GRC 3.0 is GRC by Design

Similar documents
GRC Maturity. Benchmarking Your GRC Program. October 2014

BPS Suite and the OCEG Capability Model. Mapping the OCEG Capability Model to the BPS Suite s product capability.

Accelerate Your Enterprise Private Cloud Initiative

Next Generation Policy & Compliance

Enabling Security Controls, Supporting Business Results

OPERATIONAL RISK MANAGEMENT: A GUIDE TO HARNESS RISK WITH ENTERPRISE GRC

INTELLIGENCE DRIVEN GRC FOR SECURITY

INTEGRATED COMPLIANCE & ETHICS METRICS TO CONNECT THE PIECES OF ORGANIZATIONAL INTEGRITY

2017 GRC Maturity Survey

Oracle Buys Automated Applications Controls Leader LogicalApps

ACL Strategy Module. Technology Innovator in Strategy Management SOLUTIONPERSPECTIVE INNOVATOR. March 2018

ACL Interpretive Visual Remediation

Ready, Willing & Able. Michael Cover, Manager, Blue Cross Blue Shield of Michigan

Risk: Security s New Compliance. Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

Demystifying GRC. Abstract

A New Cyber Defense Management Regulation. Ophir Zilbiger, CRISC, CISSP SECOZ CEO

Challenges 3. HAWK Introduction 4. Key Benefits 6. About Gavin Technologies 7. Our Security Practice 8. Security Services Approach 9

GOVERNANCE, RISK MANAGEMENT AND COMPLIANCE TRENDS BY FCPAK ERIC KIMANI

Governance, Risk Management & Compliance Insight. Engaging Employees in the Context of GRC 3.0. Bringing GRC to the Coal-Face of Your Organization

locuz.com SOC Services

How to Optimize Cyber Defenses through Risk-Based Governance. Steven Minsky CEO of LogicManager & Author of the RIMS Risk Maturity Model

Solving the Enterprise Data Dilemma

NERC Staff Organization Chart Budget 2018

GDPR compliance. GDPR preparedness with OpenText InfoArchive. White paper

Building a Resilient Security Posture for Effective Breach Prevention

WECC Internal Controls Evaluation Process WECC Compliance Oversight Effective date: October 15, 2017

RISK INTELLIGENCE Assurance and efficiency improvement through a robust Enterprise Risk Management approach

TRANSCANADA S AUDIT FOUNDATION FOR THE EXPANSION OF BUSINESS OPERATIONS

Aligning IT, Security and Risk Management Programs. Ahmed Qurram Baig, CISSP, CBCP, CRISC, CISM Information Security & GRC Expert

3/13/2015. COSO Revised: Implications for Compliance and Ethics Programs. Session Agenda. The COSO Framework

SOLUTION BRIEF HELPING BREACH RESPONSE FOR GDPR WITH RSA SECURITY ADDRESSING THE TICKING CLOCK OF GDPR COMPLIANCE

Cisco Self Defending Network

Achieving effective risk management and continuous compliance with Deloitte and SAP

Better together. KPMG LLP s GRC Advisory Services for IBM OpenPages implementations. kpmg.com

Demonstrating Compliance in the Financial Services Industry with Veriato

NERC Staff Organization Chart Budget 2019

Policy-Based Security, Compliance, and Risk Management

Symantec Data Center Transformation

How to get the Enterprise to Understand the Value of Security

Stephanie Zierten Associate Counsel Federal Reserve Bank of Boston

RBI GUIDELINES ON CYBER SECURITY AND RAKSHA APPROACH

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

Business Context: Key for Successful Risk Management

NERC Staff Organization Chart Budget 2019

MetricStream GRC Summit 2013: Case Study

RSA Advanced Cyber Defence Summit

01.0 Policy Responsibilities and Oversight

CERT Symposium: Cyber Security Incident Management for Health Information Exchanges

COSO Enterprise Risk Management

Sustainable Security Operations

Managing Privacy Risk & Compliance in Financial Services. Brett Hamilton Advisory Solutions Consultant ServiceNow

Cyber Risks in the Boardroom Conference

NERC Staff Organization Chart Budget 2017

ServiceNow Indicator Based Continuous Control Management

Enterprise GRC Implementation

NERC Staff Organization Chart Budget 2017

Quality Assurance and IT Risk Management

Cyber Security Program

Demystifying Governance, Risk, and Compliance (GRC) with 4 Simple Use Cases. Gen Fields Senior Solution Consultant, Federal Government ServiceNow

ISACA Arizona May 2016 Chapter Meeting

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

Governance, Risk, and Compliance: A Practical Guide to Points of Entry

2017 PORT SECURITY SEMINAR & EXPO. ISACA/CISM Information Security Management Training for Security Directors/Managers

OVERVIEW BROCHURE GRC. When you have to be right

Securing Digital Transformation

RSA Solution Brief. Managing Risk Within Advanced Security Operations. RSA Solution Brief

MITIGATE CYBER ATTACK RISK

EUROPEAN ICT PROFESSIONAL ROLE PROFILES VERSION 2 CWA 16458:2018 LOGFILE

Turning Risk into Advantage

GRC SURVEY RESULT Please indicate your profession

Incident Response Lessons From the Front Lines. Session 276, March 8, 2018 Nolan Garrett, CISO, Children s Hospital Los Angeles

354 & Index Board of Directors Responsibilities Audit Committee and Risk Committee Coordination, 244 Audit Committee Functions and Responsibilities, 2

Move Beyond Primitive Drawing Tools with SAP Sybase PowerDesigner Create and Manage Business Change in Your Enterprise Architecture

SIEM: Five Requirements that Solve the Bigger Business Issues

RSA Solution Brief. The RSA Solution for Cloud Security and Compliance

The Business Value of including Cybersecurity and Vendor Risk in ERM

Transformation in Technology Barbara Duck Chief Information Officer. Investor Day 2018

Exam4Tests. Latest exam questions & answers help you to pass IT exam test easily

NERC Staff Organization Chart Budget

The Wdesk Platform by Workiva

LAMOND W. KEARSE Metropolitan Transportation Authority Chief Compliance Officer

Business Architecture in Healthcare

The Fine Art of Creating A Transformational Cyber Security Strategy

Building a BC/DR Control Library and Regulatory Response Program

How WhereScape Data Automation Ensures You Are GDPR Compliant

The Value of Data Governance for the Data-Driven Enterprise

CISM Certified Information Security Manager

GRC TOOL IMPLEMENTATION RAEF MEEUWISSE CISA, FUNCTIONAL ARCHITECT, ADAPTIVEGRC

Think Like an Attacker

CYBER RISK MANAGEMENT

Transforming IT: From Silos To Services

Building a Data Strategy for a Digital World

in Action Delivering the digital enterprise Human Centric Innovation Ralf Salzmann Manager OEM

CA Security Management

GDPR: A QUICK OVERVIEW

Data Governance Quick Start

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

Information Security and Cyber Security

HPE ALM Standardization as a Precursor for Data Warehousing March 7, 2017

Transcription:

GRC 3.0 is GRC by Design Taking an Architecture Approach to GRC October 2013 Michael Rasmussen, J.D., GRCP, CCEP Chief GRC Pundit @ GRC 20/20 Research, LLC OCEG Fellow @ www.oceg.org

The Winchester Mystery House 160 rooms 47 fireplaces 6 kitchens 10,000 windows 65 doors to blank walls 13 staircases abandoned 25 skylights in floors 147 builders/no architects Built without a blueprint $5.5 million over 38 years GRC often lacks design 2

A history of GRC... Before GRC 1.0, GRC was scattered and reactive. With GRC 1.0 there was a focus on a few risk areas involving selective silos and transactions, particularly for internal control over financial reporting (e.g., SOX). GRC 2.0 took a broader view bringing more functions into perspective while focusing on an integrated perspective of risk and compliance. GRC 3.0 is about aligning strategy, process, information, and technology into a GRC architecture to deliver a holistic understanding of risk in the context of strategy and objectives amidst organizational velocity and change. 3

GRC 3.0 definition GRC 3.0 is... An architecture that is enterprise wide; delivers consistent and uniform value from the boardroom to the e coal face of the front offic; foc us ed at value protection and creation; and is proactive in measurement, management and interdiction. GRC 3.0 provides an integrated GRC architecture that connects the fabric of the business together across the organization and its disparate systems, processes, and information. 4

GRC 3.0 delivers... GRC Architecture Employee Engagement Operationalizing GRC GRC Mobility GRC 3.0 Actionable Content 360º Contextual Awareness Flexible & Adaptable Deployment 5

The successful GRC 3.0 solution provider delivers... Content Community Technology 6

GRC 3.0 also integrates an approach to... 50,000 overview for the opportunity GRC 3.0 7

High-level view of GRC 3.0 solution areas... 8

Approaching GRC in the organization Enterprise GRC Collaboration & Integration Organization has a strategy to collaborate and utilize a common framework of technology and information to improve efficiency, effectiveness, and agility in GRC. Enterprise Focus on an Issue Cross-department collaboration to solve a specific cross-department challenge Department GRC Initiative Department focused on improving collaboration and information within its own realm of control Specific Issue Department or group focused on a specific regulation or risk area 9

GRC 3.0 is a Federated GRC Architecture 10

The Federated GRC Approach 11

GRC architecture models 12

Gathering the team together 13

The goal is to collaboratively understand context and take action 14

Federated Oversight & Assurance 15

Federated Risk Management 16

Federated Compliance Management 17

Federated 3 rd Party Management 18

Federated Audit Management 19

GRC technology provides context of information OBJECTIVES & GOALS ASSETS & RELATIONSHIPS RISK & ANALYSIS REGULATIONS & OBLIGATIONS CONTROLS & ASSESSMENT POLICIES & TRAINING INCIDENTS & ISSUES ROLES & RESPONSIBILITIES 20

GRC technology provide automation and tracking MANAGEMENT REPORTING MANAGING EXCEPTIONS & CHANGE AUDIT TRAIL & ARCHIVE ENFORCEMENT & MONITORING WORKFLOW & TASKS 21

Other benefits of GRC technology 22

In the end, the GRC program needs to be defensible VERSION (DATE/TIME) ASK & RESOLVE QUESTIONS MANAGE EXCEPTIONS UNDERSTAND CONTEXT PROVIDE AUDITABLE RECORDS DEMONSTRATE SEQUENCE MEET REQUIREMENTS REPEATABLE CYCLE 23

GRC 3.0 Benefits 24

Questions? Michael Rasmussen, J.D. Chief GRC Pundit & OCEG Fellow mkras@grc2020.com +1.888.365.4560 GRC 20/20 Newsletter LinkedIn: GRC 20/20 LinkedIn: Michael Rasmussen Twitter: GRCPundit Blog: GRC Pundit Some of the content we have evaluated is OCEG content which GRC 20/20 has an established relationship to use. Please do not copy slides or graphics without permission. GRC 20/20 highly recommends you consider OCEG membership at www.oceg.org.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback