Integrated GRC

22
Integrated GRC, financial justification Stockholm 15th of May, 2014 Rob van Straten

description

Presentation från GRC 2014 den 15 maj. Kontakta gärna talaren om du har några frågor. Hela schemat för eventet hittar du här: http://www.transcendentgroup.com/sv/har-har-du-hela-schemat-for-grc-2014/

Transcript of Integrated GRC

Page 1: Integrated GRC

Integrated GRC, financial justification

Stockholm – 15th of May, 2014

Rob van Straten

Page 2: Integrated GRC

2

We are ranked

as a leader

by allindustry

analysts for

consecutive

6 years

All customers use

the sameconfigurable GRC

platform

Upgrades take

one hour

global alliance

program:

>200 certified

consultants

400+ Global

customers

>1 million users

Global leader in

IntegratedGRC

software

BWise® GRC platform

supports ‘GRC groups’:

Risk Management

Internal Audit

Internal Control

Compliance & Policy Management

IT GRC

Sustainability Performance

Management

Corporate control

Business Continuity Management

Case Management

Continuous

Monitoring/Auditing

Best practices

Best of breed:

Functionality

Security

Flexibility

Scalability

Performance

Page 3: Integrated GRC

3

BWise supports all GRC functions

Page 4: Integrated GRC

4

Banking

OpRisk Cycle

Risk Identification

RCSA

Loss & Incident Management

Action Management Risk Framework

Capital Calculation

Risk Reporting

KRI Management

Page 5: Integrated GRC

5

Maintain Audit Universe

Workpaper Management

Audit Reporting

Findings & Issue Tracking

Yearly Audit Plan

Detailed Audit Planning

Audit Analytics

Audit Preparation

The Audit Cycle

Page 6: Integrated GRC

6

Integrated GRC - Common Risk Language

Confidential information – Copyright 2013 BWise

Frameworks drive reporting

Page 7: Integrated GRC

7

Operational Risk Management Dashboard

Page 8: Integrated GRC

8

Personal Dashboard

Page 9: Integrated GRC

9

Gerard Parker

Risk Management (RM)

Michael Bauer

Internal Control (IC)

Jackie McLaren

Compliance &

Policy Mngt (CPM)

Damian Thomson

IT GRC

Kim Lee

Sustainability

Performance

Management (SPM)

Integrated BWise® GRC Platform

Ann Green

Internal Audit (IA)

Planning Framework Assessment Data Reports

Page 10: Integrated GRC

10

Data Driven Risk Management and ComplianceBusiness SystemsIT Management Systems

Assets CMDB

Vulnerability

Management

Intrusion

Detection

Log

Management

Incident

Management

Identity and Access ManagementITG

RC G

RC

ER

P

HR

Consolidation

PCI, COBIT, ITIL, ISO27002ICOFR, SOX, AML, FCPA, ABC,

GRI, TAX

BWise Enterprise GRC

CRM

Page 11: Integrated GRC

11

FINANCIAL JUSTIFICATION OF

INTEGRATED GRC

Page 12: Integrated GRC

12

report

Internal

Audit

HR Finance Business R&DSupply

chain

Com-

plianceERM

ORM

Internal

Control

report report report

Fragmented

data collection

Siloed

IT systems

Duplicative

reporting

Fragmented GRC:

Multiple frameworks and systems, duplicative efforts,

multiple versions of the truth

Page 13: Integrated GRC

13

HR Finance Business R&DSupply

chain

Integrated GRC platformIA, ERM/ORM, Compliance, Internal Control

Asking

questions once

Integrated

GRC platform

Integrated

reporting

Integrated GRC:

Single framework and system, reusing information,

one version of the truth

reports

Page 14: Integrated GRC

14

The 3 Elements of Benefit

Efficiency

improvement

Loss Prevention

Performance Enhancement

Improved Steering

Possible to prove

Possible to claim

Possible to prove

Hard to claim

Hard to prove

Hard to claim

Page 15: Integrated GRC

15

Improved Steering

“After a risk assessment gave

us better insights into our

supply chain risks, we have

made ample investments in our

partner supply network, which

has prevented major damage

after the Fukushima disaster.”

“With our risk management

program, we were able to

reduce our regulatory capital

charge by ## million, which has

given us ## extra revenue with

## extra profit.”

Page 16: Integrated GRC

16

Non-Compliance Financial Consequences

108M USD

384M USD

36M USD

250M USD

13,2M USD

48M USD

398M USD

700k USD

4M USD

4,5M USD

492M USD

754,4M USD

Page 17: Integrated GRC

17

Sample Fines

Page 18: Integrated GRC

18

C-Level: Held Personally Responsible

Confidential information – Copyright 2013 BWise

Page 19: Integrated GRC

19

Elements of Efficiency Improvement

IT Cost

• IT infrastructure cost– Hardware

– Software

• IT maintenance cost

• IT staffing cost

• Upgrades & Updates

• Training cost

Process Efficiencies

• Reporting efficiency

• Issue tracking efficiency

• Control testing efficiency

• Risk assessment efficiency

• Incident management efficiency

• Compliance tracking efficiency

• Risk monitoring efficiency

• …

Page 20: Integrated GRC

20

Cost Reduction – IT Systems

-2 000 000

-1 000 000

0

1 000 000

2 000 000

3 000 000

4 000 000

5 000 000

6 000 000

Cost Savings

Cost Saving Cumulative Cost Saving

Page 21: Integrated GRC

21

Page 22: Integrated GRC

22

How to start the eGRC Journey? Practical advice

Create

IT visionfor eGRC

Develop unified taxonomy;

single Risk language

define

pain

points and/or

quick wins

Reduce

complexity by

Best

Practices and

Standards

It’s a

journey, not a

destination

Connect

Risks to

processesand define

controls