthcare, retail, manufacturing, education and energy. As a fast growing company, we have earned a reputation of delivering outstanding value to our clients through delivery of exceptional eGRC solutions and services. About the Author Ketan Dholakia (Co-founder) Americas & APACJ Ketan Dholakia is a global IT executive with in-depth knowledge of IT services and operations with 20+ years of experience establishing security and risk management solution. Ketan’s professional services expertise and extensive experience working with large and mid-tiered multi-national corporations has established him as leader in the GRC arena. Prior to Maclear, Ketan led senior teams for Schlaumburger, GTS, Zurich Financial Services, Adams Harris and Archer Technologies.

Recommended

Review the five signs that you need a new Segregation of Duties compliance st...
Review the five signs that you need a new Segregation of Duties compliance st...Review the five signs that you need a new Segregation of Duties compliance st...
Review the five signs that you need a new Segregation of Duties compliance st...Symmetry™
 
PCSG Corporate Overview
PCSG Corporate OverviewPCSG Corporate Overview
PCSG Corporate Overviewjayallen77
 
Enterprise risk management
Enterprise risk managementEnterprise risk management
Enterprise risk managementMetricStream Inc
 
GRC Essentials for Customers using SAP
GRC Essentials for Customers using SAP GRC Essentials for Customers using SAP
GRC Essentials for Customers using SAP Dudley Cartwright
 
13 Top GRC Tools for an Integrated Governance, Risk and Compliance Strategy
13 Top GRC Tools for an Integrated Governance, Risk and Compliance Strategy13 Top GRC Tools for an Integrated Governance, Risk and Compliance Strategy
13 Top GRC Tools for an Integrated Governance, Risk and Compliance StrategyQuekelsBaro
 
Crafting an End-to-End Pharma GRC Strategy
Crafting an End-to-End Pharma GRC StrategyCrafting an End-to-End Pharma GRC Strategy
Crafting an End-to-End Pharma GRC StrategyCognizant
 
Real Time Risk Management
Real Time Risk ManagementReal Time Risk Management
Real Time Risk ManagementMike Popham MBA PhD CPEng FRSA
 
How to Evaluate a Managed Services Firm
How to Evaluate a Managed Services FirmHow to Evaluate a Managed Services Firm
How to Evaluate a Managed Services Firmoneneckitservices
 

Recommended

Review the five signs that you need a new Segregation of Duties compliance st...
Review the five signs that you need a new Segregation of Duties compliance st...Review the five signs that you need a new Segregation of Duties compliance st...
Review the five signs that you need a new Segregation of Duties compliance st...Symmetry™
 
PCSG Corporate Overview
PCSG Corporate OverviewPCSG Corporate Overview
PCSG Corporate Overviewjayallen77
 
Enterprise risk management
Enterprise risk managementEnterprise risk management
Enterprise risk managementMetricStream Inc
 
GRC Essentials for Customers using SAP
GRC Essentials for Customers using SAP GRC Essentials for Customers using SAP
GRC Essentials for Customers using SAP Dudley Cartwright
 
13 Top GRC Tools for an Integrated Governance, Risk and Compliance Strategy
13 Top GRC Tools for an Integrated Governance, Risk and Compliance Strategy13 Top GRC Tools for an Integrated Governance, Risk and Compliance Strategy
13 Top GRC Tools for an Integrated Governance, Risk and Compliance StrategyQuekelsBaro
 
Crafting an End-to-End Pharma GRC Strategy
Crafting an End-to-End Pharma GRC StrategyCrafting an End-to-End Pharma GRC Strategy
Crafting an End-to-End Pharma GRC StrategyCognizant
 
Real Time Risk Management
Real Time Risk ManagementReal Time Risk Management
Real Time Risk ManagementMike Popham MBA PhD CPEng FRSA
 
How to Evaluate a Managed Services Firm
How to Evaluate a Managed Services FirmHow to Evaluate a Managed Services Firm
How to Evaluate a Managed Services Firmoneneckitservices
 
SAP Security – Dealing with the Internal Threat of Working from Home
SAP Security – Dealing with the Internal Threat of Working from HomeSAP Security – Dealing with the Internal Threat of Working from Home
SAP Security – Dealing with the Internal Threat of Working from HomeDudley Cartwright
 
The Roadmap to Becoming a Top Performing Organization in Managing IT Operations
The Roadmap to Becoming a Top Performing Organization in Managing IT OperationsThe Roadmap to Becoming a Top Performing Organization in Managing IT Operations
The Roadmap to Becoming a Top Performing Organization in Managing IT OperationsDigital Enterprise Journal
 
The Changing Data Quality & Data Governance Landscape
The Changing Data Quality & Data Governance LandscapeThe Changing Data Quality & Data Governance Landscape
The Changing Data Quality & Data Governance LandscapeTrillium Software
 
IBM Software Capabilities
IBM Software CapabilitiesIBM Software Capabilities
IBM Software CapabilitiesNone
 
Petronas Project Oversight and Corporate Governance System Requirements
Petronas Project Oversight and Corporate Governance System RequirementsPetronas Project Oversight and Corporate Governance System Requirements
Petronas Project Oversight and Corporate Governance System RequirementsDarren Surin, BSc, MBA, PMP, ITIL
 
IS Audits and Internal Controls
IS Audits and Internal ControlsIS Audits and Internal Controls
IS Audits and Internal ControlsBharath Rao
 
Insurance rating software market
Insurance rating software marketInsurance rating software market
Insurance rating software marketHarshalBamble
 
BPM in Healthcare
BPM in HealthcareBPM in Healthcare
BPM in HealthcareSandy Kemsley
 
Cyber fraud and Security - What risks does family office's face in today's wo...
Cyber fraud and Security - What risks does family office's face in today's wo...Cyber fraud and Security - What risks does family office's face in today's wo...
Cyber fraud and Security - What risks does family office's face in today's wo...Kannan Subbiah
 
IT Service Management (ITSM) Model for Business & IT Alignement
IT Service Management (ITSM) Model for Business & IT AlignementIT Service Management (ITSM) Model for Business & IT Alignement
IT Service Management (ITSM) Model for Business & IT AlignementRick Lemieux
 
Capgemini Consulting Claims Ops Model Alignment Program 3 13 2015
Capgemini Consulting Claims Ops Model Alignment Program 3 13 2015Capgemini Consulting Claims Ops Model Alignment Program 3 13 2015
Capgemini Consulting Claims Ops Model Alignment Program 3 13 2015Claire Louis
 
Case study presentation
Case study presentationCase study presentation
Case study presentationachtched
 
BCBS Information Article By Mike Gowlett
BCBS Information Article By Mike GowlettBCBS Information Article By Mike Gowlett
BCBS Information Article By Mike GowlettMichael Gowlett PMP, Prince 2 Practitioner
 
BPM implementation in Healthcare
BPM implementation in HealthcareBPM implementation in Healthcare
BPM implementation in HealthcareRaghuraman Balasubramanian
 
BMC Discovery IDC Research Study 470 ROI in 5 Years
BMC Discovery IDC Research Study 470 ROI in 5 YearsBMC Discovery IDC Research Study 470 ROI in 5 Years
BMC Discovery IDC Research Study 470 ROI in 5 YearsChris Farwell
 
Identity Management: Risk Across The Enterprise
Identity Management: Risk Across The EnterpriseIdentity Management: Risk Across The Enterprise
Identity Management: Risk Across The EnterprisePerficient, Inc.
 
Data analytics 2 analytics in the audit slides
Data analytics 2 analytics in the audit slides Data analytics 2 analytics in the audit slides
Data analytics 2 analytics in the audit slides Jim Kaplan CIA CFE
 
Dit yvol5iss37
Dit yvol5iss37Dit yvol5iss37
Dit yvol5iss37Rick Lemieux
 
The Architecture for Rapid Decisions
The Architecture for Rapid DecisionsThe Architecture for Rapid Decisions
The Architecture for Rapid DecisionsKishore Jethanandani, MBA, MA, MPhil,
 
Business Intelligence: Realizing the Benefits of a Data-Driven Journey
Business Intelligence: Realizing the Benefits of a Data-Driven JourneyBusiness Intelligence: Realizing the Benefits of a Data-Driven Journey
Business Intelligence: Realizing the Benefits of a Data-Driven JourneyRob Williams
 
教導感恩 愛
教導感恩 愛教導感恩 愛
教導感恩 愛hsu16868
 
081712 isaca-atl-auditing sap-grc
081712 isaca-atl-auditing sap-grc081712 isaca-atl-auditing sap-grc
081712 isaca-atl-auditing sap-grchkodali
 

More Related Content

What's hot

SAP Security – Dealing with the Internal Threat of Working from Home
SAP Security – Dealing with the Internal Threat of Working from HomeSAP Security – Dealing with the Internal Threat of Working from Home
SAP Security – Dealing with the Internal Threat of Working from HomeDudley Cartwright
 
The Roadmap to Becoming a Top Performing Organization in Managing IT Operations
The Roadmap to Becoming a Top Performing Organization in Managing IT OperationsThe Roadmap to Becoming a Top Performing Organization in Managing IT Operations
The Roadmap to Becoming a Top Performing Organization in Managing IT OperationsDigital Enterprise Journal
 
The Changing Data Quality & Data Governance Landscape
The Changing Data Quality & Data Governance LandscapeThe Changing Data Quality & Data Governance Landscape
The Changing Data Quality & Data Governance LandscapeTrillium Software
 
IBM Software Capabilities
IBM Software CapabilitiesIBM Software Capabilities
IBM Software CapabilitiesNone
 
Petronas Project Oversight and Corporate Governance System Requirements
Petronas Project Oversight and Corporate Governance System RequirementsPetronas Project Oversight and Corporate Governance System Requirements
Petronas Project Oversight and Corporate Governance System RequirementsDarren Surin, BSc, MBA, PMP, ITIL
 
IS Audits and Internal Controls
IS Audits and Internal ControlsIS Audits and Internal Controls
IS Audits and Internal ControlsBharath Rao
 
Insurance rating software market
Insurance rating software marketInsurance rating software market
Insurance rating software marketHarshalBamble
 
Cyber fraud and Security - What risks does family office's face in today's wo...
Cyber fraud and Security - What risks does family office's face in today's wo...Cyber fraud and Security - What risks does family office's face in today's wo...
Cyber fraud and Security - What risks does family office's face in today's wo...Kannan Subbiah
 
IT Service Management (ITSM) Model for Business & IT Alignement
IT Service Management (ITSM) Model for Business & IT AlignementIT Service Management (ITSM) Model for Business & IT Alignement
IT Service Management (ITSM) Model for Business & IT AlignementRick Lemieux
 
Capgemini Consulting Claims Ops Model Alignment Program 3 13 2015
Capgemini Consulting Claims Ops Model Alignment Program 3 13 2015Capgemini Consulting Claims Ops Model Alignment Program 3 13 2015
Capgemini Consulting Claims Ops Model Alignment Program 3 13 2015Claire Louis
 
Case study presentation
Case study presentationCase study presentation
Case study presentationachtched
 
BMC Discovery IDC Research Study 470 ROI in 5 Years
BMC Discovery IDC Research Study 470 ROI in 5 YearsBMC Discovery IDC Research Study 470 ROI in 5 Years
BMC Discovery IDC Research Study 470 ROI in 5 YearsChris Farwell
 
Identity Management: Risk Across The Enterprise
Identity Management: Risk Across The EnterpriseIdentity Management: Risk Across The Enterprise
Identity Management: Risk Across The EnterprisePerficient, Inc.
 
Data analytics 2 analytics in the audit slides
Data analytics 2 analytics in the audit slides Data analytics 2 analytics in the audit slides
Data analytics 2 analytics in the audit slides Jim Kaplan CIA CFE
 
Business Intelligence: Realizing the Benefits of a Data-Driven Journey
Business Intelligence: Realizing the Benefits of a Data-Driven JourneyBusiness Intelligence: Realizing the Benefits of a Data-Driven Journey
Business Intelligence: Realizing the Benefits of a Data-Driven JourneyRob Williams
 

What's hot (20)

SAP Security – Dealing with the Internal Threat of Working from Home
SAP Security – Dealing with the Internal Threat of Working from HomeSAP Security – Dealing with the Internal Threat of Working from Home
SAP Security – Dealing with the Internal Threat of Working from Home
 
The Roadmap to Becoming a Top Performing Organization in Managing IT Operations
The Roadmap to Becoming a Top Performing Organization in Managing IT OperationsThe Roadmap to Becoming a Top Performing Organization in Managing IT Operations
The Roadmap to Becoming a Top Performing Organization in Managing IT Operations
 
The Changing Data Quality & Data Governance Landscape
The Changing Data Quality & Data Governance LandscapeThe Changing Data Quality & Data Governance Landscape
The Changing Data Quality & Data Governance Landscape
 
IBM Software Capabilities
IBM Software CapabilitiesIBM Software Capabilities
IBM Software Capabilities
 
Petronas Project Oversight and Corporate Governance System Requirements
Petronas Project Oversight and Corporate Governance System RequirementsPetronas Project Oversight and Corporate Governance System Requirements
Petronas Project Oversight and Corporate Governance System Requirements
 
IS Audits and Internal Controls
IS Audits and Internal ControlsIS Audits and Internal Controls
IS Audits and Internal Controls
 
Insurance rating software market
Insurance rating software marketInsurance rating software market
Insurance rating software market
 
BPM in Healthcare
BPM in HealthcareBPM in Healthcare
BPM in Healthcare
 
Cyber fraud and Security - What risks does family office's face in today's wo...
Cyber fraud and Security - What risks does family office's face in today's wo...Cyber fraud and Security - What risks does family office's face in today's wo...
Cyber fraud and Security - What risks does family office's face in today's wo...
 
IT Service Management (ITSM) Model for Business & IT Alignement
IT Service Management (ITSM) Model for Business & IT AlignementIT Service Management (ITSM) Model for Business & IT Alignement
IT Service Management (ITSM) Model for Business & IT Alignement
 
Capgemini Consulting Claims Ops Model Alignment Program 3 13 2015
Capgemini Consulting Claims Ops Model Alignment Program 3 13 2015Capgemini Consulting Claims Ops Model Alignment Program 3 13 2015
Capgemini Consulting Claims Ops Model Alignment Program 3 13 2015
 
Case study presentation
Case study presentationCase study presentation
Case study presentation
 
BCBS Information Article By Mike Gowlett
BCBS Information Article By Mike GowlettBCBS Information Article By Mike Gowlett
BCBS Information Article By Mike Gowlett
 
BPM implementation in Healthcare
BPM implementation in HealthcareBPM implementation in Healthcare
BPM implementation in Healthcare
 
BMC Discovery IDC Research Study 470 ROI in 5 Years
BMC Discovery IDC Research Study 470 ROI in 5 YearsBMC Discovery IDC Research Study 470 ROI in 5 Years
BMC Discovery IDC Research Study 470 ROI in 5 Years
 
Identity Management: Risk Across The Enterprise
Identity Management: Risk Across The EnterpriseIdentity Management: Risk Across The Enterprise
Identity Management: Risk Across The Enterprise
 
Data analytics 2 analytics in the audit slides
Data analytics 2 analytics in the audit slides Data analytics 2 analytics in the audit slides
Data analytics 2 analytics in the audit slides
 
Dit yvol5iss37
Dit yvol5iss37Dit yvol5iss37
Dit yvol5iss37
 
The Architecture for Rapid Decisions
The Architecture for Rapid DecisionsThe Architecture for Rapid Decisions
The Architecture for Rapid Decisions
 
Business Intelligence: Realizing the Benefits of a Data-Driven Journey
Business Intelligence: Realizing the Benefits of a Data-Driven JourneyBusiness Intelligence: Realizing the Benefits of a Data-Driven Journey
Business Intelligence: Realizing the Benefits of a Data-Driven Journey
 

Viewers also liked

教導感恩 愛
教導感恩 愛教導感恩 愛
教導感恩 愛hsu16868
 
081712 isaca-atl-auditing sap-grc
081712 isaca-atl-auditing sap-grc081712 isaca-atl-auditing sap-grc
081712 isaca-atl-auditing sap-grchkodali
 
GRC Governance, Risk mgmt. & Compliance Executive
GRC Governance, Risk mgmt. & Compliance ExecutiveGRC Governance, Risk mgmt. & Compliance Executive
GRC Governance, Risk mgmt. & Compliance ExecutiveMax Neira Schliemann
 
Sap grc process control 10.0
Sap grc process control 10.0Sap grc process control 10.0
Sap grc process control 10.0Latha Kamal
 
Benchmark et méthode GRC agest MOPA GRC 31 mars 2016
Benchmark et méthode GRC agest MOPA GRC 31 mars 2016Benchmark et méthode GRC agest MOPA GRC 31 mars 2016
Benchmark et méthode GRC agest MOPA GRC 31 mars 2016MONA
 
Sap GRC Basic Information | GRC 12 online training
Sap GRC Basic Information | GRC 12 online trainingSap GRC Basic Information | GRC 12 online training
Sap GRC Basic Information | GRC 12 online traininggrconlinetraining
 
Introduction to SAP Security
Introduction to SAP SecurityIntroduction to SAP Security
Introduction to SAP SecurityNasir Gondal
 
Grc 10 training
Grc 10 trainingGrc 10 training
Grc 10 trainingsuresh
 
SAP GRC 10 Access Control
SAP GRC 10 Access ControlSAP GRC 10 Access Control
SAP GRC 10 Access ControlNasir Gondal
 

Viewers also liked (12)

教導感恩 愛
教導感恩 愛教導感恩 愛
教導感恩 愛
 
081712 isaca-atl-auditing sap-grc
081712 isaca-atl-auditing sap-grc081712 isaca-atl-auditing sap-grc
081712 isaca-atl-auditing sap-grc
 
GRC Governance, Risk mgmt. & Compliance Executive
GRC Governance, Risk mgmt. & Compliance ExecutiveGRC Governance, Risk mgmt. & Compliance Executive
GRC Governance, Risk mgmt. & Compliance Executive
 
Sap grc process control 10.0
Sap grc process control 10.0Sap grc process control 10.0
Sap grc process control 10.0
 
GRC
GRCGRC
GRC
 
Benchmark et méthode GRC agest MOPA GRC 31 mars 2016
Benchmark et méthode GRC agest MOPA GRC 31 mars 2016Benchmark et méthode GRC agest MOPA GRC 31 mars 2016
Benchmark et méthode GRC agest MOPA GRC 31 mars 2016
 
Sap GRC Basic Information | GRC 12 online training
Sap GRC Basic Information | GRC 12 online trainingSap GRC Basic Information | GRC 12 online training
Sap GRC Basic Information | GRC 12 online training
 
SAP grc
SAP grc SAP grc
SAP grc
 
Introduction to SAP Security
Introduction to SAP SecurityIntroduction to SAP Security
Introduction to SAP Security
 
SAP SECURITY GRC
SAP SECURITY GRCSAP SECURITY GRC
SAP SECURITY GRC
 
Grc 10 training
Grc 10 trainingGrc 10 training
Grc 10 training
 
SAP GRC 10 Access Control
SAP GRC 10 Access ControlSAP GRC 10 Access Control
SAP GRC 10 Access Control
 

Similar to Maclear’s IT GRC Tools – Key Issues and Trends

It and business risk alignment guide
It and business risk alignment guideIt and business risk alignment guide
It and business risk alignment guideAstalapulosListestos
 
TrustedAgent GRC for Public Sector
TrustedAgent GRC for Public SectorTrustedAgent GRC for Public Sector
TrustedAgent GRC for Public SectorTri Phan
 
TrustedAgent GRC for Public Sector
TrustedAgent GRC for Public SectorTrustedAgent GRC for Public Sector
TrustedAgent GRC for Public SectorTuan Phan
 
IT Risk assessment and Audit Planning
IT Risk assessment and Audit PlanningIT Risk assessment and Audit Planning
IT Risk assessment and Audit Planninggoreankush1
 
Power your businesswith risk informed decisions
Power your businesswith risk informed decisionsPower your businesswith risk informed decisions
Power your businesswith risk informed decisionsAlireza Ghahrood
 
Big data governance as a corporate governance imperative
Big data governance as a corporate governance imperativeBig data governance as a corporate governance imperative
Big data governance as a corporate governance imperativeGuy Pearce
 
CML Group GRCaaS Dashboard
CML Group GRCaaS Dashboard CML Group GRCaaS Dashboard
CML Group GRCaaS Dashboard Jim Robins
 
CMLGroup - What is GRC?
CMLGroup - What is GRC?CMLGroup - What is GRC?
CMLGroup - What is GRC?CML Group
 
SDM Presentation V1.0
SDM Presentation V1.0SDM Presentation V1.0
SDM Presentation V1.0KirSinc
 
Is Your Agency Data Challenged?
Is Your Agency Data Challenged?Is Your Agency Data Challenged?
Is Your Agency Data Challenged?DLT Solutions
 
Governance Risk and Compliance for SAP
Governance Risk and Compliance for SAPGovernance Risk and Compliance for SAP
Governance Risk and Compliance for SAPPECB
 
Information Security Program & PCI Compliance Planning for your Business
Information Security Program & PCI Compliance Planning for your BusinessInformation Security Program & PCI Compliance Planning for your Business
Information Security Program & PCI Compliance Planning for your BusinessLaura Perry
 
A Case Study Explored: Increase Effectiveness While Lowering Operational Cost...
A Case Study Explored: Increase Effectiveness While Lowering Operational Cost...A Case Study Explored: Increase Effectiveness While Lowering Operational Cost...
A Case Study Explored: Increase Effectiveness While Lowering Operational Cost...TraceSecurity
 

Similar to Maclear’s IT GRC Tools – Key Issues and Trends (20)

Risk Product.pptx
Risk Product.pptxRisk Product.pptx
Risk Product.pptx
 
It and business risk alignment guide
It and business risk alignment guideIt and business risk alignment guide
It and business risk alignment guide
 
TrustedAgent GRC for Public Sector
TrustedAgent GRC for Public SectorTrustedAgent GRC for Public Sector
TrustedAgent GRC for Public Sector
 
TrustedAgent GRC for Public Sector
TrustedAgent GRC for Public SectorTrustedAgent GRC for Public Sector
TrustedAgent GRC for Public Sector
 
IT Risk assessment and Audit Planning
IT Risk assessment and Audit PlanningIT Risk assessment and Audit Planning
IT Risk assessment and Audit Planning
 
Power your businesswith risk informed decisions
Power your businesswith risk informed decisionsPower your businesswith risk informed decisions
Power your businesswith risk informed decisions
 
Big data governance as a corporate governance imperative
Big data governance as a corporate governance imperativeBig data governance as a corporate governance imperative
Big data governance as a corporate governance imperative
 
SLVA - Developing an IT GRC Strategy
SLVA - Developing an IT GRC StrategySLVA - Developing an IT GRC Strategy
SLVA - Developing an IT GRC Strategy
 
Government and SOX Compliance for ERP Systems
Government and SOX Compliance for ERP SystemsGovernment and SOX Compliance for ERP Systems
Government and SOX Compliance for ERP Systems
 
CML Group GRCaaS Dashboard
CML Group GRCaaS Dashboard CML Group GRCaaS Dashboard
CML Group GRCaaS Dashboard
 
it grc
it grc it grc
it grc
 
task 1
task 1task 1
task 1
 
CMLGroup - What is GRC?
CMLGroup - What is GRC?CMLGroup - What is GRC?
CMLGroup - What is GRC?
 
Concept of Governance - Management of Operational Risk for IT Officers/Execut...
Concept of Governance - Management of Operational Risk for IT Officers/Execut...Concept of Governance - Management of Operational Risk for IT Officers/Execut...
Concept of Governance - Management of Operational Risk for IT Officers/Execut...
 
SDM Presentation V1.0
SDM Presentation V1.0SDM Presentation V1.0
SDM Presentation V1.0
 
GRC– The Way Forward
GRC– The Way ForwardGRC– The Way Forward
GRC– The Way Forward
 
Is Your Agency Data Challenged?
Is Your Agency Data Challenged?Is Your Agency Data Challenged?
Is Your Agency Data Challenged?
 
Governance Risk and Compliance for SAP
Governance Risk and Compliance for SAPGovernance Risk and Compliance for SAP
Governance Risk and Compliance for SAP
 
Information Security Program & PCI Compliance Planning for your Business
Information Security Program & PCI Compliance Planning for your BusinessInformation Security Program & PCI Compliance Planning for your Business
Information Security Program & PCI Compliance Planning for your Business
 
A Case Study Explored: Increase Effectiveness While Lowering Operational Cost...
A Case Study Explored: Increase Effectiveness While Lowering Operational Cost...A Case Study Explored: Increase Effectiveness While Lowering Operational Cost...
A Case Study Explored: Increase Effectiveness While Lowering Operational Cost...
 

Recently uploaded

Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...ictsugar
 
Ten Organizational Design Models to align structure and operations to busines...
Ten Organizational Design Models to align structure and operations to busines...Ten Organizational Design Models to align structure and operations to busines...
Ten Organizational Design Models to align structure and operations to busines...Seta Wicaksana
 
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdfNewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdfKhaled Al Awadi
 
Lean: From Theory to Practice — One City’s (and Library’s) Lean Story… Abridged
Lean: From Theory to Practice — One City’s (and Library’s) Lean Story… AbridgedLean: From Theory to Practice — One City’s (and Library’s) Lean Story… Abridged
Lean: From Theory to Practice — One City’s (and Library’s) Lean Story… AbridgedKaiNexus
 
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607dollysharma2066
 
Kenya’s Coconut Value Chain by Gatsby Africa
Kenya’s Coconut Value Chain by Gatsby AfricaKenya’s Coconut Value Chain by Gatsby Africa
Kenya’s Coconut Value Chain by Gatsby Africaictsugar
 
Independent Call Girls Andheri Nightlaila 9967584737
Independent Call Girls Andheri Nightlaila 9967584737Independent Call Girls Andheri Nightlaila 9967584737
Independent Call Girls Andheri Nightlaila 9967584737Riya Pathan
 
Marketing Management Business Plan_My Sweet Creations
Marketing Management Business Plan_My Sweet CreationsMarketing Management Business Plan_My Sweet Creations
Marketing Management Business Plan_My Sweet Creationsnakalysalcedo61
 
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
8447779800, Low rate Call girls in Uttam Nagar Delhi NCRashishs7044
 
Organizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessOrganizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessSeta Wicaksana
 
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCRashishs7044
 
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,noida100girls
 
India Consumer 2024 Redacted Sample Report
India Consumer 2024 Redacted Sample ReportIndia Consumer 2024 Redacted Sample Report
India Consumer 2024 Redacted Sample ReportMintel Group
 
Islamabad Escorts | Call 03274100048 | Escort Service in Islamabad
Islamabad Escorts | Call 03274100048 | Escort Service in IslamabadIslamabad Escorts | Call 03274100048 | Escort Service in Islamabad
Islamabad Escorts | Call 03274100048 | Escort Service in IslamabadAyesha Khan
 
Market Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 EditionMarket Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 EditionMintel Group
 
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCRashishs7044
 
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort ServiceCall US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Servicecallgirls2057
 
The CMO Survey - Highlights and Insights Report - Spring 2024
The CMO Survey - Highlights and Insights Report - Spring 2024The CMO Survey - Highlights and Insights Report - Spring 2024
The CMO Survey - Highlights and Insights Report - Spring 2024christinemoorman
 
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City GurgaonCall Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaoncallgirls2057
 

Recently uploaded (20)

Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
 
Ten Organizational Design Models to align structure and operations to busines...
Ten Organizational Design Models to align structure and operations to busines...Ten Organizational Design Models to align structure and operations to busines...
Ten Organizational Design Models to align structure and operations to busines...
 
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdfNewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
 
Lean: From Theory to Practice — One City’s (and Library’s) Lean Story… Abridged
Lean: From Theory to Practice — One City’s (and Library’s) Lean Story… AbridgedLean: From Theory to Practice — One City’s (and Library’s) Lean Story… Abridged
Lean: From Theory to Practice — One City’s (and Library’s) Lean Story… Abridged
 
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
 
Kenya’s Coconut Value Chain by Gatsby Africa
Kenya’s Coconut Value Chain by Gatsby AfricaKenya’s Coconut Value Chain by Gatsby Africa
Kenya’s Coconut Value Chain by Gatsby Africa
 
Independent Call Girls Andheri Nightlaila 9967584737
Independent Call Girls Andheri Nightlaila 9967584737Independent Call Girls Andheri Nightlaila 9967584737
Independent Call Girls Andheri Nightlaila 9967584737
 
Marketing Management Business Plan_My Sweet Creations
Marketing Management Business Plan_My Sweet CreationsMarketing Management Business Plan_My Sweet Creations
Marketing Management Business Plan_My Sweet Creations
 
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
 
Organizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessOrganizational Structure Running A Successful Business
Organizational Structure Running A Successful Business
 
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
 
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
 
India Consumer 2024 Redacted Sample Report
India Consumer 2024 Redacted Sample ReportIndia Consumer 2024 Redacted Sample Report
India Consumer 2024 Redacted Sample Report
 
Islamabad Escorts | Call 03274100048 | Escort Service in Islamabad
Islamabad Escorts | Call 03274100048 | Escort Service in IslamabadIslamabad Escorts | Call 03274100048 | Escort Service in Islamabad
Islamabad Escorts | Call 03274100048 | Escort Service in Islamabad
 
Market Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 EditionMarket Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 Edition
 
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
 
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort ServiceCall US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
 
The CMO Survey - Highlights and Insights Report - Spring 2024
The CMO Survey - Highlights and Insights Report - Spring 2024The CMO Survey - Highlights and Insights Report - Spring 2024
The CMO Survey - Highlights and Insights Report - Spring 2024
 
Corporate Profile 47Billion Information Technology
Corporate Profile 47Billion Information TechnologyCorporate Profile 47Billion Information Technology
Corporate Profile 47Billion Information Technology
 
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City GurgaonCall Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaon
 

Maclear’s IT GRC Tools – Key Issues and Trends

  • 2. Introduction IT GRC Landscape IT GRC Tools - Key Issues & Trends Key Challenges Benefits of Integrating IT GRC IT Risk Management Framework IT GRC Solution IT GRC Solution - Key Features IT GRC Framework - Implementation 360 Degree of Risk Aggregating across IT and Security Ecosystem Sustainability and Best Practices for Deploying IT GRC IT GRC Automation Conclusion 3 3 4 4 5 6 7 7 8 8 9 9 10 10 CONTENTS
  • 3. IT GRC INTRODUCTION IT GRC LANDSCAPE 2013, already being referred to as the “Year of Data Leaks”, witnessed a total of 2164 separate cases of data breaches which exposed over 822 million records. Hacking accounted for almost 60% of incidents, and over 70% of leaked records. A report by Symantec put the average cost of data breaches in 2013 between $1.1 million on the lowest end and $5.4 million on the highest. When we consider that data security breach is just one of the many threats facing an organization, the business impact estimate of security breaches, regulatory non-compliance and lack of effective governance is staggering. The modern organization operates in a complex high risk environment. At one level, it is affected by macro changes in the environment such as economic downturns, political instability and disasters. At the other level it has to contend with unprecedented volumes of data, ensure data security and effective data validation amidst increasing consumerization of IT, digital convergence and ever changing compliance regulations. Organizations today are under tremendous pressure to ensure optimum governance, operational transparency and effective risk management while maintaining profitability and competitive edge. This necessitates a comprehensive focus on IT GRC with state of the art technology enabled solutions to create and manage the necessary governance frameworks. This whitepaper focuses on the ways in which IT GRC can be implemented, its best practices and key benefits for an organization. Technology enablement has been at the forefront of paradigm shifts in the GRC space over the last few years. It has been proven beyond doubt now that organizations that use technology to enable their GRC processes have significant advantages over others. Some of these are the potential to reduce the cost of risk management, enhance compliance and audit controls and processes, and streamline reporting and analytics, and better risk management. It is, however, important to note the key issues that are faced by IT GRC and some of the recent trends in this space. 3
  • 4. IT GRC TOOLS - KEY ISSUES & TRENDS KEY CHALLENGES ISSUES TRENDS • Non‐standard definition of GRC across industries - unstable future state and ability to define requirements • Multiple and increasingly complex regulatory environments • Legacy GRC systems are application-specific. Vendors find dificulty in generalizing their product or find alternate uses • Lack of maturity of the enterprise GRC solutions to handle complex organization structures and data flows • Lack of visualization and advanced dashboarding • Lack of Analytics capabilities • Issues with gaining real-time data feeds across disparate sources • More often than not GRC initiatives are not driven from the top layers of leadership • Rapid growth of GRC solutions with organizations realising need for robust risk management frameworks • Increasing technology enablement of GRC processes within the organization • Entrance of many top technology companies in the GRC space including acquisitions and alliances • Focus on performing advanced analytics and Business Intelligence in the GRC space • Adoption of web-based solutions for GRC products which are easily accessible and maintained • Increasing use of Business Process Mangament (BPM) for GRC processes • Robust testing mechanisms of GRC solutions incuding continuous monitoring With the IT enterprise generating unprecedented volumes of data, the biggest challenge before CIOs is the effective management and analysis of information to aid the business without compromising data security. On an average, at least one third of the information generated by an enterprise needs to be assessed for risk and compliance. At the same time, organizations need relevant information delivered at the right time to the right people in order to not only leverage customer insights but also maintain and deepen the organization’s edge over competition in the market. To leverage big data effectively and securely poses significant operational challenges in terms of IT infrastructure, governance, risk management, data quality and compliance, especially when departments work in silos. Evolving technologies like mobility, BYOD, cloud computing, machine to machine communication, connected devices and trends like social media add to the CIOs GRC challenge. There is a need to extend GRC processes to newer technologies and devices and services used by employees and the business as a whole. In fact, most CIOs today want to work towards integrating risk and compliance awareness into regular employee communication to ensure maximum data security and regulatory compliance. At the same time, organizations need to evaluate and assess the effectiveness of data security measures. 4
  • 5. BENEFITS OF INTEGRATING IT GRC The biggest question in context of a technology enabled IT GRC solution is about the benefits that it can bring to the organization. Given the elaborate and complex implementation and deployment process of IT GRC it is important to have a clear view of the benefits offered by the IT GRC solution: The IT GRC solution benefit analysis can also be approached from a different angle, namely, quantitative or qualitative benefits: REDUCED RISK LOWER ONGOING COSTS QUANTITATIVE BENEFITS IMMEDIATE ROI BETTER BUSINESS DECISIONS QUALITATIVE BENEFITS • Ongoing risk detection and assessment • Enhanced risk mitigation • Assured compliance • Reduced number of IT controls • Lower headcount requirements • Reduction in audit and external fees • Lower IT costs • Tight control over recommendations and action plans - process and resources • Focus risk, compliance, audit and functional resources on highest risk or opportunities • Closed loop management of issues, findings, remediation and action plans • Greater ROI for fees for external auditors and consultants • Lower risk of non-compliance based on audit finding and observations • Compliance and Controls • Risk and Losses • Reputation Management • Revenue Management • Visibility • Transparency • Strategic Value • Increase risk & compliance management efficiency and effectiveness • Drive year over year performance through continuous improvements • Greater cross-organizational visibility for risk issues and compliance deficiencies • Corporate culture stressing higher compliance awareness – reduce the need for mitigation and remediation • Build shareholder value through better auditing and compliance practices 5
  • 6. IT RISK MANAGEMENT FRAMEWORK IT risk management practices are deep-rooted in the organization Analyze riskManage risk Business Objectives Risk EvaluationRisk Response IT related risk and opportunities are proactively identified, analyzed and presented in business terminology IT related risk issues, handled in a cost effective manner and aligned to business priorities Maintain risk profile React to events Collect data Articulate risk Integrate with ERMEstablish and maintain Make risk-aware RISK GOVERNANCE 6
  • 7. IT GRC SOLUTION IT GRC SOLUTION - KEY FEATURES An advanced and comprehensive enterprise level IT GRC software solution can enable streamlining IT GRC processes, effectively managing risk, and meeting regulatory requirements. The solution enables companies to implement a formal framework to rigorously measure, mitigate, and monitor risks. It also simplifies and reduces the cost of compliance with many regulations governing data retention, privacy, confidential information, financial accountability, and recovery from disasters. Business Functions - Integrates various business functions such as IT governance, policy management, risk management, compliance management, audit management, and incident management Governance Frameworks - Create, measure, monitor, and manage IT governance programs based on control frameworks like COBIT, ISO 27001, NIST, and ITIL Compliance Requirements - Access to various compliance requirements like, FFIEC, PCI, FISMA, GLBA, HIPAA, NIST, and many others Threat Management - Standardized Investigation Processes to address organization level global security threats Workflow - Enables an automated and workflow driven approach to managing, communicating and implementing IT policies and procedures across the enterprise Process Management - Provides a mechanism for managing IT surveys, certifications, self-assessments, and audits IT Audit Management - streamline and strengthen the entire life cycle of audit management by helping to understand, measure, analyze and improve the organization’s functions and processes Documentation - Provides a centralized solution for storing documents related to IT risks, mitigation plans, questionnaires, checklists, assets, defining controls, and risk assessments Risk & Issue Management - Provides a robust issue management system for capturing and tracking IT issues, incidents, and threats as well as implementing corrective and preventive actions (CAPA) KRIs - Provides well defined key risk indicators with scope for customizations, assessment results, and compliance initiatives Reporting - Provides dashboarding and integrated reporting capabilities including self-assessments, manual assessments, and automated control mechanisms. In built data analytics and IT GRC intelligence capabilities 7
  • 8. IT GRC FRAMEWORK - IMPLEMENTATION 360 DEGREE OF RISK There are two strategies that an organization can take when implementing an IT GRC framework. These are (1) Obtaining a 360 degree view of Enterprise Risk, and (2) Aggregating across the IT and Security Ecosystems in the organization. What is the likely loss of magnitude? Business Impact Risk Appetite VulnerabilitiesThreats What is the threat landscape? What is our appetite and how does that translate into thresholds? How are we vulnerable? • Ultimate Objective: Risk Intelligence - right metrics for better business performance through active governance • Threat, Vulnerability, Risk, mean different things to different stakeholders - common model and taxonomy • Threat Intelligence, Incident Response and Crisis Management - integrated, agile processes to protect against advanced, persistent threats and complex attacks • Information Security Eco-system is orthogonal to IT - embedded in the business process • Governance, Risk and Compliance Management - single repository for analytics and one version of the truth 8
  • 9. AGGREGATING ACROSS IT AND SECURITY ECOSYSTEM SUSTAINABILITY AND BEST PRACTICES FOR DEPLOYING IT GRC • Leverage a common GRC platform, with an asset inventory, risk and control framework and nomenclature • Integrate with Security and IT monitoring systems – provide business context for security and IT • Leverage Heat maps, KRIs, KPIs for decision support and business intelligence • Use customized automated notifications when thresholds are breached • Integrate tests and exercises with Business Continuity and Disaster Recovery programs • Streamline risk management – single information model, cross-functional collaboration, multi-dimensional risk assessments Automation of IT GRC processes is a must have item on most CIO wish lists today. While implementing IT GRC solutions it is crucial to remember no solution can be truly effective without the right monitoring systems. A comprehensive overview of the objectives for IT GRC automation, coupled with the expected deliverables and benefits against which to evaluate performance, is an effective way of implementing a sustainable cutting edge IT GRC platform. 9
  • 10. IT GRC AUTOMATION CONCLUSION With an automated IT GRC platform organizations can not only do away with redundancies but also reduce manual efforts and thereby minimize the room for human error. It important to have a clear picture of the desired deliverables and the expected benefits of such an automated solution: That the modern organization faces multiple serious threats from different quarters is an unarguable fact of business today. As risk and compliance complexities evolve and increase, it will be impossible for CIOs to ensure seamless foolproof GRC processes unless they actively adopt a technology leadership position. A solution which integrates various systems, documents risk needs and applicable remediation strategies, allows real-time data ingestion and issue tracking mechanisms. There is no denying that such a solution can not only serve the IT GRC needs of an organization efficiently, but also reduce costs and help drive risk-driven business decision-making. • Definition of a target framework to be implemented within the selected groups for both functional and IT departments • Definition of the stepwise transformation roadmap • Definition of a consistent target framework (process, system and norms) ensuring data quality and coherence of indicators throughout the group • Reduced non productive time periods and optimized the operational efficiency • Substantial contribution to strategic targets and concentration on core business • Risks and cost reduction; controls and response time improvements • Improvement of overall data integrity homogeneity and availability • Substantial reduction of production & reporting cycle times and costs DELIVERABLES BENEFITS 10
  • 11. CONTACT Visit: www.maclear-grc.com Email: info@maclear-grc.com USA: +1 630 839 9214 UK: +44 203 006 2558 ABOUT US Maclear specializes in enterprise governance, risk and compliance (eGRC) solutions. Our core capabilities cover roadmap design, solutions scoping, design & implementation, training & awareness and solutions support. Our integrated holistic approach to eGRC helps drive efficiency, effectiveness and agility for our clients by minimizing risk and compliance threats, enabling process improvement, fostering collaboration and facilitating automation. Our client base spans industries including banking, financial services, insurance, healthcare, retail, manufacturing, education and energy. As a fast growing company, we have earned a reputation of delivering outstanding value to our clients through delivery of exceptional eGRC solutions and services. About the Author Ketan Dholakia (Co-founder) Americas & APACJ Ketan Dholakia is a global IT executive with in-depth knowledge of IT services and operations with 20+ years of experience establishing security and risk management solution. Ketan’s professional services expertise and extensive experience working with large and mid-tiered multi-national corporations has established him as leader in the GRC arena. Prior to Maclear, Ketan led senior teams for Schlaumburger, GTS, Zurich Financial Services, Adams Harris and Archer Technologies.