Post on 16-Jul-2018
LEADINGWITH GRC
The Past, Present, and Future of GRC
Samir AzimAssociate Director, Partnerships
@MetricStream
Risk IQ - MetricStream Event
---------------------------------------
June 9th, Te Papa Museum
---------------------------------------
Wellington, New Zealand
Leading with GRC © MetricStream, Inc. | All Rights Reserved
"Float like a butterfly. Sting like a bee.
You can't hit what your eyes don’t see"-
Leading with GRC © MetricStream, Inc. | All Rights Reserved
Stock Prices – Volkswagen and Competitors
Leading with GRC © MetricStream, Inc. | All Rights Reserved
Business Drivers Influencing Investment in GRC
5.4%
8.4%
11.1%
17.2%
17.6%
22.6%
34.9%
39.5%
54.0%
76.2%
0.0% 10.0% 20.0% 30.0% 40.0% 50.0% 60.0% 70.0% 80.0% 90.0%
Other (please specify)
Political stability concerns
Increasing geo-political risks
Need to improve Anti-Fraud, -Bribery, -…
Global Business Uncertainty
Industrial Level Cyber Threats
Regulatory Proliferation making it hard to…
Privacy and data protection issues
New business initiatives introducing new risks…
Need to Improve Risk Oversight
Business Drivers Influencing Investment in GRC
Leading with GRC © MetricStream, Inc. | All Rights Reserved
A single system of record for GRC
eliminates spreadsheet chaos
Business Value of GRC
1
Improved business performance providing decision makers
reliable risk intelligence3
Increased GRC productivity, lower costs2
Leading with GRC © MetricStream, Inc. | All Rights Reserved
Innovation, Disruption — What Is It That You Really Want to Do?
S-1 Holland and Russian battleship Retvizan entering the New York Navy Yard dry dock
http://pigboats.com/subs/holland.html
Leading with GRC © MetricStream, Inc. | All Rights Reserved
1G
2G
3G
4G – M7
2004 2008 2012 2016
Business Performance
Digital Business Transformation
Phase 1
Phase 2
Emerging Issues, Innovation, Disruption
GRC in Transition
Leading with GRC © MetricStream, Inc. | All Rights Reserved
The Human Dimension
Employee related policies
Sensitive Data Access log
Online/Offline Business Activity
ERP Continuous Controls
Monitoring
Social Media Monitoring
HR Master Data,
Time Card and
Attendance Tracking
Social Network Analysis
Web Activity Logs
Email Monitoring
Leading with GRC © MetricStream, Inc. | All Rights Reserved
Future of GRC
Techn
olo
gy Pervasiveness
Economic Disruption
Hyperconnected
Fenced
Socio-Political Financial
Virtual Tribes
Free for AllPower to the
People
Big Brother
Leading with GRC © MetricStream, Inc. | All Rights Reserved
Power to the PeopleHyper-connected, Financial System Uncertainty
• Low Trust in Fin Inst leads to broad and immediate Impact.
• Regulators gain power due to better connectivity and Politicians lose power due to people having control
• Financial profile will be determined by personal digital footprint
• Greater productivity due to automated decision making
• Reduced uncertainty in environment changes due to hyper-connectivity
• Cyber sanctions as a geo-political tool
Photo: DoD
Leading with GRC © MetricStream, Inc. | All Rights Reserved
Virtual TribesFenced, Socio-Political Uncertainty
• Digital connection more important than family
• Attacks across tribes
• Crypto-currencies within tribes
• More protectionism
• New types of political entities/cults of personality in politics
• Corporatocracies that can connect the dots become more important
Photo: Facebook
Leading with GRC © MetricStream, Inc. | All Rights Reserved
Recommendations
Make GRC more people focused
Identify high risk use cases and the people involved
Identify sources for human behavioral KRIs
Develop baselines and trending
Integrate reporting into GRC system
© 2015 MetricStream, Inc. All Rights Reserved.
MetricStream 2016
20+Core Apps
450+Customers
1800+GRC Experts
100+Partners
50+Zaplets
Backed by Goldman Sachs
© 2015 MetricStream, Inc. All Rights Reserved.
©
About US
• Over 1,900+ employees• Headquarters in Palo Alto, California with offices worldwide• Over 450 enterprise customers• Privately held – backed by leading global VCs, Goldman Sachs, Sageview Capital
Integrated Governance, Risk and Compliance for Better Business PerformanceVision
Solutions
• Risk Management• Business Continuity Management• IT GRC• Compliance Management• Audit Management
Differentiators
• Technology - GRC Platform – 9 Patents• Breadth of Solutions – Single Vendor for all GRC needs• Cross-industry Best Practices and Domain Knowledge• ComplianceOnline.com - Largest Compliance Portal on the Web
Organization
• Supplier Governance• Quality Management• EHS & Sustainability• Governance & Ethics• Content and Training
© 2014 MetricStream, Inc. All Rights Reserved.
MetricStream GRC Platform
Cloud Infrastructure
GRC Foundation
Horizontal Solutions(Integrated GRC, Vendor Governance, etc.)
Vertical Solutions(Banking, Financial Services, Insurance, etc.)
Operational
Risk
Enterprise
RiskIT Risk Compliance
Internal
Audits
Case
Mgmt.
Threats &
Vulnerabilities
Third-Party
Mgmt.
Apps
[+] other Apps
ZapletAppStore
Community
3rd-Party Apps Content
Alerts & Feeds
GRCIntelligence
AppStudio
GR
C P
latf
orm
Objectives
ComplianceOnline
Training
Retail Content
Risk Analytics &
Intelligence
NotificationsSecurity
Controls
Collaboration
Processes
Workflow
Risks
Configuration
Rules Engine
Organizations
MonitoringProvisioning Infolets
PoliciesAssets
Integration TemplatesData
Unstructured Data Relational Data
Regulations
Forms Analytics
Big Data
© 2014 MetricStream, Inc. All Rights Reserved.
Product Leadership – A Disruptive Force
“MetricStream’s fast growth is a disruptive force in the market.” Highest score for Current Offering criteria for strength of product offering and capabilities
- Forrester Wave™: GRC Platforms, Q1 ’14
MetricStream continues to be a strong leader. Highest score possible across all the core GRC Applications
- Forrester Wave™: GRC Platforms, Q1 ’16
© 2014 MetricStream, Inc. All Rights Reserved.
Leader in Gartner Magic Quadrants
Business Continuity Mgmt.Highest current product capability scores…
IT Risk Mgmt.MetricStream has made good investments in R&D, focusing on risk intelligence/big data, cloud, Zaplet architecture, and its ComplianceOnline content.
Operational Risk Mgmt.MetricStream received high customer ratings for the quality and reliability of its sales team.
Vendor Risk Mgmt.MetricStream offers visibility into fourth-party relationships, which is becoming more important to industry regulators.
© 2014 MetricStream, Inc. All Rights Reserved.
Product Leadership: Category Leader in GRC
“MetricStream positioned as a Category Leader for Enterprise GRC Solutions both in terms of completeness of offerings and market potential.”
- Chartis RiskTech Quadrant™ for Enterprise GRC Solutions
© 2014 MetricStream, Inc. All Rights Reserved.
Application for every Department
CRO->Risk CAE -> Audit
Enterprise Risk Management
Operational Risk Management
Internal Audit
Operational Audit
CISO -> IT & Security Quality Head -> Quality
CSO -> Sourcing
IT Risk Management
Business Continuity
IT Compliance
Threat & Vulnerability
Vendor Risk Management
Inspections Management
Supplier Quality Audit
NCM & CAPA Management
Incident Management
Third-party Management
Conflict Minerals Management
CCO->Compliance
Policy & Document
SOX Compliance
Compliance Management
Case Management
Reg. Change Management
© 2014 MetricStream, Inc. All Rights Reserved.
Apps for every GRC Program
Enterprise GRC Corporate Compliance
Enterprise Risk Management
Internal Audit
Operational Audit
Quality Management
IT GRC
IT Risk Management
Business Continuity
IT Compliance
Threat & Vulnerability
Vendor Risk Management
Inspections ManagementSupplier Quality Audit
NCM & CAPA Management
Third-party Management
Supplier Governance
Policy & Document
Compliance Management
Case Management
Reg. Change Management
Policy & Document
SOX Compliance
Compliance Management
Training Management
EHS Management
Environment Management
Health & Safety Management
Incident Management
Policy & Document
Supplier Quality Audit Policy & Document
© 2014 MetricStream, Inc. All Rights Reserved.
Value Proposition of Apps
Pre-packaged content & Best practices
Cloud | On-premise
Offer Personalized Experience for all Users
Advanced Security
Packaged Editions for Specific needs
Flexibility to Add-on Additional Apps
Instant ValueEasy
Configuration
© 2014 MetricStream, Inc. All Rights Reserved.
Why MetricStream
– Architected for GRC– Flexible, extensible data model for better management, mapping, reporting
– Highly configurable to map business processes to solution
– Platform-based architecture, modular deployment, easy integration with current systems
– Innovation with Purpose– Cloud Architecture for on premise or Cloud deployments
– Mobile: Ubiquitous access to data across devices for employees, customers and partners
– Big Data: Big Data aggregation and storage - social media, public databases, unstructured data
– GRC Journey Methodology– GRC Maturity and Time to Value – Focusing on the right priorities to achieve Better Performance, Better Decisions
– GRC Journey Planning – Building a clear program with key stakeholders
– GRC Community, Special Interest Groups, GRC Summit, GRC program plans/artifacts and successes