1© 2016, all rights reserved, www.GRC2020.com
WEBINAR
Mitigate Risk with
Better Plan Execution and
Organizational Alignment
SUPPLY CHAIN PLANS
SALES DEVELOPMENT PLANSCERTIFICATION PROGRAMS
SERVICE PERFORMANCE
RISK MANAGEMENT
STRATEGY EXECUTION
NEW PRODUCT LAUNCHES
SERVICE LINE PLANS
COMPLIANCE ADHERENCE
MERGERS & ACQUISITIONS
OPERATIONAL EXCELLENCE
PROCESS WORK FLOWS
2
3
Meet the Speakers
Michael Rasmussen, GRC 20/20 Research
Michael Rasmussen is an internationally recognized pundit on governance, risk management and
compliance (GRC) – with specific expertise on the topics of enterprise GRC, GRC technology,
corporate compliance and policy management. With 22+ years of experience, Michael helps
organizations improve GRC processes, design and implement GRC architecture and select
technologies that are effective, efficient and agile. He is a sought-after keynote speaker, author
and advisor and is noted as the “Father of GRC” — being the first to define and model the GRC
market in February 2002 while at Forrester.
Michael Rasmussen
Speaker
Joe Krause
Moderator
Joe Krause, AchieveIt
Joe is responsible for empowering AchieveIt clients to execute their plans. With a consultative
strategic planning background, Joe has worked with clients to execute over 1000 strategic,
operational, and project plans. Throughout his four year tenure at AchieveIt, Joe has
experienced, first-hand, the pitfalls organizations experience during the execution phase of their
strategic planning processes and is passionate about helping teams drive toward successful
business outcomes.
4
A Couple of Housekeeping Notes
Slides will be sent via email in 1-2 days
Recording link will be available on demand
There are dial-in only participants
Type in the Questions Panel
Share on Twitter @GoAchieveIt
5© 2016, all rights reserved, www.GRC2020.com
WEBINAR
Mitigate Risk with
Better Plan Execution and
Organizational Alignment
Mitigate Risk with Better Plan Execution & Organizational Alignment
Effective, Efficient & Agile Strategy & Risk Management Program
October 2017
Michael Rasmussen, J.D., GRCP, CCEP
The GRC Pundit @ GRC 20/20 Research, LLC
OCEG Fellow @ www.OCEG.org
7© 2016, all rights reserved, www.GRC2020.com
Never in all history have
we harnessed such
formidable technology.
Every scientific
advancement known to
man has been incorporated
into its design. The
operational controls are
sound and foolproof!
E.J. Smith,
Captain of the Titanic
Are you truly aware of your risks?
8© 2016, all rights reserved, www.GRC2020.com
The Chaos of Compliance Interconnectedness
Realize that everything connects to everything else.
Leonardo da Vinci
9© 2016, all rights reserved, www.GRC2020.com
Change is the Greatest Challenge Impacting Risk Management
10© 2016, all rights reserved, www.GRC2020.com
➢ Inability to gain clear view of risk
dependencies;
➢ High cost of consolidating risk information;
➢ Difficulty maintaining accurate risk information;
➢ Failure to trend across risk assessment periods;
➢ Redundant approaches limit correlation,
comparison and integration of risk information;
and
➢ Lack of agility to respond timely to changing
risks, regulations, laws, and situations.
. . . and we hope nothing fails
11© 2016, all rights reserved, www.GRC2020.com
The Organization Has to be Able to See . . .
 The Tree. The individual area of risk
 The Forest. The interconnectedness of risks
12© 2016, all rights reserved, www.GRC2020.com
Risk is like fire: If
controlled it will help you;
if uncontrolled it will rise
up and destroy you.
Theodore Roosevelt
Success Requires Risk Taking, But Risk Must Be Managed
13© 2016, all rights reserved, www.GRC2020.com
What it is about . . .
14© 2016, all rights reserved, www.GRC2020.com
Titelmasterformat durch Klicken bearbeiten
GRC is the integrated collection of capabilities
that enable an organization to:
G) reliably achieve objectives
R) while addressing uncertainty and
C) acting with integrity.
SOURCE: OCEG GRC Capability Model
Risk management is the core of GRC . . .
15© 2016, all rights reserved, www.GRC2020.com
The questions organizations need to ask:The questions organizations need to ask:
ü Does the organization have enough information to make decisions about the future
of the company, when they don’t have a clear view of risk that impacts critical
business operations and processes?
ü Does the organization know its risk exposure at the enterprise, business process,
and technology levels and how they interrelate?
ü How does the organization know it is managing and mitigating risk effe
c
tivel y in
the context of the business to achieve business goals?
ü Can the organization accurately gauge the impact of risk on business strategy ,
objectives, and operations?
ü Does the organization get the information it needs to tak e timely action to risk
exposure to avoid or mitigate loss and situations of non-compliance?
ü Does the organization monitor key risk indicators across key IT systems, processes,
and information?
ü Does the organization optimally measure and model risk in a business context?
16© 2016, all rights reserved, www.GRC2020.com
Defense in Depth: Layers of Defense
17© 2016, all rights reserved, www.GRC2020.com
Risk Management Collaboration:
Providing Collaboration on Risk Management Across the Organization
18© 2016, all rights reserved, www.GRC2020.com
Risk Management: a Top Down Approach
Risk Management Strategy
Risk Management Technology
Risk Management Information
Risk Management Process
19© 2016, all rights reserved, www.GRC2020.com
Risk Management Information Architecture Provides 360° Contextual Intelligence
Strategic
Financial
Operational
Preventive
Corrective
Detective
Complaint
Investigation
Event
Strategic
Process
Department
Regulatory
Values
Contractual
Code of Conduct
Training & Awareness
Policies & Procedures
Owner
Employee
Subject Matter Expert
Controls
Risks
Issues
Roles
Objectives
Policies
Obligations
Organization
Entity
Asset
Process
20© 2016, all rights reserved, www.GRC2020.com
ISO 31000:2009 Risk Management
Risk
Assessment
✓ Creates value
✓ Integral part of organizational processes
✓ Part of decision making
✓ Explicitly addresses uncertainty
✓ Systematic, structured and timely
✓ Based on the best available information
✓ Tailored
✓ Takes human and cultural factors into account
✓ Transparent and inclusive
✓ Dynamic, iterative and responsive to change
✓ Facilitates continual improvement and
enhancement of the organization
Design of
Framework for
Managing Risk
Implementing
Risk
Management
Monitoring &
Review of the
Framework
Continual
Improvement
of the
Framework
Communicate&Consultation
Monitoring&Review
Establishing the
Context
Risk Treatment
Risk Identification
Risk Analysis
Risk Evaluation
Mandate and
Commitment
1) Risk Management Principles 2) Risk Management Framework 3) Risk Management Process
21© 2016, all rights reserved, www.GRC2020.com
Risk Detail Capability
Risk Name: Risk Status:
Green
Reporting Period: Subject Matter Expert:
Risk Team:
Risk Description
Control Environment Evaluation to Mitigate Risk
ControlledOver-Controlled Under-ControlledNeed Fewer Controls Need More Controls
Concerns Regarding Current Control Environment
Emerging Risks / Events That Could Change Assessment of Risk
Mitigation Activities Deadline Status
Emerging Risk Mitigation Activities Deadline Status
22© 2016, all rights reserved, www.GRC2020.com
Risk Detail Capability, continued
Related Objectives
Related Assets
Related Risks
Related Processes
Risk Scenarios (Types of Events That Could Cause Loss)
Scenario Impact Likelihood Velocity Management Systems
History of Risk Events (Losses)
Event Description When Impact ($)
23© 2016, all rights reserved, www.GRC2020.com
Risk Detail Capability, continued
Post-Mitigation Risk Assessment (Residual Risk)
Impact ($ MM)
Pre-Mitigation Risk Assessment (Inherent Risk)
Impact ($ MM)
Likelihood (%) Likelihood (%)
Velocity (Time to React) Velocity (Time to React)
Duration (Time to Recover) Duration (Time to Recover)
Management, Systems & Processes Management, Systems & Processes
24© 2016, all rights reserved, www.GRC2020.com
Risk Detail Capability, continued
Likelihood
low medium high
lowmediumhigh
Impact
Inherent
Risk
Residual
Risk
Risk Mitigation Actions
Key Risk Factors Monitored
Risk Acceptance
01.01.2015
Date Signature Risk Owner Signature Risk Expert
25© 2016, all rights reserved, www.GRC2020.com
Risk technology provides automation and tracking
COLLABORATIONAUDIT TRAIL ENFORCEMENT
MANAGEMENT REPORTING
WORKFLOW & TASKS
26© 2016, all rights reserved, www.GRC2020.com
360° Risk Contextual Analytics & Intelligence Capabilities
Integrated and
mapped together to
provide context
Analyzed to
understand relationships
Action Items
Distributed & Disconnected
Risk Data Points
27© 2016, all rights reserved, www.GRC2020.com
Risk Information Architecture Provides 360° Contextual Intelligence Capabilities
Strategic
Financial
Operational
Preventive
Corrective
Detective
Complaint
Investigation
Event
Strategic
Process
Department
Regulatory
Values
Contractual
Code of Conduct
Training & Awareness
Policies & Procedures
Owner
Employee
Subject Matter Expert
Controls
Risks
Issues
Roles
Objectives
Policies
Obligations
Organization
Entity
Asset
Process
28© 2016, all rights reserved, www.GRC2020.com
Mature GRC Capabilities Achieve the Following 10 Objectives. . .
1 Achieve Business Objectives
2
Ensure Risk Aware Setting of Objectives
and Strategic Planning
3 Enhance Organizational Culture
4 Increase Stakeholder Confidence
5 Prepare & Protect the Organization
6
Prevent, Detect, and Reduce Adversity
and Weaknesses
7 Motiviate & Inspire Desired Conduct
8 Stay Ahead of the Game
9 Improve Responsiveness & Efficiency
10 Optimize Economic Return & Value
29© 2016, all rights reserved, www.GRC2020.com
Current Level of GRC Integration Across Organization
1 The more integrated, the more consistent in how GRC needs are addressed in different areas of concern.
2 The more integrated, the more confident about management of risk and compliance.
3 The more integrated, the more confident about performance and ability to audit performance, risk and
compliance.
4 The more integrated, the more confident about having the right metrics to get clear views about
performance, risk and compliance.
5 The more integrated, the more business units feel they give the right amount of information to strategic
decision-makers and the board.
6 The more integrated, the more respondents select positive terms to describe metrics they use.
The Value of Integrated GRC
SOURCE: OCEG & GRC 20/20 2014 GRC Maturity Survey, data is
from 190 respondents from organizations with 500+
employees.
30© 2016, all rights reserved, www.GRC2020.com
1. Aware
✓ Have a finger on
the pulse of
business
✓ Watch for change
in internal &
external
environment
✓ Turn data into
information that
can be, and is,
analyzed
✓ Share information
in every relevant
direction
2. Aligned
✓ Support and inform
business objectives
✓ Continuously align
objectives and
operations to risk
of the entity
✓ Give strategic
consideration to
information from
risk management
enabling
appropriate change
Maturing Risk Culture Through 360° Contextual Risk Intelligence Delivers . . .
3. Responsive
✓ You can’t react to
something you
don’t sense
✓ Gain greater
awareness and
understanding of
information that
drives decisions
and actions
✓ Improve
transparency, but
also quickly cut
through the morass
of data to what you
need to know to
make the right
decisions
4. Agile
✓ More than fast,
nimble
✓ Being fast isn’t
helpful if you are
headed in the
wrong direction.
✓ Risk management
enables decisions
and actions that
are quick,
coordinated and
well thought out.
✓ Agility allows an
entity to use risk to
its advantage,
grasp strategic
opportunities and
be confident in its
ability to stay on
course.
5. Resilient
✓ Be able to bounce
back quickly from
changes in context
and threats with
limited business
impact
✓ Have sufficient
tolerances to allow
for some missteps
✓ Have confidence
necessary to
rapidly adapt and
respond to
opportunities
6. Lean
✓ Build the muscle,
trim the fat
✓ Get rid of expense
from unnecessary
duplication,
redundancy and
misallocation of
resources within
the risk
management
✓ Lean the
organization
overall with
enhanced
capability and
related decisions
about application
of resources
31© 2016, all rights reserved, www.GRC2020.com
Two Things to Note . . .
▪ Organizations evaluating or considering GRC
solutions are free to ask GRC 20/20 on our
understanding and comparison of solutions in
the market to meet your GRC requirements.
▪ Inquiries are single focused questions that can
be answered in under 30 minutes.
▪ Complimentary inquiry is only available to
organizations evaluating or considering GRC
solutions for their internal use.
Complimentary Inquiry
▪ GRC 20/20 has an extensive library of RFP
requirements across a range of GRC capability
areas presented in this presentation.
▪ GRC 20/20 can be engaged in RFP development
and support projects to streamline your process,
gain perspectives learned from other
organizations, and to keep solution providers
honest in their responses.
RFP Development & Support
Questions?
Michael Rasmussen, J.D.
The GRC Pundit & OCEG Fellow
mkras@grc2020.com
+1.888.365.4560
Some of the content we have evaluated is OCEG content which GRC 20/20 has an established relationship to use. Please do not copy slides or graphics
without permission. GRC 20/20 highly recommends you consider OCEG membership at www.OCEG.org.
GRC 20/20 Newsletter
LinkedIn: GRC 20/20
Blog: GRC Pundit
Twitter: GRCPundit
LinkedIn: Michael Rasmussen
33
A Couple of Housekeeping Notes
Slides and Recording will be sent via email in 1-2 days
Share on Twitter @GoAchieveIt
Type in the Questions Panel
to participate in our Q&A
34© 2016, all rights reserved, www.GRC2020.com
Solving the Challenges of
Strategy Execution
35
What Drives Execution?
MIDDLE MANAGEMENT
SENIOR LEADERSHIP
FRONT LINE EMPLOYEES
• Executive Dashboards
• Predictive Decision Making
• Board Reporting
• Identify Tasks with Overall Objectives
• Easy Reporting Updates
• Establish Relationship with Other
Initiatives
• Real-Time Information
• Big Picture and Detailed Views
• One Platform, No Manual Compilation
36
What Drives Execution?
4
DRIVERS
OF
EXECUTION
37
Visual Alignment
Qualitative Context
Big Picture Visibility
Streamlined Updates
Purpose-Built for Execution
Current Tools Don’t Enable Drivers
PURPOSE-BUILT
SOFTWARE
BEST-PRACTICE
EXPERTISE
HANDS-ON
GUIDANCE
Want to Know More?See it in action:
www.achieveit.com/demo
Q&A with Michael Rasmussen
Michael Rasmussen, Speaker
The GRC Pundit
GRC 20/20 Research
mkras@grc2020.com
+1.888.365.4560
Joe Krause, Moderator
Senior Strategy Consultant
AchieveIt
(800) 535-1559
jkrause@achieveit.com
Upcoming Events & Resources
Webinar >> 3 Proven Methods to Optimize Your 2018 Strategy and Goals through
Culture and Employee Engagement
Tuesday, November 7th at 1 pm ET
REGISTER:
https://www.achieveit.com/resources/webinars/
Follow us on Twitter @goachieveIt

Mitigate Risk with Better Plan Execution and Organizational Alignment

  • 1.
    1© 2016, allrights reserved, www.GRC2020.com WEBINAR Mitigate Risk with Better Plan Execution and Organizational Alignment
  • 2.
    SUPPLY CHAIN PLANS SALESDEVELOPMENT PLANSCERTIFICATION PROGRAMS SERVICE PERFORMANCE RISK MANAGEMENT STRATEGY EXECUTION NEW PRODUCT LAUNCHES SERVICE LINE PLANS COMPLIANCE ADHERENCE MERGERS & ACQUISITIONS OPERATIONAL EXCELLENCE PROCESS WORK FLOWS 2
  • 3.
    3 Meet the Speakers MichaelRasmussen, GRC 20/20 Research Michael Rasmussen is an internationally recognized pundit on governance, risk management and compliance (GRC) – with specific expertise on the topics of enterprise GRC, GRC technology, corporate compliance and policy management. With 22+ years of experience, Michael helps organizations improve GRC processes, design and implement GRC architecture and select technologies that are effective, efficient and agile. He is a sought-after keynote speaker, author and advisor and is noted as the “Father of GRC” — being the first to define and model the GRC market in February 2002 while at Forrester. Michael Rasmussen Speaker Joe Krause Moderator Joe Krause, AchieveIt Joe is responsible for empowering AchieveIt clients to execute their plans. With a consultative strategic planning background, Joe has worked with clients to execute over 1000 strategic, operational, and project plans. Throughout his four year tenure at AchieveIt, Joe has experienced, first-hand, the pitfalls organizations experience during the execution phase of their strategic planning processes and is passionate about helping teams drive toward successful business outcomes.
  • 4.
    4 A Couple ofHousekeeping Notes Slides will be sent via email in 1-2 days Recording link will be available on demand There are dial-in only participants Type in the Questions Panel Share on Twitter @GoAchieveIt
  • 5.
    5© 2016, allrights reserved, www.GRC2020.com WEBINAR Mitigate Risk with Better Plan Execution and Organizational Alignment
  • 6.
    Mitigate Risk withBetter Plan Execution & Organizational Alignment Effective, Efficient & Agile Strategy & Risk Management Program October 2017 Michael Rasmussen, J.D., GRCP, CCEP The GRC Pundit @ GRC 20/20 Research, LLC OCEG Fellow @ www.OCEG.org
  • 7.
    7© 2016, allrights reserved, www.GRC2020.com Never in all history have we harnessed such formidable technology. Every scientific advancement known to man has been incorporated into its design. The operational controls are sound and foolproof! E.J. Smith, Captain of the Titanic Are you truly aware of your risks?
  • 8.
    8© 2016, allrights reserved, www.GRC2020.com The Chaos of Compliance Interconnectedness Realize that everything connects to everything else. Leonardo da Vinci
  • 9.
    9© 2016, allrights reserved, www.GRC2020.com Change is the Greatest Challenge Impacting Risk Management
  • 10.
    10© 2016, allrights reserved, www.GRC2020.com ➢ Inability to gain clear view of risk dependencies; ➢ High cost of consolidating risk information; ➢ Difficulty maintaining accurate risk information; ➢ Failure to trend across risk assessment periods; ➢ Redundant approaches limit correlation, comparison and integration of risk information; and ➢ Lack of agility to respond timely to changing risks, regulations, laws, and situations. . . . and we hope nothing fails
  • 11.
    11© 2016, allrights reserved, www.GRC2020.com The Organization Has to be Able to See . . .  The Tree. The individual area of risk  The Forest. The interconnectedness of risks
  • 12.
    12© 2016, allrights reserved, www.GRC2020.com Risk is like fire: If controlled it will help you; if uncontrolled it will rise up and destroy you. Theodore Roosevelt Success Requires Risk Taking, But Risk Must Be Managed
  • 13.
    13© 2016, allrights reserved, www.GRC2020.com What it is about . . .
  • 14.
    14© 2016, allrights reserved, www.GRC2020.com Titelmasterformat durch Klicken bearbeiten GRC is the integrated collection of capabilities that enable an organization to: G) reliably achieve objectives R) while addressing uncertainty and C) acting with integrity. SOURCE: OCEG GRC Capability Model Risk management is the core of GRC . . .
  • 15.
    15© 2016, allrights reserved, www.GRC2020.com The questions organizations need to ask:The questions organizations need to ask: ü Does the organization have enough information to make decisions about the future of the company, when they don’t have a clear view of risk that impacts critical business operations and processes? ü Does the organization know its risk exposure at the enterprise, business process, and technology levels and how they interrelate? ü How does the organization know it is managing and mitigating risk effe c tivel y in the context of the business to achieve business goals? ü Can the organization accurately gauge the impact of risk on business strategy , objectives, and operations? ü Does the organization get the information it needs to tak e timely action to risk exposure to avoid or mitigate loss and situations of non-compliance? ü Does the organization monitor key risk indicators across key IT systems, processes, and information? ü Does the organization optimally measure and model risk in a business context?
  • 16.
    16© 2016, allrights reserved, www.GRC2020.com Defense in Depth: Layers of Defense
  • 17.
    17© 2016, allrights reserved, www.GRC2020.com Risk Management Collaboration: Providing Collaboration on Risk Management Across the Organization
  • 18.
    18© 2016, allrights reserved, www.GRC2020.com Risk Management: a Top Down Approach Risk Management Strategy Risk Management Technology Risk Management Information Risk Management Process
  • 19.
    19© 2016, allrights reserved, www.GRC2020.com Risk Management Information Architecture Provides 360° Contextual Intelligence Strategic Financial Operational Preventive Corrective Detective Complaint Investigation Event Strategic Process Department Regulatory Values Contractual Code of Conduct Training & Awareness Policies & Procedures Owner Employee Subject Matter Expert Controls Risks Issues Roles Objectives Policies Obligations Organization Entity Asset Process
  • 20.
    20© 2016, allrights reserved, www.GRC2020.com ISO 31000:2009 Risk Management Risk Assessment ✓ Creates value ✓ Integral part of organizational processes ✓ Part of decision making ✓ Explicitly addresses uncertainty ✓ Systematic, structured and timely ✓ Based on the best available information ✓ Tailored ✓ Takes human and cultural factors into account ✓ Transparent and inclusive ✓ Dynamic, iterative and responsive to change ✓ Facilitates continual improvement and enhancement of the organization Design of Framework for Managing Risk Implementing Risk Management Monitoring & Review of the Framework Continual Improvement of the Framework Communicate&Consultation Monitoring&Review Establishing the Context Risk Treatment Risk Identification Risk Analysis Risk Evaluation Mandate and Commitment 1) Risk Management Principles 2) Risk Management Framework 3) Risk Management Process
  • 21.
    21© 2016, allrights reserved, www.GRC2020.com Risk Detail Capability Risk Name: Risk Status: Green Reporting Period: Subject Matter Expert: Risk Team: Risk Description Control Environment Evaluation to Mitigate Risk ControlledOver-Controlled Under-ControlledNeed Fewer Controls Need More Controls Concerns Regarding Current Control Environment Emerging Risks / Events That Could Change Assessment of Risk Mitigation Activities Deadline Status Emerging Risk Mitigation Activities Deadline Status
  • 22.
    22© 2016, allrights reserved, www.GRC2020.com Risk Detail Capability, continued Related Objectives Related Assets Related Risks Related Processes Risk Scenarios (Types of Events That Could Cause Loss) Scenario Impact Likelihood Velocity Management Systems History of Risk Events (Losses) Event Description When Impact ($)
  • 23.
    23© 2016, allrights reserved, www.GRC2020.com Risk Detail Capability, continued Post-Mitigation Risk Assessment (Residual Risk) Impact ($ MM) Pre-Mitigation Risk Assessment (Inherent Risk) Impact ($ MM) Likelihood (%) Likelihood (%) Velocity (Time to React) Velocity (Time to React) Duration (Time to Recover) Duration (Time to Recover) Management, Systems & Processes Management, Systems & Processes
  • 24.
    24© 2016, allrights reserved, www.GRC2020.com Risk Detail Capability, continued Likelihood low medium high lowmediumhigh Impact Inherent Risk Residual Risk Risk Mitigation Actions Key Risk Factors Monitored Risk Acceptance 01.01.2015 Date Signature Risk Owner Signature Risk Expert
  • 25.
    25© 2016, allrights reserved, www.GRC2020.com Risk technology provides automation and tracking COLLABORATIONAUDIT TRAIL ENFORCEMENT MANAGEMENT REPORTING WORKFLOW & TASKS
  • 26.
    26© 2016, allrights reserved, www.GRC2020.com 360° Risk Contextual Analytics & Intelligence Capabilities Integrated and mapped together to provide context Analyzed to understand relationships Action Items Distributed & Disconnected Risk Data Points
  • 27.
    27© 2016, allrights reserved, www.GRC2020.com Risk Information Architecture Provides 360° Contextual Intelligence Capabilities Strategic Financial Operational Preventive Corrective Detective Complaint Investigation Event Strategic Process Department Regulatory Values Contractual Code of Conduct Training & Awareness Policies & Procedures Owner Employee Subject Matter Expert Controls Risks Issues Roles Objectives Policies Obligations Organization Entity Asset Process
  • 28.
    28© 2016, allrights reserved, www.GRC2020.com Mature GRC Capabilities Achieve the Following 10 Objectives. . . 1 Achieve Business Objectives 2 Ensure Risk Aware Setting of Objectives and Strategic Planning 3 Enhance Organizational Culture 4 Increase Stakeholder Confidence 5 Prepare & Protect the Organization 6 Prevent, Detect, and Reduce Adversity and Weaknesses 7 Motiviate & Inspire Desired Conduct 8 Stay Ahead of the Game 9 Improve Responsiveness & Efficiency 10 Optimize Economic Return & Value
  • 29.
    29© 2016, allrights reserved, www.GRC2020.com Current Level of GRC Integration Across Organization 1 The more integrated, the more consistent in how GRC needs are addressed in different areas of concern. 2 The more integrated, the more confident about management of risk and compliance. 3 The more integrated, the more confident about performance and ability to audit performance, risk and compliance. 4 The more integrated, the more confident about having the right metrics to get clear views about performance, risk and compliance. 5 The more integrated, the more business units feel they give the right amount of information to strategic decision-makers and the board. 6 The more integrated, the more respondents select positive terms to describe metrics they use. The Value of Integrated GRC SOURCE: OCEG & GRC 20/20 2014 GRC Maturity Survey, data is from 190 respondents from organizations with 500+ employees.
  • 30.
    30© 2016, allrights reserved, www.GRC2020.com 1. Aware ✓ Have a finger on the pulse of business ✓ Watch for change in internal & external environment ✓ Turn data into information that can be, and is, analyzed ✓ Share information in every relevant direction 2. Aligned ✓ Support and inform business objectives ✓ Continuously align objectives and operations to risk of the entity ✓ Give strategic consideration to information from risk management enabling appropriate change Maturing Risk Culture Through 360° Contextual Risk Intelligence Delivers . . . 3. Responsive ✓ You can’t react to something you don’t sense ✓ Gain greater awareness and understanding of information that drives decisions and actions ✓ Improve transparency, but also quickly cut through the morass of data to what you need to know to make the right decisions 4. Agile ✓ More than fast, nimble ✓ Being fast isn’t helpful if you are headed in the wrong direction. ✓ Risk management enables decisions and actions that are quick, coordinated and well thought out. ✓ Agility allows an entity to use risk to its advantage, grasp strategic opportunities and be confident in its ability to stay on course. 5. Resilient ✓ Be able to bounce back quickly from changes in context and threats with limited business impact ✓ Have sufficient tolerances to allow for some missteps ✓ Have confidence necessary to rapidly adapt and respond to opportunities 6. Lean ✓ Build the muscle, trim the fat ✓ Get rid of expense from unnecessary duplication, redundancy and misallocation of resources within the risk management ✓ Lean the organization overall with enhanced capability and related decisions about application of resources
  • 31.
    31© 2016, allrights reserved, www.GRC2020.com Two Things to Note . . . ▪ Organizations evaluating or considering GRC solutions are free to ask GRC 20/20 on our understanding and comparison of solutions in the market to meet your GRC requirements. ▪ Inquiries are single focused questions that can be answered in under 30 minutes. ▪ Complimentary inquiry is only available to organizations evaluating or considering GRC solutions for their internal use. Complimentary Inquiry ▪ GRC 20/20 has an extensive library of RFP requirements across a range of GRC capability areas presented in this presentation. ▪ GRC 20/20 can be engaged in RFP development and support projects to streamline your process, gain perspectives learned from other organizations, and to keep solution providers honest in their responses. RFP Development & Support
  • 32.
    Questions? Michael Rasmussen, J.D. TheGRC Pundit & OCEG Fellow mkras@grc2020.com +1.888.365.4560 Some of the content we have evaluated is OCEG content which GRC 20/20 has an established relationship to use. Please do not copy slides or graphics without permission. GRC 20/20 highly recommends you consider OCEG membership at www.OCEG.org. GRC 20/20 Newsletter LinkedIn: GRC 20/20 Blog: GRC Pundit Twitter: GRCPundit LinkedIn: Michael Rasmussen
  • 33.
    33 A Couple ofHousekeeping Notes Slides and Recording will be sent via email in 1-2 days Share on Twitter @GoAchieveIt Type in the Questions Panel to participate in our Q&A
  • 34.
    34© 2016, allrights reserved, www.GRC2020.com Solving the Challenges of Strategy Execution
  • 35.
    35 What Drives Execution? MIDDLEMANAGEMENT SENIOR LEADERSHIP FRONT LINE EMPLOYEES • Executive Dashboards • Predictive Decision Making • Board Reporting • Identify Tasks with Overall Objectives • Easy Reporting Updates • Establish Relationship with Other Initiatives • Real-Time Information • Big Picture and Detailed Views • One Platform, No Manual Compilation
  • 36.
  • 37.
    37 Visual Alignment Qualitative Context BigPicture Visibility Streamlined Updates Purpose-Built for Execution Current Tools Don’t Enable Drivers
  • 38.
  • 39.
    Q&A with MichaelRasmussen Michael Rasmussen, Speaker The GRC Pundit GRC 20/20 Research mkras@grc2020.com +1.888.365.4560 Joe Krause, Moderator Senior Strategy Consultant AchieveIt (800) 535-1559 jkrause@achieveit.com
  • 40.
    Upcoming Events &Resources Webinar >> 3 Proven Methods to Optimize Your 2018 Strategy and Goals through Culture and Employee Engagement Tuesday, November 7th at 1 pm ET REGISTER: https://www.achieveit.com/resources/webinars/ Follow us on Twitter @goachieveIt