The ProcessGene GRC Suite. Solution Presentation

Transcription

1 B u s i n e s s P r o c e s s R e a l i z a t i o n The ProcessGene GRC Suite Solution Presentation Design Processes Supervise Realization Control Changes Enforce Compliance Copyright 2007

2 About ProcessGene Ltd. ProcessGene develops GRC solutions for global enterprises Serving tier 1, global, multi-subsidiary customers from various industrial branches Over 40 global integrators deploy and use the GRC Suite, with over 1000 installations Copyright 2011 Business Process Realization Copyright Slide 2 of

3 ProcessGene s Offering An end to end GRC software suite, designed for multi-subsidiary enterprises The first integrated BPM/GRC suite in SaaS The only Multi-Org GRC solution- designed for multi-subsidiary enterprises Copyright 2011 Business Process Realization Copyright Slide 4 of

4 Voice of (some) Customers Customer Teva Pharmaceuticals Largest generic pharmaceutical company worldwide, operating in over 40 countries Keter Plastic Group Europe's largest manufacturer of plastic consumer products, operating in 20 countries Strauss Group International food & beverage corporation operating 26 production sites in 17 countries Shufersal Israel's largest retail chain, operating 248 stores nationwide with 13,000 employees Voice of the Customer a central enabler for Teva's Oracle E- business suite global implementation Mr. I. Gilboa, CIO, Teva Pharmaceuticals The most important management tool for exploring, mapping and optimizing our SAP processes & GRC worldwide Mr. J. Sigura, CIO, Keter Plastic Group Multi-Org enables the effective management of global BPM/GRC efforts. SaaS simplifies deployment, reduces cost Mr. O. Strauss, CIO, Strauss Group powerful workflows and dashboards A compliance framework that integrates process-improvement and GRC Mr. S. Zohar, CFO, Shufersal Copyright 2011 Business Process Realization Copyright Slide 5 of

5 Differentiation & Competitive Advantage: ProcessGene Multi-Org Technology The only solution in the market that (1) integrates BPM and GRC, and (2) confronts Multi-Subsidiary complexity Cost and Complexity Multiple Independent Solutions ProcessGene Global Baseline Approach Single Global Solution Standardization Copyright 2011 Business Process Realization Copyright Slide 6 of

6 Benefits and Differentiation of the ProcessGene GRC Solution Leaders in cloud provisioning Designed for multi-subsidiary, global organizations Very fast implementation Full automation, with powerful BPM technology under the hood Supports multiple GRC frameworks Direct connectivity to ERP systems Unlimited amount of viewers via html reports Copyright 2011 Business Process Realization Copyright Slide 7 of

7 ProcessGene GRC Solutions Search and Reports Module End-to-end GRC enablers GRC Diagnostics and Dashboards Risk Management Regulatory Compliance Multi-Org Mechanism Corporate Governance IT GRC Collaboration Mechanism Connectivity to ERP systems Internal Audit End-to-end GRC enablers Graphics engine for Diagrams Business Process Management Engine SaaS Platform Task and Workflow Platform Copyright 2011 Business Process Realization Copyright Slide 8 of

8 Risk Management Identify, evaluate and prioritize organizational risks Relate risks to relevant business processes, systems and organizations Mitigate and control the risks Track and diagnose progress of the risk management program Link KRIs to processes or risks Record and categorize loss events Manage opportunities vs. risks Global and optimized risk vs. return management Business processes that involve high risks are easily monitored and diagnosed Copyright 2011 Business Process Realization Copyright Slide 9 of

9 Regulatory Compliance Support a wide array of compliance programs covering USA and EMEA regulations Specialized functionality & repositories for specific compliance programs Sample regulations: SOx, FDA, FERC, NERC, FAA, OMB A-123, EH&S, HACCP, ISO 22000, PCI, BSA, Patriot Act, GLBA, KYC, AML, Basel II, MaRisk, ISOx- Goshen, SAS70, etom, PCI-DSS, ISO 27002, NIST End to end solution, covering the entire regulatory compliance cycle A common framework to comply with the on-growing regulatory scope enables to reduce compliance costs Copyright Slide 10 of

10 IT GRC Measure and mitigate IT risks by implementing controls that ensure the security and integrity of data, systems, networks and IT facilities Ensure compliance with a set of IT regulations governing data retention, privacy, confidential information, change management, vendor information and disaster recovery Based on leading control frameworks such as Cobit, ISO 27002, NIST, ITIL Automation effectively reduces the cost of enforcement, while providing improved and quantifiable compliance results Direct connectivity to enterprise software systems automates and improves the effectiveness of IT compliance enforcement Easy access to objective evidence for compliance enforcement Copyright Slide 11 of

11 Internal Controls Document, test, sign-off and monitor the organizational controls Automated workflows simplify follow up on testing, signoff and deficiency remediation Collected evidence is documented electronically, with full audit trail Automation reduces costs and prevents errors that are caused by manual, non validated activities A control is tested once and then re-used for several compliance purposes and goes through several types of audits Copyright Slide 12 of

12 Corporate Governance Manage a dynamic set of processes, policies and procedures related to reliability, integrity and compliance with laws and regulations Deploy a workflow of automated approvals to ensure that governance is communicated and enforced Verify, through surveys and enterprise wide acknowledgment processes, that governance is disseminated and enacted Enable a clear and traceable accountability mechanism to ensure adoption of corporate governance principles Comply with required legal regulations Copyright Slide 13 of

13 ProcessGene GRC: Five Roles, Seven Responsibilities Role GRC Manager Control Owners Internal Testers External Auditor Approvers Responsibility Document Business Processes Risks, Controls, Test Plans Execute Controls and document execution evidence Conduct tests over Controls. Report test results Review efficiency of Controls based on test results Manage deficiency remediation Verify deficiency remediation Sign-Off Business Processes Copyright Slide 17 of

14 Login to the USA environment Copyright Slide 18 of

15 Copyright Slide 19 of

16 Copyright Slide 20 of

17 Copyright Slide 21 of

18 Copyright Slide 22 of

19 Easily define and edit the process description and its properties Copyright Slide 23 of

20 Easily edit the process Diagram Copyright Slide 24 of

21 ERP Screens ERP transaction/ Automatic GRC test Description Execute the automatic test or jump directly to an exact location at the ERP system Copyright Slide 25 of

22 Any SAP Screen The SAP transaction is automatically opened Direct connectivity to the ProcessGene application Copyright Slide 26 of

23 The Oracle screen is automatically opened Direct connectivity to the ProcessGene application Copyright Slide 27 of

24 Relate Risks and Controls to the Process Define the list of related Risks Jump to Controls management Copyright 2007

25 A selected Risk s properties The Risk s description Raw and residual levels Related opportunities Copyright Slide 29 of

26 A selected Risk s diagnostics Copyright Slide 30 of

27 Historical cost events Copyright Slide 31 of

28 The Risk s audit plan and audit execution data The Risk s audit plan, audit schedule and audit results, including the documentation of historical results and the management of deficiency remediation Copyright Slide 32 of

29 Tasks related to the modeling and management of the Risk Copyright Slide 33 of

30 Documents related to the modeling and management of the Risk Copyright Slide 34 of

31 Relate Risks and Controls to the Process Define the list of related Controls Copyright Slide 35 of

32 A selected Control s properties Press to edit the selected Control s properties Assign a Control owner Determine execution frequency Copyright Slide 36 of

33 All fields are editable in the Control s edit form Copyright Slide 37 of

34 Copyright Slide 38 of

35 Copyright Slide 39 of

36 The Control s test plan and test execution data Define the Test and the criteria for the Test s success/failure The Control s test plan Copyright Slide 40 of

37 Assigned tester(s) Scheduling data The Control s test schedule Copyright Slide 41 of

38 Edit the Control s Test schedule Assign testers for the Control Copyright Slide 42 of

39 Save Select a tester Copyright Slide 43 of

40 A tester was Assigned Define the test s schedule Copyright Slide 44 of

41 Scheduling data Copyright Slide 45 of

42 A tester was assigned A schedule was defined Copyright Slide 46 of

43 ProcessGene GRC: Five Roles, Seven Responsibilities Role GRC Manager Control Owners Internal Testers External Auditor Approvers Responsibility Document Business Processes Risks, Controls, Test Plans Execute Controls and document execution evidence Conduct tests over Controls. Report test results Review efficiency of Controls based on test results Manage deficiency remediation Verify deficiency remediation Sign-Off Business Processes Copyright Slide 47 of

44 Copyright Slide 48 of

45 Copyright Slide 49 of

46 Copyright Slide 50 of

47 Copyright Slide 51 of

48 Copyright Slide 52 of

49 Copyright Slide 53 of

50 ProcessGene GRC: Five Roles, Seven Responsibilities Role GRC Manager Control Owners Internal Testers External Auditor Approvers Responsibility Document Business Processes Risks, Controls, Test Plans Execute Controls and document execution evidence Conduct tests over Controls. Report test results Review efficiency of Controls based on test results Manage deficiency remediation Verify deficiency remediation Sign-Off Business Processes Copyright Slide 54 of

51 An automatic from the control s testing reminder notifications are optional Copyright Slide 55 of

52 Elizabeth Martin s Personal task list Open the Control s test task to execute it Copyright Slide 56 of

53 Read the Control s test plan and execute it accordingly Copyright Slide 57 of

54 Report test results. All results are documented in the system and history is saved. Copyright Slide 58 of

55 The Control s test results are documented in the system Copyright Slide 59 of

56 The Control s test result history Copyright Slide 60 of

57 Defining, assigning and scheduling the required deficiency remediation tasks Copyright Slide 61 of

58 ProcessGene GRC: Five Roles, Seven Responsibilities Role GRC Manager Control Owners Internal Testers External Auditor Approvers Responsibility Document Business Processes Risks, Controls, Test Plans Execute Controls and document execution evidence Conduct tests over Controls. Report test results Review efficiency of Controls based on test results Manage deficiency remediation Verify deficiency remediation Sign-Off Business Processes Copyright Slide 63 of

59 View the status of Controls in the entire organization Copyright Slide 64 of

60 A distribution of the Controls test results Copyright Slide 65 of

61 A distribution of the key Controls test results Direct access to grouped Controls (e.g to the ineffective group) Copyright Slide 66 of

62 A distribution of the Raw Risk weight in the organization The average Raw Risk level and Residual Risk level vs. the average Risk tolerance in the organization Copyright Slide 67 of

63 The average controlled vs. residual risk levels in the organization Copyright Slide 68 of

64 The average controlled vs. residual risk levels in the organization distributed per category Copyright Slide 69 of

65 All tasks in the organization can be viewed, monitored and managed from this area Copyright 2011 Jump to the end Business Process Realization Copyright Slide 70 of

66 Sign-off Processes Define Sign-off tasks per process Copyright Slide 71 of

67 View a Sign-off task details Copyright Slide 72 of

68 Edit a Sign-off task details Select the required signing statement Assign user(s) Copyright Slide 73 of

69 Save Select a tester Copyright Slide 74 of

70 Edit a Sign-off task details A user was Assigned Define the task s schedule Copyright Slide 75 of

71 Scheduling data Copyright Slide 76 of

72 The Sign-off task is defined Copyright Slide 77 of

73 ProcessGene GRC: Five Roles, Seven Responsibilities Role GRC Manager Control Owners Internal Testers External Auditor Approvers Responsibility Document Business Processes Risks, Controls, Test Plans Execute Controls and document execution evidence Conduct tests over Controls. Report test results Review efficiency of Controls based on test results Manage deficiency remediation Verify deficiency remediation Sign-Off Business Processes Copyright Slide 79 of

74 An automatic from the Process s Sign-off reminder Copyright Slide 80 of

75 Michael Chang s Personal tasks area Michael Chang s Sign-off task Copyright Slide 81 of

76 Sign-off task details Approval declaration Required action: Approve now Copyright Slide 82 of

77 Confirm the Sign-off declaration Copyright Slide 83 of

78 The Sign-off declaration is documented in the system Copyright Slide 84 of

79 All historical Sign-offs for this process Copyright Slide 85 of

80 A gauge indicating the current organizational Sign-off status Copyright Slide 86 of

81 Thank You! ProcessGene Ltd. For additional information: Copyright Slide 88 of