CML Group GRCaaS Dashboard
-
Upload
jim-robins -
Category
Economy & Finance
-
view
615 -
download
1
Transcript of CML Group GRCaaS Dashboard
GRCaaS
Governance Risk Compliance as a Service
GRC Automation Simplifiedand Affordable
Business Management Consulting
GRC Solution
OCEG GRC Technology Strategy & Maturity Survey
Results from 273 respondents to the OCEG 2014 GRC Technology Strategy Survey shows:
Governance Risk Compliance Simplified
The CMLgroup GRCaaS solution provides all the tools to build an efficient, collaborative enterprise GRC program within your organization.
GRCaaS allows you to: •Manage Risk
•Demonstrate compliance
•Automate business processes
•Gain visibility into corporate risk and security controls
•Access real time, intuitive, interactive, customizable, role-based GRC Dashboards
CMLgroup GRCaaS Framework
RiskSet up Risk
Management Program. Identify Assets,
Threats, Vulnerabilities and Controls
PolicyMap and track your Policies, Procedures,
Guidelines and Standards
VulnerabilityScan and document your organization’s
technical compliance controls
VendorTrack third-party vendors, and OSP
Identify and mitigate risk
ProcessTrack and manage
business processes, automatically feed to
risk , audit and compliance programs
AuditAutomatically
populate audit field and eliminate manual
internal & external controls verification
ReportingReal time, intuitive
and interactive customizable, role based Dashboards
TrainingIntegrate
courseware with controls, and
streamline course completion
Incident ManagementTrack and report
information security incidents
ComplianceFully automated
compliance. Automatic updates
to regulatory Requirements
Banking and Finance Guidance
Payment Card Guidance
Sarbanes Oxley Guidance
US Federal Security Guidance
Individual Employee Compliance Tasks
Customize Executive Dashboards
Customize Drill Down Reporting
Identify Regulatory Compliance at a glanceLeft Pie chart: assessment in progress, review and approvedRight Pie chart: assessment controls status, Passed, Failed, Not Responded, Not ApplicableBar chart – Assessment Level, Inherent Risks and Inherent Compliance levelsBar chart – Assessment by Regulatory Compliance progress status
Who is responsible?Select Assessment Status In Progress (Pie Chart blue section)The information window shows Finance and United States having the most failed controls
Who is accountable ?Filter by division Finance, see Details. Compliance Manager, most assessments in progress, majority overdue more than 30 days. Followed by Dario Acosta all assessments overdue.Outliers shown in Days Past Due (red column) clearly maps priorities. Who has to do What
Inherent Risk AnalysisHealthy High/Low risk ratio, where low is about three times the High level. However, there are 19 assessments in progress listed as Not Assessed. It presents a large potential risk. Assessment Risk becomes priority along with completing overdue assessments.
Organization’s Assessment StatusAssessment status by division. Compliance Rating shows status based on org thresholds. The four-quadrant chart below show Completion/Passed ratio. Bubble size driven by number of controls per division
Risk Sources and TypesRisk sources by Asset Type, further analyzed by status New, Open and Close.Tap on Asset Type to see Risks Types such as Audit Findings, Failed Control, Incident, Risk and Vulnerability
Assessments Common Controls Controls by Sources and Parents - Banking and Finance Guidance, network map on the right shows common controls between Regulations, FEIC Audit and Bank Secrecy Act. Therefore, passing these controls increases inherent compliance for both Regulations
Assessment Regulatory Compliance/Impact Zone Assessment by Regulatory Compliance shows organization’s regulations statusAssessment by Impact Zone shows status by organization’s GRC groups
Affordable GRC
• Automate manually intensive tasks• User generated reports• Simplified data collection• Automate business processes• Easy to train new personnel• User customizable dashboards• Designed to enhance your existing process • Does not force you to implement large-scale process
changes
GRC Simplified
• A cloud-based service with no software to buy, install, and maintain
• IT support not needed• Runs on the highly scalable Salesforce.com platform
so it’s always available and accessible• 2-day installation• Free no-obligation trial so you can try before you buy
• Customizable, interactive reports• Real-time Mobile Dashboard• An intuitive setup process• Easy Ongoing Management
User Interface
• Thousands of Citations• Regulations from hundreds of
Authorities• Guaranteed currency with all
global standards and regulatory mandates
Unified Compliance Framework (UCF)
• Risk Compliance• Policy, Training• Audit• Vendor• Incident Response• Vulnerability Management• Process
A complete, integrated suite of IT GRC management
• Configuration and deployment• Product support• Baseline consulting
Built-in integration and support
services• Risk assessments,
vulnerability assessments• IT audit and much more
Optional Services and strategic consulting
• Enterprise-class solution without the need for capital investment or additional personnel.
Cloud-based delivery
3
2
1
6
4
5
GRCaaS by CMLgroup
GRCaaS
GRCaaS Solution enables:Complete Risk
Posture insight
• Real time reporting and Executive Dashboards
• Actionable items generated by analytics and KRI
• Streamlined information security & compliance operations
• Enhanced access and end-to-end integration
• Intuitive initial setup provides built-in and step-by-step guides
• Subject matter expertise is embedded into GRCaaS’s robust wizards
• Supports over 700 authorities & over 25,000 citations and regulations
• Maps the organization’s industry-specific requirements to standard GRCaaS Controls
• Scalability, Reliability and Performance with a Cloud Performance
• Standardized security CustomizableReal-Time upgrades
Automation and Streamlining
Simplified User Interface
Automate Compliance
Cloud Based Strategic