SlideShare a Scribd company logo

Maclear’s IT GRC Tools – Key Issues and Trends

Maclear LLC
Maclear LLC

Maclear specializes in enterprise governance, risk and compliance (eGRC) solutions. The IT GRC Solution integrates various business functions such as IT governance, policy management, risk management, compliance management, audit management, and incident management. Enables an automated and workflow driven approach to managing, communicating and implementing IT policies and procedures across the enterprise Read More at: http://www.maclear-grc.com/

Business
1 of 11
Download to read offline
IT GRC www.maclear-grc.com
Introduction IT GRC Landscape IT GRC Tools - Key Issues & Trends Key Challenges Benefits of Integrating IT GRC IT Risk Management Framework IT GRC Solution IT GRC Solution - Key Features IT GRC Framework - Implementation 360 Degree of Risk Aggregating across IT and Security Ecosystem Sustainability and Best Practices for Deploying IT GRC IT GRC Automation Conclusion 3 3 4 4 5 6 7 7 8 8 9 9 10 10 CONTENTS
IT GRC INTRODUCTION IT GRC LANDSCAPE 2013, already being referred to as the “Year of Data Leaks”, witnessed a total of 2164 separate cases of data breaches which exposed over 822 million records. Hacking accounted for almost 60% of incidents, and over 70% of leaked records. A report by Symantec put the average cost of data breaches in 2013 between $1.1 million on the lowest end and $5.4 million on the highest. When we consider that data security breach is just one of the many threats facing an organization, the business impact estimate of security breaches, regulatory non-compliance and lack of effective governance is staggering. The modern organization operates in a complex high risk environment. At one level, it is affected by macro changes in the environment such as economic downturns, political instability and disasters. At the other level it has to contend with unprecedented volumes of data, ensure data security and effective data validation amidst increasing consumerization of IT, digital convergence and ever changing compliance regulations. Organizations today are under tremendous pressure to ensure optimum governance, operational transparency and effective risk management while maintaining profitability and competitive edge. This necessitates a comprehensive focus on IT GRC with state of the art technology enabled solutions to create and manage the necessary governance frameworks. This whitepaper focuses on the ways in which IT GRC can be implemented, its best practices and key benefits for an organization. Technology enablement has been at the forefront of paradigm shifts in the GRC space over the last few years. It has been proven beyond doubt now that organizations that use technology to enable their GRC processes have significant advantages over others. Some of these are the potential to reduce the cost of risk management, enhance compliance and audit controls and processes, and streamline reporting and analytics, and better risk management. It is, however, important to note the key issues that are faced by IT GRC and some of the recent trends in this space. 3
IT GRC TOOLS - KEY ISSUES & TRENDS KEY CHALLENGES ISSUES TRENDS • Non‐standard definition of GRC across industries - unstable future state and ability to define requirements • Multiple and increasingly complex regulatory environments • Legacy GRC systems are application-specific. Vendors find dificulty in generalizing their product or find alternate uses • Lack of maturity of the enterprise GRC solutions to handle complex organization structures and data flows • Lack of visualization and advanced dashboarding • Lack of Analytics capabilities • Issues with gaining real-time data feeds across disparate sources • More often than not GRC initiatives are not driven from the top layers of leadership • Rapid growth of GRC solutions with organizations realising need for robust risk management frameworks • Increasing technology enablement of GRC processes within the organization • Entrance of many top technology companies in the GRC space including acquisitions and alliances • Focus on performing advanced analytics and Business Intelligence in the GRC space • Adoption of web-based solutions for GRC products which are easily accessible and maintained • Increasing use of Business Process Mangament (BPM) for GRC processes • Robust testing mechanisms of GRC solutions incuding continuous monitoring With the IT enterprise generating unprecedented volumes of data, the biggest challenge before CIOs is the effective management and analysis of information to aid the business without compromising data security. On an average, at least one third of the information generated by an enterprise needs to be assessed for risk and compliance. At the same time, organizations need relevant information delivered at the right time to the right people in order to not only leverage customer insights but also maintain and deepen the organization’s edge over competition in the market. To leverage big data effectively and securely poses significant operational challenges in terms of IT infrastructure, governance, risk management, data quality and compliance, especially when departments work in silos. Evolving technologies like mobility, BYOD, cloud computing, machine to machine communication, connected devices and trends like social media add to the CIOs GRC challenge. There is a need to extend GRC processes to newer technologies and devices and services used by employees and the business as a whole. In fact, most CIOs today want to work towards integrating risk and compliance awareness into regular employee communication to ensure maximum data security and regulatory compliance. At the same time, organizations need to evaluate and assess the effectiveness of data security measures. 4
BENEFITS OF INTEGRATING IT GRC The biggest question in context of a technology enabled IT GRC solution is about the benefits that it can bring to the organization. Given the elaborate and complex implementation and deployment process of IT GRC it is important to have a clear view of the benefits offered by the IT GRC solution: The IT GRC solution benefit analysis can also be approached from a different angle, namely, quantitative or qualitative benefits: REDUCED RISK LOWER ONGOING COSTS QUANTITATIVE BENEFITS IMMEDIATE ROI BETTER BUSINESS DECISIONS QUALITATIVE BENEFITS • Ongoing risk detection and assessment • Enhanced risk mitigation • Assured compliance • Reduced number of IT controls • Lower headcount requirements • Reduction in audit and external fees • Lower IT costs • Tight control over recommendations and action plans - process and resources • Focus risk, compliance, audit and functional resources on highest risk or opportunities • Closed loop management of issues, findings, remediation and action plans • Greater ROI for fees for external auditors and consultants • Lower risk of non-compliance based on audit finding and observations • Compliance and Controls • Risk and Losses • Reputation Management • Revenue Management • Visibility • Transparency • Strategic Value • Increase risk & compliance management efficiency and effectiveness • Drive year over year performance through continuous improvements • Greater cross-organizational visibility for risk issues and compliance deficiencies • Corporate culture stressing higher compliance awareness – reduce the need for mitigation and remediation • Build shareholder value through better auditing and compliance practices 5
IT RISK MANAGEMENT FRAMEWORK IT risk management practices are deep-rooted in the organization Analyze riskManage risk Business Objectives Risk EvaluationRisk Response IT related risk and opportunities are proactively identified, analyzed and presented in business terminology IT related risk issues, handled in a cost effective manner and aligned to business priorities Maintain risk profile React to events Collect data Articulate risk Integrate with ERMEstablish and maintain Make risk-aware RISK GOVERNANCE 6
IT GRC SOLUTION IT GRC SOLUTION - KEY FEATURES An advanced and comprehensive enterprise level IT GRC software solution can enable streamlining IT GRC processes, effectively managing risk, and meeting regulatory requirements. The solution enables companies to implement a formal framework to rigorously measure, mitigate, and monitor risks. It also simplifies and reduces the cost of compliance with many regulations governing data retention, privacy, confidential information, financial accountability, and recovery from disasters. Business Functions - Integrates various business functions such as IT governance, policy management, risk management, compliance management, audit management, and incident management Governance Frameworks - Create, measure, monitor, and manage IT governance programs based on control frameworks like COBIT, ISO 27001, NIST, and ITIL Compliance Requirements - Access to various compliance requirements like, FFIEC, PCI, FISMA, GLBA, HIPAA, NIST, and many others Threat Management - Standardized Investigation Processes to address organization level global security threats Workflow - Enables an automated and workflow driven approach to managing, communicating and implementing IT policies and procedures across the enterprise Process Management - Provides a mechanism for managing IT surveys, certifications, self-assessments, and audits IT Audit Management - streamline and strengthen the entire life cycle of audit management by helping to understand, measure, analyze and improve the organization’s functions and processes Documentation - Provides a centralized solution for storing documents related to IT risks, mitigation plans, questionnaires, checklists, assets, defining controls, and risk assessments Risk & Issue Management - Provides a robust issue management system for capturing and tracking IT issues, incidents, and threats as well as implementing corrective and preventive actions (CAPA) KRIs - Provides well defined key risk indicators with scope for customizations, assessment results, and compliance initiatives Reporting - Provides dashboarding and integrated reporting capabilities including self-assessments, manual assessments, and automated control mechanisms. In built data analytics and IT GRC intelligence capabilities 7
IT GRC FRAMEWORK - IMPLEMENTATION 360 DEGREE OF RISK There are two strategies that an organization can take when implementing an IT GRC framework. These are (1) Obtaining a 360 degree view of Enterprise Risk, and (2) Aggregating across the IT and Security Ecosystems in the organization. What is the likely loss of magnitude? Business Impact Risk Appetite VulnerabilitiesThreats What is the threat landscape? What is our appetite and how does that translate into thresholds? How are we vulnerable? • Ultimate Objective: Risk Intelligence - right metrics for better business performance through active governance • Threat, Vulnerability, Risk, mean different things to different stakeholders - common model and taxonomy • Threat Intelligence, Incident Response and Crisis Management - integrated, agile processes to protect against advanced, persistent threats and complex attacks • Information Security Eco-system is orthogonal to IT - embedded in the business process • Governance, Risk and Compliance Management - single repository for analytics and one version of the truth 8
AGGREGATING ACROSS IT AND SECURITY ECOSYSTEM SUSTAINABILITY AND BEST PRACTICES FOR DEPLOYING IT GRC • Leverage a common GRC platform, with an asset inventory, risk and control framework and nomenclature • Integrate with Security and IT monitoring systems – provide business context for security and IT • Leverage Heat maps, KRIs, KPIs for decision support and business intelligence • Use customized automated notifications when thresholds are breached • Integrate tests and exercises with Business Continuity and Disaster Recovery programs • Streamline risk management – single information model, cross-functional collaboration, multi-dimensional risk assessments Automation of IT GRC processes is a must have item on most CIO wish lists today. While implementing IT GRC solutions it is crucial to remember no solution can be truly effective without the right monitoring systems. A comprehensive overview of the objectives for IT GRC automation, coupled with the expected deliverables and benefits against which to evaluate performance, is an effective way of implementing a sustainable cutting edge IT GRC platform. 9
IT GRC AUTOMATION CONCLUSION With an automated IT GRC platform organizations can not only do away with redundancies but also reduce manual efforts and thereby minimize the room for human error. It important to have a clear picture of the desired deliverables and the expected benefits of such an automated solution: That the modern organization faces multiple serious threats from different quarters is an unarguable fact of business today. As risk and compliance complexities evolve and increase, it will be impossible for CIOs to ensure seamless foolproof GRC processes unless they actively adopt a technology leadership position. A solution which integrates various systems, documents risk needs and applicable remediation strategies, allows real-time data ingestion and issue tracking mechanisms. There is no denying that such a solution can not only serve the IT GRC needs of an organization efficiently, but also reduce costs and help drive risk-driven business decision-making. • Definition of a target framework to be implemented within the selected groups for both functional and IT departments • Definition of the stepwise transformation roadmap • Definition of a consistent target framework (process, system and norms) ensuring data quality and coherence of indicators throughout the group • Reduced non productive time periods and optimized the operational efficiency • Substantial contribution to strategic targets and concentration on core business • Risks and cost reduction; controls and response time improvements • Improvement of overall data integrity homogeneity and availability • Substantial reduction of production & reporting cycle times and costs DELIVERABLES BENEFITS 10
CONTACT Visit: www.maclear-grc.com Email: info@maclear-grc.com USA: +1 630 839 9214 UK: +44 203 006 2558 ABOUT US Maclear specializes in enterprise governance, risk and compliance (eGRC) solutions. Our core capabilities cover roadmap design, solutions scoping, design & implementation, training & awareness and solutions support. Our integrated holistic approach to eGRC helps drive efficiency, effectiveness and agility for our clients by minimizing risk and compliance threats, enabling process improvement, fostering collaboration and facilitating automation. Our client base spans industries including banking, financial services, insurance, healthcare, retail, manufacturing, education and energy. As a fast growing company, we have earned a reputation of delivering outstanding value to our clients through delivery of exceptional eGRC solutions and services. About the Author Ketan Dholakia (Co-founder) Americas & APACJ Ketan Dholakia is a global IT executive with in-depth knowledge of IT services and operations with 20+ years of experience establishing security and risk management solution. Ketan’s professional services expertise and extensive experience working with large and mid-tiered multi-national corporations has established him as leader in the GRC arena. Prior to Maclear, Ketan led senior teams for Schlaumburger, GTS, Zurich Financial Services, Adams Harris and Archer Technologies.

Recommended

Review the five signs that you need a new Segregation of Duties compliance st...
Review the five signs that you need a new Segregation of Duties compliance st...Review the five signs that you need a new Segregation of Duties compliance st...
Review the five signs that you need a new Segregation of Duties compliance st...
Symmetry™
 
PCSG Corporate Overview
PCSG Corporate OverviewPCSG Corporate Overview
PCSG Corporate Overview
jayallen77
 
Enterprise risk management
Enterprise risk managementEnterprise risk management
Enterprise risk management
MetricStream Inc
 
GRC Essentials for Customers using SAP
GRC Essentials for Customers using SAP GRC Essentials for Customers using SAP
GRC Essentials for Customers using SAP
Dudley Cartwright
 
13 Top GRC Tools for an Integrated Governance, Risk and Compliance Strategy
13 Top GRC Tools for an Integrated Governance, Risk and Compliance Strategy13 Top GRC Tools for an Integrated Governance, Risk and Compliance Strategy
13 Top GRC Tools for an Integrated Governance, Risk and Compliance Strategy
QuekelsBaro
 
Crafting an End-to-End Pharma GRC Strategy
Crafting an End-to-End Pharma GRC StrategyCrafting an End-to-End Pharma GRC Strategy
Crafting an End-to-End Pharma GRC Strategy
Cognizant
 
Real Time Risk Management
Real Time Risk ManagementReal Time Risk Management
Real Time Risk Management
Mike Popham MBA PhD CPEng FRSA
 
How to Evaluate a Managed Services Firm
How to Evaluate a Managed Services FirmHow to Evaluate a Managed Services Firm
How to Evaluate a Managed Services Firm
oneneckitservices
 

Recommended

Review the five signs that you need a new Segregation of Duties compliance st...
Review the five signs that you need a new Segregation of Duties compliance st...Review the five signs that you need a new Segregation of Duties compliance st...
Review the five signs that you need a new Segregation of Duties compliance st...
Symmetry™
 
PCSG Corporate Overview
PCSG Corporate OverviewPCSG Corporate Overview
PCSG Corporate Overview
jayallen77
 
Enterprise risk management
Enterprise risk managementEnterprise risk management
Enterprise risk management
MetricStream Inc
 
GRC Essentials for Customers using SAP
GRC Essentials for Customers using SAP GRC Essentials for Customers using SAP
GRC Essentials for Customers using SAP
Dudley Cartwright
 
13 Top GRC Tools for an Integrated Governance, Risk and Compliance Strategy
13 Top GRC Tools for an Integrated Governance, Risk and Compliance Strategy13 Top GRC Tools for an Integrated Governance, Risk and Compliance Strategy
13 Top GRC Tools for an Integrated Governance, Risk and Compliance Strategy
QuekelsBaro
 
Crafting an End-to-End Pharma GRC Strategy
Crafting an End-to-End Pharma GRC StrategyCrafting an End-to-End Pharma GRC Strategy
Crafting an End-to-End Pharma GRC Strategy
Cognizant
 
Real Time Risk Management
Real Time Risk ManagementReal Time Risk Management
Real Time Risk Management
Mike Popham MBA PhD CPEng FRSA
 
How to Evaluate a Managed Services Firm
How to Evaluate a Managed Services FirmHow to Evaluate a Managed Services Firm
How to Evaluate a Managed Services Firm
oneneckitservices
 
SAP Security – Dealing with the Internal Threat of Working from Home
SAP Security – Dealing with the Internal Threat of Working from HomeSAP Security – Dealing with the Internal Threat of Working from Home
SAP Security – Dealing with the Internal Threat of Working from Home
Dudley Cartwright
 
The Roadmap to Becoming a Top Performing Organization in Managing IT Operations
The Roadmap to Becoming a Top Performing Organization in Managing IT OperationsThe Roadmap to Becoming a Top Performing Organization in Managing IT Operations
The Roadmap to Becoming a Top Performing Organization in Managing IT Operations
Digital Enterprise Journal
 
The Changing Data Quality & Data Governance Landscape
The Changing Data Quality & Data Governance LandscapeThe Changing Data Quality & Data Governance Landscape
The Changing Data Quality & Data Governance Landscape
Trillium Software
 
IBM Software Capabilities
IBM Software CapabilitiesIBM Software Capabilities
IBM Software Capabilities
None
 
Petronas Project Oversight and Corporate Governance System Requirements
Petronas Project Oversight and Corporate Governance System RequirementsPetronas Project Oversight and Corporate Governance System Requirements
Petronas Project Oversight and Corporate Governance System Requirements
Darren Surin, BSc, MBA, PMP, ITIL
 
IS Audits and Internal Controls
IS Audits and Internal ControlsIS Audits and Internal Controls
IS Audits and Internal Controls
Bharath Rao
 
Insurance rating software market
Insurance rating software marketInsurance rating software market
Insurance rating software market
HarshalBamble
 
BPM in Healthcare
BPM in HealthcareBPM in Healthcare
BPM in Healthcare
Sandy Kemsley
 
Cyber fraud and Security - What risks does family office's face in today's wo...
Cyber fraud and Security - What risks does family office's face in today's wo...Cyber fraud and Security - What risks does family office's face in today's wo...
Cyber fraud and Security - What risks does family office's face in today's wo...
Kannan Subbiah
 
IT Service Management (ITSM) Model for Business & IT Alignement
IT Service Management (ITSM) Model for Business & IT AlignementIT Service Management (ITSM) Model for Business & IT Alignement
IT Service Management (ITSM) Model for Business & IT Alignement
Rick Lemieux
 
Capgemini Consulting Claims Ops Model Alignment Program 3 13 2015
Capgemini Consulting Claims Ops Model Alignment Program 3 13 2015Capgemini Consulting Claims Ops Model Alignment Program 3 13 2015
Capgemini Consulting Claims Ops Model Alignment Program 3 13 2015
Claire Louis
 
Case study presentation
Case study presentationCase study presentation
Case study presentation
achtched
 
BCBS Information Article By Mike Gowlett
BCBS Information Article By Mike GowlettBCBS Information Article By Mike Gowlett
BCBS Information Article By Mike Gowlett
Michael Gowlett PMP, Prince 2 Practitioner
 
BPM implementation in Healthcare
BPM implementation in HealthcareBPM implementation in Healthcare
BPM implementation in Healthcare
Raghuraman Balasubramanian
 
BMC Discovery IDC Research Study 470 ROI in 5 Years
BMC Discovery IDC Research Study 470 ROI in 5 YearsBMC Discovery IDC Research Study 470 ROI in 5 Years
BMC Discovery IDC Research Study 470 ROI in 5 Years
Chris Farwell
 
Identity Management: Risk Across The Enterprise
Identity Management: Risk Across The EnterpriseIdentity Management: Risk Across The Enterprise
Identity Management: Risk Across The Enterprise
Perficient, Inc.
 
Data analytics 2 analytics in the audit slides
Data analytics 2 analytics in the audit slides Data analytics 2 analytics in the audit slides
Data analytics 2 analytics in the audit slides
Jim Kaplan CIA CFE
 
Dit yvol5iss37
Dit yvol5iss37Dit yvol5iss37
Dit yvol5iss37
Rick Lemieux
 
The Architecture for Rapid Decisions
The Architecture for Rapid DecisionsThe Architecture for Rapid Decisions
The Architecture for Rapid Decisions
Kishore Jethanandani, MBA, MA, MPhil,
 
Business Intelligence: Realizing the Benefits of a Data-Driven Journey
Business Intelligence: Realizing the Benefits of a Data-Driven JourneyBusiness Intelligence: Realizing the Benefits of a Data-Driven Journey
Business Intelligence: Realizing the Benefits of a Data-Driven Journey
Rob Williams
 
教導感恩 愛
教導感恩 愛教導感恩 愛
教導感恩 愛
hsu16868
 
081712 isaca-atl-auditing sap-grc
081712 isaca-atl-auditing sap-grc081712 isaca-atl-auditing sap-grc
081712 isaca-atl-auditing sap-grc
hkodali
 

More Related Content

What's hot

The Changing Data Quality & Data Governance Landscape
The Changing Data Quality & Data Governance LandscapeThe Changing Data Quality & Data Governance Landscape
The Changing Data Quality & Data Governance Landscape
Trillium Software
 
Petronas Project Oversight and Corporate Governance System Requirements
Petronas Project Oversight and Corporate Governance System RequirementsPetronas Project Oversight and Corporate Governance System Requirements
Petronas Project Oversight and Corporate Governance System Requirements
Darren Surin, BSc, MBA, PMP, ITIL
 
Capgemini Consulting Claims Ops Model Alignment Program 3 13 2015
Capgemini Consulting Claims Ops Model Alignment Program 3 13 2015Capgemini Consulting Claims Ops Model Alignment Program 3 13 2015
Capgemini Consulting Claims Ops Model Alignment Program 3 13 2015
Claire Louis
 
BMC Discovery IDC Research Study 470 ROI in 5 Years
BMC Discovery IDC Research Study 470 ROI in 5 YearsBMC Discovery IDC Research Study 470 ROI in 5 Years
BMC Discovery IDC Research Study 470 ROI in 5 Years
Chris Farwell
 
Data analytics 2 analytics in the audit slides
Data analytics 2 analytics in the audit slides Data analytics 2 analytics in the audit slides
Data analytics 2 analytics in the audit slides
Jim Kaplan CIA CFE
 

What's hot (20)

SAP Security – Dealing with the Internal Threat of Working from Home
SAP Security – Dealing with the Internal Threat of Working from HomeSAP Security – Dealing with the Internal Threat of Working from Home
SAP Security – Dealing with the Internal Threat of Working from Home
 
The Roadmap to Becoming a Top Performing Organization in Managing IT Operations
The Roadmap to Becoming a Top Performing Organization in Managing IT OperationsThe Roadmap to Becoming a Top Performing Organization in Managing IT Operations
The Roadmap to Becoming a Top Performing Organization in Managing IT Operations
 
The Changing Data Quality & Data Governance Landscape
The Changing Data Quality & Data Governance LandscapeThe Changing Data Quality & Data Governance Landscape
The Changing Data Quality & Data Governance Landscape
 
IBM Software Capabilities
IBM Software CapabilitiesIBM Software Capabilities
IBM Software Capabilities
 
Petronas Project Oversight and Corporate Governance System Requirements
Petronas Project Oversight and Corporate Governance System RequirementsPetronas Project Oversight and Corporate Governance System Requirements
Petronas Project Oversight and Corporate Governance System Requirements
 
IS Audits and Internal Controls
IS Audits and Internal ControlsIS Audits and Internal Controls
IS Audits and Internal Controls
 
Insurance rating software market
Insurance rating software marketInsurance rating software market
Insurance rating software market
 
BPM in Healthcare
BPM in HealthcareBPM in Healthcare
BPM in Healthcare
 
Cyber fraud and Security - What risks does family office's face in today's wo...
Cyber fraud and Security - What risks does family office's face in today's wo...Cyber fraud and Security - What risks does family office's face in today's wo...
Cyber fraud and Security - What risks does family office's face in today's wo...
 
IT Service Management (ITSM) Model for Business & IT Alignement
IT Service Management (ITSM) Model for Business & IT AlignementIT Service Management (ITSM) Model for Business & IT Alignement
IT Service Management (ITSM) Model for Business & IT Alignement
 
Capgemini Consulting Claims Ops Model Alignment Program 3 13 2015
Capgemini Consulting Claims Ops Model Alignment Program 3 13 2015Capgemini Consulting Claims Ops Model Alignment Program 3 13 2015
Capgemini Consulting Claims Ops Model Alignment Program 3 13 2015
 
Case study presentation
Case study presentationCase study presentation
Case study presentation
 
BCBS Information Article By Mike Gowlett
BCBS Information Article By Mike GowlettBCBS Information Article By Mike Gowlett
BCBS Information Article By Mike Gowlett
 
BPM implementation in Healthcare
BPM implementation in HealthcareBPM implementation in Healthcare
BPM implementation in Healthcare
 
BMC Discovery IDC Research Study 470 ROI in 5 Years
BMC Discovery IDC Research Study 470 ROI in 5 YearsBMC Discovery IDC Research Study 470 ROI in 5 Years
BMC Discovery IDC Research Study 470 ROI in 5 Years
 
Identity Management: Risk Across The Enterprise
Identity Management: Risk Across The EnterpriseIdentity Management: Risk Across The Enterprise
Identity Management: Risk Across The Enterprise
 
Data analytics 2 analytics in the audit slides
Data analytics 2 analytics in the audit slides Data analytics 2 analytics in the audit slides
Data analytics 2 analytics in the audit slides
 
Dit yvol5iss37
Dit yvol5iss37Dit yvol5iss37
Dit yvol5iss37
 
The Architecture for Rapid Decisions
The Architecture for Rapid DecisionsThe Architecture for Rapid Decisions
The Architecture for Rapid Decisions
 
Business Intelligence: Realizing the Benefits of a Data-Driven Journey
Business Intelligence: Realizing the Benefits of a Data-Driven JourneyBusiness Intelligence: Realizing the Benefits of a Data-Driven Journey
Business Intelligence: Realizing the Benefits of a Data-Driven Journey
 

Viewers also liked

教導感恩 愛
教導感恩 愛教導感恩 愛
教導感恩 愛
hsu16868
 
081712 isaca-atl-auditing sap-grc
081712 isaca-atl-auditing sap-grc081712 isaca-atl-auditing sap-grc
081712 isaca-atl-auditing sap-grc
hkodali
 

Viewers also liked (12)

教導感恩 愛
教導感恩 愛教導感恩 愛
教導感恩 愛
 
081712 isaca-atl-auditing sap-grc
081712 isaca-atl-auditing sap-grc081712 isaca-atl-auditing sap-grc
081712 isaca-atl-auditing sap-grc
 
GRC Governance, Risk mgmt. & Compliance Executive
GRC Governance, Risk mgmt. & Compliance ExecutiveGRC Governance, Risk mgmt. & Compliance Executive
GRC Governance, Risk mgmt. & Compliance Executive
 
Sap grc process control 10.0
Sap grc process control 10.0Sap grc process control 10.0
Sap grc process control 10.0
 
GRC
GRCGRC
GRC
 
Benchmark et méthode GRC agest MOPA GRC 31 mars 2016
Benchmark et méthode GRC agest MOPA GRC 31 mars 2016Benchmark et méthode GRC agest MOPA GRC 31 mars 2016
Benchmark et méthode GRC agest MOPA GRC 31 mars 2016
 
Sap GRC Basic Information | GRC 12 online training
Sap GRC Basic Information | GRC 12 online trainingSap GRC Basic Information | GRC 12 online training
Sap GRC Basic Information | GRC 12 online training
 
SAP grc
SAP grc SAP grc
SAP grc
 
Introduction to SAP Security
Introduction to SAP SecurityIntroduction to SAP Security
Introduction to SAP Security
 
SAP SECURITY GRC
SAP SECURITY GRCSAP SECURITY GRC
SAP SECURITY GRC
 
Grc 10 training
Grc 10 trainingGrc 10 training
Grc 10 training
 
SAP GRC 10 Access Control
SAP GRC 10 Access ControlSAP GRC 10 Access Control
SAP GRC 10 Access Control
 

Similar to Maclear’s IT GRC Tools – Key Issues and Trends

Power your businesswith risk informed decisions
Power your businesswith risk informed decisionsPower your businesswith risk informed decisions
Power your businesswith risk informed decisions
Alireza Ghahrood
 
Big data governance as a corporate governance imperative
Big data governance as a corporate governance imperativeBig data governance as a corporate governance imperative
Big data governance as a corporate governance imperative
Guy Pearce
 
CML Group GRCaaS Dashboard
CML Group GRCaaS Dashboard CML Group GRCaaS Dashboard
CML Group GRCaaS Dashboard
Jim Robins
 
GRC– The Way Forward
GRC– The Way ForwardGRC– The Way Forward
GRC– The Way Forward
Rochester Security Summit
 
Is Your Agency Data Challenged?
Is Your Agency Data Challenged?Is Your Agency Data Challenged?
Is Your Agency Data Challenged?
DLT Solutions
 
Governance Risk and Compliance for SAP
Governance Risk and Compliance for SAPGovernance Risk and Compliance for SAP
Governance Risk and Compliance for SAP
PECB
 
Information Security Program & PCI Compliance Planning for your Business
Information Security Program & PCI Compliance Planning for your BusinessInformation Security Program & PCI Compliance Planning for your Business
Information Security Program & PCI Compliance Planning for your Business
Laura Perry
 

Similar to Maclear’s IT GRC Tools – Key Issues and Trends (20)

Risk Product.pptx
Risk Product.pptxRisk Product.pptx
Risk Product.pptx
 
It and business risk alignment guide
It and business risk alignment guideIt and business risk alignment guide
It and business risk alignment guide
 
TrustedAgent GRC for Public Sector
TrustedAgent GRC for Public SectorTrustedAgent GRC for Public Sector
TrustedAgent GRC for Public Sector
 
TrustedAgent GRC for Public Sector
TrustedAgent GRC for Public SectorTrustedAgent GRC for Public Sector
TrustedAgent GRC for Public Sector
 
IT Risk assessment and Audit Planning
IT Risk assessment and Audit PlanningIT Risk assessment and Audit Planning
IT Risk assessment and Audit Planning
 
Power your businesswith risk informed decisions
Power your businesswith risk informed decisionsPower your businesswith risk informed decisions
Power your businesswith risk informed decisions
 
Big data governance as a corporate governance imperative
Big data governance as a corporate governance imperativeBig data governance as a corporate governance imperative
Big data governance as a corporate governance imperative
 
SLVA - Developing an IT GRC Strategy
SLVA - Developing an IT GRC StrategySLVA - Developing an IT GRC Strategy
SLVA - Developing an IT GRC Strategy
 
Government and SOX Compliance for ERP Systems
Government and SOX Compliance for ERP SystemsGovernment and SOX Compliance for ERP Systems
Government and SOX Compliance for ERP Systems
 
CML Group GRCaaS Dashboard
CML Group GRCaaS Dashboard CML Group GRCaaS Dashboard
CML Group GRCaaS Dashboard
 
it grc
it grc it grc
it grc
 
task 1
task 1task 1
task 1
 
CMLGroup - What is GRC?
CMLGroup - What is GRC?CMLGroup - What is GRC?
CMLGroup - What is GRC?
 
Concept of Governance - Management of Operational Risk for IT Officers/Execut...
Concept of Governance - Management of Operational Risk for IT Officers/Execut...Concept of Governance - Management of Operational Risk for IT Officers/Execut...
Concept of Governance - Management of Operational Risk for IT Officers/Execut...
 
SDM Presentation V1.0
SDM Presentation V1.0SDM Presentation V1.0
SDM Presentation V1.0
 
GRC– The Way Forward
GRC– The Way ForwardGRC– The Way Forward
GRC– The Way Forward
 
Is Your Agency Data Challenged?
Is Your Agency Data Challenged?Is Your Agency Data Challenged?
Is Your Agency Data Challenged?
 
Governance Risk and Compliance for SAP
Governance Risk and Compliance for SAPGovernance Risk and Compliance for SAP
Governance Risk and Compliance for SAP
 
Information Security Program & PCI Compliance Planning for your Business
Information Security Program & PCI Compliance Planning for your BusinessInformation Security Program & PCI Compliance Planning for your Business
Information Security Program & PCI Compliance Planning for your Business
 
A Case Study Explored: Increase Effectiveness While Lowering Operational Cost...
A Case Study Explored: Increase Effectiveness While Lowering Operational Cost...A Case Study Explored: Increase Effectiveness While Lowering Operational Cost...
A Case Study Explored: Increase Effectiveness While Lowering Operational Cost...
 

Recently uploaded

Malegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Malegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort ServiceMalegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Malegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Damini Dixit
 
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
amitlee9823
 
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Sheetaleventcompany
 
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
Aggregage
 
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai KuwaitThe Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
daisycvs
 
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
Call Girls in Nagpur High Profile Call Girls
 
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
rajveerescorts2022
 
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
daisycvs
 
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Sheetaleventcompany
 
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
dlhescort
 
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
lizamodels9
 
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRLBAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
kapoorjyoti4444
 

Recently uploaded (20)

Malegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Malegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort ServiceMalegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Malegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
 
Falcon Invoice Discounting: Empowering Your Business Growth
Falcon Invoice Discounting: Empowering Your Business GrowthFalcon Invoice Discounting: Empowering Your Business Growth
Falcon Invoice Discounting: Empowering Your Business Growth
 
Lundin Gold - Q1 2024 Conference Call Presentation (Revised)
Lundin Gold - Q1 2024 Conference Call Presentation (Revised)Lundin Gold - Q1 2024 Conference Call Presentation (Revised)
Lundin Gold - Q1 2024 Conference Call Presentation (Revised)
 
Business Model Canvas (BMC)- A new venture concept
Business Model Canvas (BMC)- A new venture conceptBusiness Model Canvas (BMC)- A new venture concept
Business Model Canvas (BMC)- A new venture concept
 
Marel Q1 2024 Investor Presentation from May 8, 2024
Marel Q1 2024 Investor Presentation from May 8, 2024Marel Q1 2024 Investor Presentation from May 8, 2024
Marel Q1 2024 Investor Presentation from May 8, 2024
 
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
 
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
 
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
 
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai KuwaitThe Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
 
Famous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st CenturyFamous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st Century
 
Falcon's Invoice Discounting: Your Path to Prosperity
Falcon's Invoice Discounting: Your Path to ProsperityFalcon's Invoice Discounting: Your Path to Prosperity
Falcon's Invoice Discounting: Your Path to Prosperity
 
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
 
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
 
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
 
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
 
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
 
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
 
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
 
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfDr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
 
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRLBAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
 

Maclear’s IT GRC Tools – Key Issues and Trends

  • 2. Introduction IT GRC Landscape IT GRC Tools - Key Issues & Trends Key Challenges Benefits of Integrating IT GRC IT Risk Management Framework IT GRC Solution IT GRC Solution - Key Features IT GRC Framework - Implementation 360 Degree of Risk Aggregating across IT and Security Ecosystem Sustainability and Best Practices for Deploying IT GRC IT GRC Automation Conclusion 3 3 4 4 5 6 7 7 8 8 9 9 10 10 CONTENTS
  • 3. IT GRC INTRODUCTION IT GRC LANDSCAPE 2013, already being referred to as the “Year of Data Leaks”, witnessed a total of 2164 separate cases of data breaches which exposed over 822 million records. Hacking accounted for almost 60% of incidents, and over 70% of leaked records. A report by Symantec put the average cost of data breaches in 2013 between $1.1 million on the lowest end and $5.4 million on the highest. When we consider that data security breach is just one of the many threats facing an organization, the business impact estimate of security breaches, regulatory non-compliance and lack of effective governance is staggering. The modern organization operates in a complex high risk environment. At one level, it is affected by macro changes in the environment such as economic downturns, political instability and disasters. At the other level it has to contend with unprecedented volumes of data, ensure data security and effective data validation amidst increasing consumerization of IT, digital convergence and ever changing compliance regulations. Organizations today are under tremendous pressure to ensure optimum governance, operational transparency and effective risk management while maintaining profitability and competitive edge. This necessitates a comprehensive focus on IT GRC with state of the art technology enabled solutions to create and manage the necessary governance frameworks. This whitepaper focuses on the ways in which IT GRC can be implemented, its best practices and key benefits for an organization. Technology enablement has been at the forefront of paradigm shifts in the GRC space over the last few years. It has been proven beyond doubt now that organizations that use technology to enable their GRC processes have significant advantages over others. Some of these are the potential to reduce the cost of risk management, enhance compliance and audit controls and processes, and streamline reporting and analytics, and better risk management. It is, however, important to note the key issues that are faced by IT GRC and some of the recent trends in this space. 3
  • 4. IT GRC TOOLS - KEY ISSUES & TRENDS KEY CHALLENGES ISSUES TRENDS • Non‐standard definition of GRC across industries - unstable future state and ability to define requirements • Multiple and increasingly complex regulatory environments • Legacy GRC systems are application-specific. Vendors find dificulty in generalizing their product or find alternate uses • Lack of maturity of the enterprise GRC solutions to handle complex organization structures and data flows • Lack of visualization and advanced dashboarding • Lack of Analytics capabilities • Issues with gaining real-time data feeds across disparate sources • More often than not GRC initiatives are not driven from the top layers of leadership • Rapid growth of GRC solutions with organizations realising need for robust risk management frameworks • Increasing technology enablement of GRC processes within the organization • Entrance of many top technology companies in the GRC space including acquisitions and alliances • Focus on performing advanced analytics and Business Intelligence in the GRC space • Adoption of web-based solutions for GRC products which are easily accessible and maintained • Increasing use of Business Process Mangament (BPM) for GRC processes • Robust testing mechanisms of GRC solutions incuding continuous monitoring With the IT enterprise generating unprecedented volumes of data, the biggest challenge before CIOs is the effective management and analysis of information to aid the business without compromising data security. On an average, at least one third of the information generated by an enterprise needs to be assessed for risk and compliance. At the same time, organizations need relevant information delivered at the right time to the right people in order to not only leverage customer insights but also maintain and deepen the organization’s edge over competition in the market. To leverage big data effectively and securely poses significant operational challenges in terms of IT infrastructure, governance, risk management, data quality and compliance, especially when departments work in silos. Evolving technologies like mobility, BYOD, cloud computing, machine to machine communication, connected devices and trends like social media add to the CIOs GRC challenge. There is a need to extend GRC processes to newer technologies and devices and services used by employees and the business as a whole. In fact, most CIOs today want to work towards integrating risk and compliance awareness into regular employee communication to ensure maximum data security and regulatory compliance. At the same time, organizations need to evaluate and assess the effectiveness of data security measures. 4
  • 5. BENEFITS OF INTEGRATING IT GRC The biggest question in context of a technology enabled IT GRC solution is about the benefits that it can bring to the organization. Given the elaborate and complex implementation and deployment process of IT GRC it is important to have a clear view of the benefits offered by the IT GRC solution: The IT GRC solution benefit analysis can also be approached from a different angle, namely, quantitative or qualitative benefits: REDUCED RISK LOWER ONGOING COSTS QUANTITATIVE BENEFITS IMMEDIATE ROI BETTER BUSINESS DECISIONS QUALITATIVE BENEFITS • Ongoing risk detection and assessment • Enhanced risk mitigation • Assured compliance • Reduced number of IT controls • Lower headcount requirements • Reduction in audit and external fees • Lower IT costs • Tight control over recommendations and action plans - process and resources • Focus risk, compliance, audit and functional resources on highest risk or opportunities • Closed loop management of issues, findings, remediation and action plans • Greater ROI for fees for external auditors and consultants • Lower risk of non-compliance based on audit finding and observations • Compliance and Controls • Risk and Losses • Reputation Management • Revenue Management • Visibility • Transparency • Strategic Value • Increase risk & compliance management efficiency and effectiveness • Drive year over year performance through continuous improvements • Greater cross-organizational visibility for risk issues and compliance deficiencies • Corporate culture stressing higher compliance awareness – reduce the need for mitigation and remediation • Build shareholder value through better auditing and compliance practices 5
  • 6. IT RISK MANAGEMENT FRAMEWORK IT risk management practices are deep-rooted in the organization Analyze riskManage risk Business Objectives Risk EvaluationRisk Response IT related risk and opportunities are proactively identified, analyzed and presented in business terminology IT related risk issues, handled in a cost effective manner and aligned to business priorities Maintain risk profile React to events Collect data Articulate risk Integrate with ERMEstablish and maintain Make risk-aware RISK GOVERNANCE 6
  • 7. IT GRC SOLUTION IT GRC SOLUTION - KEY FEATURES An advanced and comprehensive enterprise level IT GRC software solution can enable streamlining IT GRC processes, effectively managing risk, and meeting regulatory requirements. The solution enables companies to implement a formal framework to rigorously measure, mitigate, and monitor risks. It also simplifies and reduces the cost of compliance with many regulations governing data retention, privacy, confidential information, financial accountability, and recovery from disasters. Business Functions - Integrates various business functions such as IT governance, policy management, risk management, compliance management, audit management, and incident management Governance Frameworks - Create, measure, monitor, and manage IT governance programs based on control frameworks like COBIT, ISO 27001, NIST, and ITIL Compliance Requirements - Access to various compliance requirements like, FFIEC, PCI, FISMA, GLBA, HIPAA, NIST, and many others Threat Management - Standardized Investigation Processes to address organization level global security threats Workflow - Enables an automated and workflow driven approach to managing, communicating and implementing IT policies and procedures across the enterprise Process Management - Provides a mechanism for managing IT surveys, certifications, self-assessments, and audits IT Audit Management - streamline and strengthen the entire life cycle of audit management by helping to understand, measure, analyze and improve the organization’s functions and processes Documentation - Provides a centralized solution for storing documents related to IT risks, mitigation plans, questionnaires, checklists, assets, defining controls, and risk assessments Risk & Issue Management - Provides a robust issue management system for capturing and tracking IT issues, incidents, and threats as well as implementing corrective and preventive actions (CAPA) KRIs - Provides well defined key risk indicators with scope for customizations, assessment results, and compliance initiatives Reporting - Provides dashboarding and integrated reporting capabilities including self-assessments, manual assessments, and automated control mechanisms. In built data analytics and IT GRC intelligence capabilities 7
  • 8. IT GRC FRAMEWORK - IMPLEMENTATION 360 DEGREE OF RISK There are two strategies that an organization can take when implementing an IT GRC framework. These are (1) Obtaining a 360 degree view of Enterprise Risk, and (2) Aggregating across the IT and Security Ecosystems in the organization. What is the likely loss of magnitude? Business Impact Risk Appetite VulnerabilitiesThreats What is the threat landscape? What is our appetite and how does that translate into thresholds? How are we vulnerable? • Ultimate Objective: Risk Intelligence - right metrics for better business performance through active governance • Threat, Vulnerability, Risk, mean different things to different stakeholders - common model and taxonomy • Threat Intelligence, Incident Response and Crisis Management - integrated, agile processes to protect against advanced, persistent threats and complex attacks • Information Security Eco-system is orthogonal to IT - embedded in the business process • Governance, Risk and Compliance Management - single repository for analytics and one version of the truth 8
  • 9. AGGREGATING ACROSS IT AND SECURITY ECOSYSTEM SUSTAINABILITY AND BEST PRACTICES FOR DEPLOYING IT GRC • Leverage a common GRC platform, with an asset inventory, risk and control framework and nomenclature • Integrate with Security and IT monitoring systems – provide business context for security and IT • Leverage Heat maps, KRIs, KPIs for decision support and business intelligence • Use customized automated notifications when thresholds are breached • Integrate tests and exercises with Business Continuity and Disaster Recovery programs • Streamline risk management – single information model, cross-functional collaboration, multi-dimensional risk assessments Automation of IT GRC processes is a must have item on most CIO wish lists today. While implementing IT GRC solutions it is crucial to remember no solution can be truly effective without the right monitoring systems. A comprehensive overview of the objectives for IT GRC automation, coupled with the expected deliverables and benefits against which to evaluate performance, is an effective way of implementing a sustainable cutting edge IT GRC platform. 9
  • 10. IT GRC AUTOMATION CONCLUSION With an automated IT GRC platform organizations can not only do away with redundancies but also reduce manual efforts and thereby minimize the room for human error. It important to have a clear picture of the desired deliverables and the expected benefits of such an automated solution: That the modern organization faces multiple serious threats from different quarters is an unarguable fact of business today. As risk and compliance complexities evolve and increase, it will be impossible for CIOs to ensure seamless foolproof GRC processes unless they actively adopt a technology leadership position. A solution which integrates various systems, documents risk needs and applicable remediation strategies, allows real-time data ingestion and issue tracking mechanisms. There is no denying that such a solution can not only serve the IT GRC needs of an organization efficiently, but also reduce costs and help drive risk-driven business decision-making. • Definition of a target framework to be implemented within the selected groups for both functional and IT departments • Definition of the stepwise transformation roadmap • Definition of a consistent target framework (process, system and norms) ensuring data quality and coherence of indicators throughout the group • Reduced non productive time periods and optimized the operational efficiency • Substantial contribution to strategic targets and concentration on core business • Risks and cost reduction; controls and response time improvements • Improvement of overall data integrity homogeneity and availability • Substantial reduction of production & reporting cycle times and costs DELIVERABLES BENEFITS 10
  • 11. CONTACT Visit: www.maclear-grc.com Email: info@maclear-grc.com USA: +1 630 839 9214 UK: +44 203 006 2558 ABOUT US Maclear specializes in enterprise governance, risk and compliance (eGRC) solutions. Our core capabilities cover roadmap design, solutions scoping, design & implementation, training & awareness and solutions support. Our integrated holistic approach to eGRC helps drive efficiency, effectiveness and agility for our clients by minimizing risk and compliance threats, enabling process improvement, fostering collaboration and facilitating automation. Our client base spans industries including banking, financial services, insurance, healthcare, retail, manufacturing, education and energy. As a fast growing company, we have earned a reputation of delivering outstanding value to our clients through delivery of exceptional eGRC solutions and services. About the Author Ketan Dholakia (Co-founder) Americas & APACJ Ketan Dholakia is a global IT executive with in-depth knowledge of IT services and operations with 20+ years of experience establishing security and risk management solution. Ketan’s professional services expertise and extensive experience working with large and mid-tiered multi-national corporations has established him as leader in the GRC arena. Prior to Maclear, Ketan led senior teams for Schlaumburger, GTS, Zurich Financial Services, Adams Harris and Archer Technologies.