Risk IQ - MetricStream Event ... · LEADING WITH GRC The Past, Present, and Future of GRC Samir...

LEADINGWITH GRC

The Past, Present, and Future of GRC

Samir AzimAssociate Director, Partnerships

@MetricStream

Risk IQ - MetricStream Event

---------------------------------------

June 9th, Te Papa Museum

---------------------------------------

Wellington, New Zealand

Leading with GRC © MetricStream, Inc. | All Rights Reserved

"Float like a butterfly. Sting like a bee.

You can't hit what your eyes don’t see"-


The perfect storm of GRC challenges

3


Stock Prices – Volkswagen and Competitors


Evolution of GRC


Business Drivers Influencing Investment in GRC

5.4%

8.4%

11.1%

17.2%

17.6%

22.6%

34.9%

39.5%

54.0%

76.2%

0.0% 10.0% 20.0% 30.0% 40.0% 50.0% 60.0% 70.0% 80.0% 90.0%

Other (please specify)

Political stability concerns

Increasing geo-political risks

Need to improve Anti-Fraud, -Bribery, -…

Global Business Uncertainty

Industrial Level Cyber Threats

Regulatory Proliferation making it hard to…

Privacy and data protection issues

New business initiatives introducing new risks…

Need to Improve Risk Oversight

Business Drivers Influencing Investment in GRC


A single system of record for GRC

eliminates spreadsheet chaos

Business Value of GRC

1

Improved business performance providing decision makers

reliable risk intelligence3

Increased GRC productivity, lower costs2


What’s Next?


Innovation, Disruption — What Is It That You Really Want to Do?

S-1 Holland and Russian battleship Retvizan entering the New York Navy Yard dry dock

http://pigboats.com/subs/holland.html


1G

2G

3G

4G – M7

2004 2008 2012 2016

Business Performance

Digital Business Transformation

Phase 1

Phase 2

Emerging Issues, Innovation, Disruption

GRC in Transition


The Human Dimension

Employee related policies

Sensitive Data Access log

Online/Offline Business Activity

ERP Continuous Controls

Monitoring

Social Media Monitoring

HR Master Data,

Time Card and

Attendance Tracking

Social Network Analysis

Web Activity Logs

Email Monitoring


And After That?


Future of GRC

Techn

olo

gy Pervasiveness

Economic Disruption

Hyperconnected

Fenced

Socio-Political Financial

Virtual Tribes

Free for AllPower to the

People

Big Brother


Power to the PeopleHyper-connected, Financial System Uncertainty

• Low Trust in Fin Inst leads to broad and immediate Impact.

• Regulators gain power due to better connectivity and Politicians lose power due to people having control

• Financial profile will be determined by personal digital footprint

• Greater productivity due to automated decision making

• Reduced uncertainty in environment changes due to hyper-connectivity

• Cyber sanctions as a geo-political tool

Photo: DoD


Virtual TribesFenced, Socio-Political Uncertainty

• Digital connection more important than family

• Attacks across tribes

• Crypto-currencies within tribes

• More protectionism

• New types of political entities/cults of personality in politics

• Corporatocracies that can connect the dots become more important

Photo: Facebook


And for Now


Recommendations

Make GRC more people focused

Identify high risk use cases and the people involved

Identify sources for human behavioral KRIs

Develop baselines and trending

Integrate reporting into GRC system


About MetricStream!

© 2015 MetricStream, Inc. All Rights Reserved.

MetricStream 2016

20+Core Apps

450+Customers

1800+GRC Experts

100+Partners

50+Zaplets

Backed by Goldman Sachs


©

About US

• Over 1,900+ employees• Headquarters in Palo Alto, California with offices worldwide• Over 450 enterprise customers• Privately held – backed by leading global VCs, Goldman Sachs, Sageview Capital

Integrated Governance, Risk and Compliance for Better Business PerformanceVision

Solutions

• Risk Management• Business Continuity Management• IT GRC• Compliance Management• Audit Management

Differentiators

• Technology - GRC Platform – 9 Patents• Breadth of Solutions – Single Vendor for all GRC needs• Cross-industry Best Practices and Domain Knowledge• ComplianceOnline.com - Largest Compliance Portal on the Web

Organization

• Supplier Governance• Quality Management• EHS & Sustainability• Governance & Ethics• Content and Training


MetricStream GRC Platform

Cloud Infrastructure

GRC Foundation

Horizontal Solutions(Integrated GRC, Vendor Governance, etc.)

Vertical Solutions(Banking, Financial Services, Insurance, etc.)

Operational

Risk

Enterprise

RiskIT Risk Compliance

Internal

Audits

Case

Mgmt.

Threats &

Vulnerabilities

Third-Party

Mgmt.

Apps

[+] other Apps

ZapletAppStore

Community

3rd-Party Apps Content

Alerts & Feeds

GRCIntelligence

AppStudio

GR

C P

latf

orm

Objectives

ComplianceOnline

Training

Retail Content

Risk Analytics &

Intelligence

NotificationsSecurity

Controls

Collaboration

Processes

Workflow

Risks

Configuration

Rules Engine

Organizations

MonitoringProvisioning Infolets

PoliciesAssets

Integration TemplatesData

Unstructured Data Relational Data

Regulations

Forms Analytics

Big Data


MetricStream Packaged Applications


Product Leadership – A Disruptive Force

“MetricStream’s fast growth is a disruptive force in the market.” Highest score for Current Offering criteria for strength of product offering and capabilities

- Forrester Wave™: GRC Platforms, Q1 ’14

MetricStream continues to be a strong leader. Highest score possible across all the core GRC Applications

- Forrester Wave™: GRC Platforms, Q1 ’16


Leader in Gartner Magic Quadrants

Business Continuity Mgmt.Highest current product capability scores…

IT Risk Mgmt.MetricStream has made good investments in R&D, focusing on risk intelligence/big data, cloud, Zaplet architecture, and its ComplianceOnline content.

Operational Risk Mgmt.MetricStream received high customer ratings for the quality and reliability of its sales team.

Vendor Risk Mgmt.MetricStream offers visibility into fourth-party relationships, which is becoming more important to industry regulators.

http://www.gartner.com/RecognizedUser

http://www.gartner.com/RecognizedUser


Product Leadership: Category Leader in GRC

“MetricStream positioned as a Category Leader for Enterprise GRC Solutions both in terms of completeness of offerings and market potential.”

- Chartis RiskTech Quadrant™ for Enterprise GRC Solutions

Thank you


Application for every Department

CRO->Risk CAE -> Audit

Enterprise Risk Management

Operational Risk Management

Internal Audit

Operational Audit

CISO -> IT & Security Quality Head -> Quality

CSO -> Sourcing

IT Risk Management

Business Continuity

IT Compliance

Threat & Vulnerability

Vendor Risk Management

Inspections Management

Supplier Quality Audit

NCM & CAPA Management

Incident Management

Third-party Management

Conflict Minerals Management

CCO->Compliance

Policy & Document

SOX Compliance

Compliance Management

Case Management

Reg. Change Management


Apps for every GRC Program

Enterprise GRC Corporate Compliance

Enterprise Risk Management

Internal Audit

Operational Audit

Quality Management

IT GRC

IT Risk Management

Business Continuity

IT Compliance

Threat & Vulnerability

Vendor Risk Management

Inspections ManagementSupplier Quality Audit

NCM & CAPA Management

Third-party Management

Supplier Governance

Policy & Document


Case Management

Reg. Change Management

Policy & Document

SOX Compliance


Training Management

EHS Management

Environment Management

Health & Safety Management

Incident Management

Policy & Document

Supplier Quality Audit Policy & Document


Value Proposition of Apps

Pre-packaged content & Best practices

Cloud | On-premise

Offer Personalized Experience for all Users

Advanced Security

Packaged Editions for Specific needs

Flexibility to Add-on Additional Apps

Instant ValueEasy

Configuration


Why MetricStream

– Architected for GRC– Flexible, extensible data model for better management, mapping, reporting

– Highly configurable to map business processes to solution

– Platform-based architecture, modular deployment, easy integration with current systems

– Innovation with Purpose– Cloud Architecture for on premise or Cloud deployments

– Mobile: Ubiquitous access to data across devices for employees, customers and partners

– Big Data: Big Data aggregation and storage - social media, public databases, unstructured data

– GRC Journey Methodology– GRC Maturity and Time to Value – Focusing on the right priorities to achieve Better Performance, Better Decisions

– GRC Journey Planning – Building a clear program with key stakeholders

– GRC Community, Special Interest Groups, GRC Summit, GRC program plans/artifacts and successes

Risk IQ - MetricStream Event ... · LEADING WITH GRC The Past, Present, and Future of GRC Samir...

Documents

Transcript of Risk IQ - MetricStream Event ... · LEADING WITH GRC The Past, Present, and Future of GRC Samir...