BPS Resolver’s GRC Cloud

BPS Resolver’s approach to GRC will help you streamline your efforts so you can spend your time and effort focused on making the right

kind of splash.

Manage Governance, Risk and Compliance (GRC) your way with GRC Cloud, the world’s

most flexible GRC software application.

www.bpsresolver.com

BPS Resolver GRC Cloud

GRC Cloud allows your company to manage all its Governance, Risk and Compliance (GRC) needs in one application.

GRC Cloud enables the following programs: 1. Strategic Planning & Balanced Scorecards 2. Enterprise Risk Management 3. Internal Control 4. Legislative Compliance Management 5. Issue and Incident Management 6. Internal Audit

GRC Cloud was designed with your business in mind, combining your organization's internal structure, methodologies and terminologies with GRC best practices to enable an effective and efficient approach to automating your GRC program. Successful management of risk and compliance activities requires the participation of individuals across the organization and GRC Cloud’s highly secure, and web-based environment enables just that.

Many BPS Resolver customers choose to start their GRC program with a single focus (such as Internal Audit, IT Governance, SOX Compliance, PCI Compliance or NERC Compliance) and then expand the scope as resources permit and timing is best. The scalability of a web-based application enables additional focus areas and additional users to be added to GRC Cloud quickly and easily.

How to Start Implementing GRC?

GRC Cloud

1. Availability and Scalability

GRC Cloud is ideal for any size organization, from a single person department to large multi-disciplined corporations that collaborate across offices, cities or continents.

2. Low Cost of Ownership

The Software as a Service (SaaS) model means that no IT management time or budget is necessary to operate the GRC program.

As a browser-based application, there is no need to install software on users’ computers.

3. Secure and Private

Even in a hosted environment, each customer’s data is stored in separate databases. Built-in system security and procedures ensure that sensitive data is always protected and backed-up.

Comprehensive user permission management ensures that company data can only be viewed or edited by individuals and groups authorized to do so.

4. Flexible and User-Friendly

GRC Cloud is designed to allow complex functionality while remaining user-friendly.

Administrators manage users, access levels and security with sophisticated yet simple-to-use tools.

Why GRC Cloud?

GRC Cloud supports all your GRC Program needs! Start with one or two programs and expand to

others as you have the bandwidth.

How We Help You Grow Your Business

DRIVE EFFICIENCY

Pre-Built Content: GRC Cloud comes with pre-built best practice libraries and fields tailored for your GRC Program.

• For companies embarking on the GRC journey, these libraries help you get up and running quickly. You will of course update these libraries so that they match your business more precisely but they provide the right foundation for your program. By providing updates to content, BPS Resolver helps ensure you are working with the most up to date risk libraries and industry standards.

Dashboards: You can create your own custom dashboards so that any time you log into the system, you will have an 'at a glance' understanding of the status of important items.

• Use dashboards to keep track of the progress of assessments and remediation activities. As an owner, use Dashboards to track your own progress and manage your key risks, issues, and tasks.

Simplified Screens for Light Users: One-click functionality allows users to get into the system, enter or update the appropriate information and then log back out.

• One of the greatest barriers to successful GRC Programs is often getting buy-in from subject experts and owners to update their areas of responsibility. By making it easy and intuitive for them, you will increase the level of adoption, increase the quality of the data you gather and help generate buy-in to the GRC program.

Flexible Reporting: The system has a robust and flexible reporting capability. You can easily respond to ad-hoc reporting requests, share reports or run regular reports. These reports can be customized depending on the intended audience.

• You will dramatically reduce the time spent generating reports and determining the status of risks and controls.

Benefits of Using GRC Cloud for Your GRC Programs

DRIVE EFFECTIVENESS

Link Risks to Strategic Objectives: Risks can be linked directly to elements of your strategic plan.

• Linking Risks to Strategic Objectives helps your system crossover into a Business Performance tool by helping create greater assurance that the company understands barriers to achieving its plan and is working actively to manage and eliminate these barriers.

Aggregation: Process, Regulation, Risk, Requirement and Control scores can be 'rolled up‘.

• In addition to being more efficient than manual updates, this feature helps eliminate potential human error or omission and enables additional analysis.

Automated Scheduling: Through workflow, you can set triggers and alerts to inform users that work needs to be done, that a deadline is looming or that tasks are past due.

• Many elements of GRC programs, such as risk assessments, certifications, testing and progress updates are conducted quarterly or annually. Using our workflow to build a schedule and set up a system of alerts will ensure that the responsible people know what they have to do and when they have to do it.

Group Identification & Assessment Workshops: Through anonymous workshops, candid opinions and more accurate information are collected.

• Our tools prevent the traditional pitfalls of manual group assessments, like group think or dominant personalities preventing all participants from expressing their opinions, and enable you to get the best value from your workshops.

Build & Edit Frameworks: Quickly model your processes, regulatory environment, and risk universe, based on industry best

practice or company standards.

Assess Frameworks & Manage Issues & Action Plans: Assess risks and evaluate

controls through testing. Manage corresponding issues and action plans

across the enterprise .

Create Pre-Defined and Ad-hoc Reports: Reports can be created, saved

and shared to show current ratings, identify problem areas and illustrate

trends.

GRC Program Management The BPS Resolver GRC Maturity Model

Whether you are just starting a GRC Program, have had one in place for years, or you are looking for a point solution that has the capability to expand in to other areas as you mature, BPS Resolver helps you take your program to the next level. We’ll help you mature your program with your business needs in mind.

We typically encounter clients at one of the following maturity levels but as GRC maturity is a spectrum, your program may have characteristics from multiple levels.

• Maturity Level 1: Nothing in Place, Just Building a GRC Program • Maturity Level 2: Initial, Ad Hoc and Siloed Programs • Maturity Level 3: Established, Managed and Standardized • Maturity Level 4: Business Performance Management

Maturity Level 1 Characteristics: • Siloed approach to Internal Control,

Governance, Risk Management, Strategic Planning, Compliance Management, Internal Audit and Issue & Incident Management.

Maturity Level 2 Characteristics: • Manual ad hoc or informal processes • One or two GRC programs talk to each other or

work together • Siloed adherence to compliance requirements • GRC program is dependent on key individuals • Documentation of processes, risks,

requirements and controls is minimal and typically localized

• Silos have different language and process to manage and assess risks

• Multiple touch points with the business from each program

Maturity Level 3 Characteristics: • Automated and/or repeatable process • Common language, policies and procedures

used across multiple GRC areas • Standardized content structure and library to

enable consolidated reporting • Involvement of the business in annual (maybe

quarterly) documentation updates and certifications

• Single touch point with the business • Common risk language used across divisions

Maturity Level 4 Characteristics: • Company-wide GRC program embedded in

key processes & culture • Strategic Planning, Internal Audit & Risk

Management and Compliance fully integrated

• GRC information (esp. risk information) used to make all strategic decisions

• Best-in-class program and processes • Self-correcting and process optimizing • Risk-based continuous assessment,

monitoring and testing • Ownership assigned for all areas, risks,

controls, issues and remediation • A source of competitive advantage with

emphasis on exploiting improvement opportunities

• Emphasis on understanding issue trends to remediate problems across the enterprise.

• Monthly/quarterly progress updates on outstanding issues and actions

It is important that you implement a program that can help you achieve your current GRC goals AND is able to support growth as it matures.

Find out how BPS Resolver’s GRC Solution supports your team at any level of maturity. Call us at 1-866-622-2299 to understand more.

Why BPS Resolver?

For over a decade, BPS Resolver Inc.’s GRC Suite has provided organizations with Governance, Risk & Compliance software solutions that create efficiencies and make GRC programs more effective.

We make it simple for companies to mobilize their people to address business, audit, risk and compliance issues proactively and to demonstrate and document these efforts to internal and external stakeholders. BPS Resolver adds value by replacing informal, unreliable, expensive or inflexible systems with easy to adopt, easy to use solutions.

Our GRC software solutions have supported 500 companies in over 100 countries where our products and solutions ensure that boards and executives meet their oversight and assurance goals. BPS Resolver client’s include TD Canada Trust, ANSTO, Starwood Hotels, Molson Coors, Air Canada, Phillip Capital, Kinross, and many more. For more information, contact: Info@bpsresolver.com Or visit our website: www.bpsresolver.com

About BPS Resolver

“Having everything in a single reporting software makes it a very usable solution for our busy

management team. At a high level [GRC Cloud] provides an overall view of the status of our risk

treatment plans and of our progress on initiatives. This serves as a great dashboard for both our

Executives and our Board of Directors.”

- Veridian Corporation

What Our Clients Have To Say

“One of the great advantages of GRC Cloud over other GRC tools is its flexibility to adapt to your company’s control structure through its hierarchical design and comprehensive details of options. This platform,

combined with BPS Resolver’s commitment to product evolution and customer service has easily made this one of the best decisions to improve the overall efficiency and effectiveness of our internal audit department.”

- CML Healthcare

“[GRC Cloud] documents and structures material very well… giving us a very comprehensive database. For every risk we identify and record we also look at the mitigations, which can either be through pre-existing controls… or an action plan to mitigate the risk. Here, we can apply target completion dates, and interrogate the system and check on dates as they come due. We have enough flexibility.”

- IATA (International Air Transport Association)