ACL Interpretive Visual Remediation

Similar documents
ServiceNow Indicator Based Continuous Control Management

ACL Strategy Module. Technology Innovator in Strategy Management SOLUTIONPERSPECTIVE INNOVATOR. March 2018

TRANSCANADA S AUDIT FOUNDATION FOR THE EXPANSION OF BUSINESS OPERATIONS

The Wdesk Platform by Workiva

SIEM: Five Requirements that Solve the Bigger Business Issues

2018 Trends in Hosting & Cloud Managed Services

SAP: Speeding GRC Control Testing by 90% with SAP Solutions for GRC

INTELLIGENCE DRIVEN GRC FOR SECURITY

Optimisation drives digital transformation

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

BPS Suite and the OCEG Capability Model. Mapping the OCEG Capability Model to the BPS Suite s product capability.

NEXT-GENERATION DATACENTER MANAGEMENT

Oracle Buys Automated Applications Controls Leader LogicalApps

OVERVIEW BROCHURE GRC. When you have to be right

Better together. KPMG LLP s GRC Advisory Services for IBM OpenPages implementations. kpmg.com

DISRUPTIVE TECHNOLOGIES IN THE DATACENTER

SOLUTION BRIEF HELPING BREACH RESPONSE FOR GDPR WITH RSA SECURITY ADDRESSING THE TICKING CLOCK OF GDPR COMPLIANCE

Marketing Performance in Executive perspective on the strategy and effectiveness of marketing

BHConsulting. Your trusted cybersecurity partner

IMPLEMENTING SECURITY, PRIVACY, AND FAIR DATA USE PRINCIPLES

Three Key Challenges Facing ISPs and Their Enterprise Clients

Symantec Data Center Transformation

Pave the way: Build a value driven SAP GRC roadmap March 2015

Skybox Security Vulnerability Management Survey 2012

Six Weeks to Security Operations The AMP Story. Mike Byrne Cyber Security AMP

EXIN BCS SIAM Foundation. Sample Exam. Edition

RSA Solution Brief. Managing Risk Within Advanced Security Operations. RSA Solution Brief

WHITEPAPER. Enterprise Cyber Risk Management Protecting IT Assets that Matter

M&A Cyber Security Due Diligence

White Paper. How to Write an MSSP RFP

Solving the Enterprise Data Dilemma

Modern Database Architectures Demand Modern Data Security Measures

Fifteen Best Practices for a Successful Data Center Migration

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

Making trust evident Reporting on controls at Service Organizations

BHConsulting. Your trusted cybersecurity partner

Sustainable Security Operations

Department of Management Services REQUEST FOR INFORMATION

Demystifying GRC. Abstract

Datacenter Cooling Market Map 2016

Achieving effective risk management and continuous compliance with Deloitte and SAP

WHITE PAPER. The truth about data MASTER DATA IS YOUR KEY TO SUCCESS

Risk: Security s New Compliance. Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23

A Practical Guide to Efficient Security Response

OUTSMART ADVANCED CYBER ATTACKS WITH AN INTELLIGENCE-DRIVEN SECURITY OPERATIONS CENTER

GRC Maturity. Benchmarking Your GRC Program. October 2014

AN APPLICATION-CENTRIC APPROACH TO DATA CENTER MIGRATION

To Audit Your IAM Program

Enterprise GRC Implementation

GDPR: An Opportunity to Transform Your Security Operations

Telos and Amazon Web Services (AWS): Accelerating Secure and Compliant Cloud Deployments

Demystifying Governance, Risk, and Compliance (GRC) with 4 Simple Use Cases. Gen Fields Senior Solution Consultant, Federal Government ServiceNow

Help Your Security Team Sleep at Night

Governance, Risk Management & Compliance Insight. Engaging Employees in the Context of GRC 3.0. Bringing GRC to the Coal-Face of Your Organization

Turning Risk into Advantage

Gain Control Over Your Cloud Use with Cisco Cloud Consumption Professional Services

A Methodology to Build Lasting, Intelligent Cybersecurity Programs

GOVERNANCE, RISK MANAGEMENT AND COMPLIANCE TRENDS BY FCPAK ERIC KIMANI

Run the business. Not the risks.

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

Management Update: Storage Management TCO Considerations

SIEM Solutions from McAfee

DEFINITIONS AND REFERENCES

Business Architecture Implementation Workshop

ISO/ IEC (ITSM) Certification Roadmap

2017 Trends in Datacenter and Critical Infrastructure

Ready, Willing & Able. Michael Cover, Manager, Blue Cross Blue Shield of Michigan

Big data privacy in Australia

Data Governance Quick Start

Implementing ITIL v3 Service Lifecycle

MicroStrategy Desktop Quick Start Guide

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

Rethinking Information Security Risk Management CRM002

GRC 3.0 is GRC by Design

Fabrizio Patriarca. Come creare valore dalla GDPR

Making the Impossible Possible

Legal notice and Privacy policy

Accelerate Your Enterprise Private Cloud Initiative

Recommendations on How to Tackle the D in GDPR. White Paper

General Data Protection Regulation (GDPR) The impact of doing business in Asia

TSC Business Continuity & Disaster Recovery Session

IDC MarketScape: Worldwide Network Consulting Services 2017 Vendor Assessment

HPE ALM Standardization as a Precursor for Data Warehousing March 7, 2017

Predictive Insight, Automation and Expertise Drive Added Value for Managed Services

Aligning IT, Security and Risk Management Programs. Ahmed Qurram Baig, CISSP, CBCP, CRISC, CISM Information Security & GRC Expert

Securing Your Digital Transformation

White Paper. View cyber and mission-critical data in one dashboard

How to Write an MSSP RFP. White Paper

MITIGATE CYBER ATTACK RISK

Information Security and Service Management. Security and Risk Management ISSM and ITIL/ITSM Interrelationship

A Better Approach to Leveraging an OpenStack Private Cloud. David Linthicum

Enterprise Data Architecture: Why, What and How

TAKING COMMAND OF YOUR GRC JOURNEY WITH RSA ARCHER

High Availability For Private Clouds

2017 Ethics & Compliance Hotline & Incident Management Benchmark Report Webinar

Open Source Cloud Platforms: OpenStack

Security Automation Best Practices

Optimize Your Databases Using Foglight for Oracle s Performance Investigator

Data Management and Security in the GDPR Era

SECURITY AUTOMATION BEST PRACTICES. A Guide to Making Your Security Team Successful with Automation

Transcription:

January 2016 ACL Interpretive Visual Remediation Innovation in Internal Control Management SOLUTIONPERSPECTIVE Governance, Risk Management & Compliance Insight

2015 GRC 20/20 Research, LLC. All Rights Reserved. No part of this publication may be reproduced, adapted, stored in a retrieval system or transmitted in any form by any means, electronic, mechanical, photocopying, recording or otherwise, without the prior permission of GRC 20/20 Research, LLC. If you are authorized to access this publication, your use of it is subject to the Usage Guidelines established in client contract. The information contained in this publication is believed to be accurate and has been obtained from sources believed to be reliable but cannot be guaranteed and is subject to change. GRC 20/20 accepts no liability whatever for actions taken based on information that may subsequently prove to be incorrect or errors in analysis. This research contains opinions of GRC 20/20 analysts and should not be construed as statements of fact. GRC 20/20 disclaims all warranties as to the accuracy, completeness or adequacy of such information and shall have no liability for errors, omissions or inadequacies in such information. Although GRC 20/20 may include a discussion of related legal issues, GRC 20/20 does not provide legal advice or services and its research should not be construed or used as such. 2

Table of Contents Reconciling Agility in GRC Processes & Data...4 ACL Interpretive Visual Remediation...5 Innovation in Internal Control Management...5 What the Interpretive Visual Remediation Innovation Is About...6 How is the Interpretive Visual Remediation Innovation Different?...7 Benefits of Interpretive Visual Remediation...7 Considerations in Context of Interpretive Visual Remediation...7 About GRC 20/20 Research, LLC...9 Research Methodology...9 TALK TO US... We look forward to hearing from you and learning what you think about GRC 20/20 research. GRC 20/20 is eager to answer inquiries from organizations looking to improve GRC related processes and utilize technology to drive GRC efficiency, effectiveness, and agility. 3

ACL Interpretive Visual Remediation Innovation in Internal Control Management Reconciling Agility in GRC Processes & Data The core of governance, risk management, and compliance (GRC) is operationalizing GRC across the fabric of business strategy and operations seamlessly, agilely, and non-invasively. It is about leveraging and harmonizing existing data and systems that deliver results in focused areas but now need to feed into the bigger picture of enterprise transparency in the context of distributed and dynamic business. Operationalizing involves not just reporting on information but also streamlining and automating the processes connected to GRC information. The challenge is how to reconcile agility in context of cumbersome GRC processes and data. In the past, many GRC decisions were considered as a base reaction to the newest regulatory demand. This resulted in billions of dollars spent in GRC with a limited understanding of alignment of information and process to provide value. GRC was approached tactically and not strategically. Organizations have ended up with a topography of GRC projects individually focused on reporting that have led to manual remediation and follow-up. What is often missing is a level of integration that provides a central nervous system that connects intelligence and data to process automation. In the past, organizations approached GRC as a platform to document and manage content related to risks, policies, and controls, enhanced with workflow to manage assessments, issues, and reporting. There was limited integration and correlation of GRC information and analytics, and reporting was on fairly static information collected over time. Organizations suffered when GRC did not connect all the dots and provide context to analytics, performance, objectives, and strategy in the real-time business operates in. GRC in many organizations simply delivered a manual process to integrate analytics reporting and follow-up. The challenge is, how does the organization: n Find the right source of data. GRC information is buried across multiple departments, processes, and systems. Regulatory reporting and situational awareness require that the organization have visibility into risk data and metrics, and their interrelationships, which is scattered across the business. n Transform business data into GRC intelligence. Each silo of data brings a piece of the picture or a partial version of the truth. These are elements, but they do not tell the full story. In fact, relying on only a partial view of data may be misleading. Bringing data together requires that the organization have consistent 4

and quality data to work with and analyze. With reliable data, the organization can turn data into information that drives GRC intelligence. n Understand real-time GRC situational awareness. To deliver a holistic view of GRC information and 360 GRC contextual awareness of risk impacting strategy and operations requires that the organization get to the source of the information rapidly. GRC has to be able to present accurate information to the right people at the right time. To do this, data needs to be accessible as well as accurate. n Intuitively assign further tasks and remediation. GRC s work is not done with a pretty chart or graph. These often indicate something may be out of the ordinary and requires further investigation, review, analysis, and perhaps remediation. This often has been done using cumbersome processes to add tasks and workflows that are disconnected to the GRC visual analytics and reporting. Achieving a mature GRC architecture involves operationalizing GRC by integrating GRC processes and data. It is about enabling GRC through business intelligence that is easy to use and follows through with additional actions needed. This is about operationalizing GRC in context of 360 situational awareness. Organizations need real-time insight into business decisions, operational intelligence, and monitoring in the context of risk and compliance. This is best done as intuitively as possible. GRC needs to integrate process into intelligence to provide holistic awareness and remediation of risk in the context of business. The bottom-line: The goal is to provide 360 GRC contextual awareness in intelligence and analytics while operationalizing GRC processes in the follow-through. Delivery of GRC contextual awareness requires that GRC be a central nervous system to capture signals found in processes, data, and transactions as well as changing risks and regulations for interpretation, analysis, and holistic awareness of risk in the context of business. But GRC reporting without follow-through does not help the organization; it needs to be operationalized. Organizations need an intuitive approach to integrating GRC analytics and reporting into further GRC processes to investigate, analyze, and remediate, providing an integrated view of GRC data that is a cohesive part of GRC processes in the organization. ACL Interpretive Visual Remediation Innovation in Internal Control Management ACL Interpretive Visual Remediation is a GRC innovation that GRC 20/20 has researched to determine its value with organizations in dynamic business environments. GRC 20/20 has evaluated and verified the innovation found in Interpretive Visual Remediation and determines that it is beneficial in customer environments that rely heavily on data analytics for continuous control monitoring where the users need to streamline their ability to process, visualize, interpret, and remediate data analysis test exceptions. With an integrated view of data visualization and process, Interpretive Visual Remediation makes organizations more efficient, effective, and agile. In this context, GRC 20/20 has 5

recognized ACL Interpretive Visual Remediation with a 2015 GRC Innovation Award for technical innovation in Internal Control Management. What the Interpretive Visual Remediation Innovation Is About The visualization of data is a powerful and intuitive way to understand patterns, present analytics, and locate areas requiring further follow up. However, if visualization only points to problems that never get resolved, the end result is frustration. Organizations that have good visualization of data find that they have to perform extra steps to separate records of interest and then assign them to the correct stakeholders for remediation. Wouldn t it be nice if data visualization capabilities were combined with an automated remediation workflow that can be used to automatically trigger remedial actions from the data visualization? Through a combination of software tools and related domain content, ACL provides solutions that enable GRC professionals to identify and mitigate risk, protect company profits, and improve business performance. ACL s integrated GRC solutions enable audit and risk management professionals to integrate risk management, control, and audit activities, and engage all levels of the organization in an intuitive solution that is easy to use. ACL s innovative Interpretive Visual Remediation extends ACL s capabilities even further to enable GRC professionals with the ability to trigger a workflow action directly from the data visualization, so data analysis exceptions can be promptly acted upon. Example: A GRC professional has just analyzed the organization s data and narrowed it down to a smaller record set. Using data visualization in ACL, the user presents these records in a pie chart and notices an interesting looking pie slice that stands out as an anomaly to look into. This triggers more actions needed to perform additional analysis and communicate discoveries to business stakeholders. But this is a manual process in most organizations and extra effort is required to drill into the data, notify stakeholders, and perform the required remediation tasks. The visualization capabilities in ACL GRC s results management component allows the organization to automate this process with the ability to create workflows and trigger actions directly from the data visualization. ACL s Interpretive Data Visualization is simple and intuitive; it allows the organization to: 1. Integrate transactional data from back-office systems with human data gathered using surveys. 2. Analyze results through visualization, as you dig deeper into patterns of behavior, and conduct further work using a triggered remediation workflow. This enables the organization to quickly identify data trends, patterns, and outliers in GRC data; follow through with actions directly from the visualizations screen; and communicate discoveries with appropriate stakeholders. 6

How is the Interpretive Visual Remediation Innovation Different? ACL s innovation is about the integration of visualization and process: to be able to analyze complex GRC data relationships visually and trigger further actions on findings. Organizations simply publish their transactional data into the results management component of the ACL GRC platform. From there, the organization can set up additional triggers to gather human data through surveys and questionnaires to supplement transactional records, create charts or metrics to visualize the data, and kick off a remediation workflow to resolve issues. Most business intelligence solutions (and GRC solutions offering business intelligence) stop at the presentation of charts and metrics. With ACL Interpretive Visual Remediation, organizations can go further in an intuitive approach that is part of the solution, avoiding a lot of extra manual steps to set up additional action items and workflow. The GRC professional has to simply double-click on a slice in a visual display (e.g., a piece of pie in a pie chart, circle in your bubble chart) and can filter down to view individual records. Then Interpretive Visual Remediation enables the user to process and assign identified records to the stakeholder that needs to take the necessary action right from the visualization screen. Business intelligence solutions typically take the user only up to the data visualization view; ACL s Interpretive Visual Remediation innovation enables the user to take action right from the data visualization view. Benefits of Interpretive Visual Remediation GRC 20/20 finds the ability to submit records for follow up and remediation right from the data visualization view a more elegant and powerful way to zero in on exceptions and assign them to a workflow. It adds efficiency to the remediation process, is simple to use, and less prone to error given the power of visual interpretation of results. Specific benefits to the organization include the ability to: n Quickly identify data trends, patterns, and outliers n Easily communicate discoveries with stakeholders n Intuitively follow through with actions directly from the visualizations screen Considerations in Context of Interpretive Visual Remediation Every solution has its strengths and weaknesses, and may not be the ideal fit for all organizations in all situations. While GRC 20/20 has identified many positive attributes of ACL Interpretive Visual Remediation that allow GRC professionals to intuitively combine visualization intelligence and process together, readers should not see this as a complete and unquestionable endorsement of Interpretive Visual Remediation. The ACL GRC and Analytics solutions are established and well-received solutions in the GRC space, and customers have been pleased with their ease of use and ability to take complex processes and data and bring forth meaningful results. The Interpretive Visual 7

Remediation capabilities are new features that should further extend this trajectory of value that ACL has achieved, but the Interpretive Visual Remediation capabilities are just coming to market in the ACL solution. GRC 20/20 finds that the innovation in Interpretive Visual Remediation will be helpful in customer environments that rely heavily on data analytics for continuous control monitoring where the users need to streamline their ability to process, visualize, interpret, and remediate data analysis test exceptions. 8

About GRC 20/20 Research, LLC GRC 20/20 Research, LLC (GRC 20/20) provides clarity of insight into governance, risk management, and compliance (GRC) solutions and strategies through objective market research, benchmarking, training, and analysis. We provide objective insight into GRC market dynamics; technology trends; competitive landscape; market sizing; expenditure priorities; and mergers and acquisitions. GRC 20/20 advises the entire ecosystem of GRC solution buyers, professional service firms, and solution providers. Our research clarity is delivered through analysts with real-world expertise, independence, creativity, and objectivity that understand GRC challenges and how to solve them practically and not just theoretically. Our clients include Fortune 1000 companies, major professional service firms, and the breadth of GRC solution providers. Research Methodology GRC 20/20 research reports are written by experienced analysts with experience selecting and implementing GRC solutions. GRC 20/20 evaluates all GRC solution providers using consistent and objective criteria, regardless of whether or not they are a GRC 20/20 client. The findings and analysis in GRC 20/20 research reports reflect analyst experience, opinions, research into market trends, participants, expenditure patterns, and best practices. Research facts and representations are verified with client references to validate accuracy. GRC solution providers are given the opportunity to correct factual errors, but cannot influence GRC 20/20 opinion. GRC 20/20 Research, LLC 4948 Bayfield Drive Waterford, WI 53185 USA +1.888.365.4560 info@grc2020.com www.grc2020.com

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback