The ProcessGene GRC Suite. Solution Presentation

Similar documents
SAS 70 Audit Concepts. and Benefits JAYACHANDRAN.B,CISA,CISM. August 2010

Oracle Buys Automated Applications Controls Leader LogicalApps

Demystifying Governance, Risk, and Compliance (GRC) with 4 Simple Use Cases. Gen Fields Senior Solution Consultant, Federal Government ServiceNow

INTELLIGENCE DRIVEN GRC FOR SECURITY

The Common Controls Framework BY ADOBE

BPS Suite and the OCEG Capability Model. Mapping the OCEG Capability Model to the BPS Suite s product capability.

The Value of Force.com as a GRC Platform

SQL Compliance Whitepaper HOW COMPLIANCE IMPACTS BACKUP STRATEGY

Copyright 2011 EMC Corporation. All rights reserved.

CIP Cyber Security Personnel & Training

COBIT 5 With COSO 2013

01.0 Policy Responsibilities and Oversight

Business Context: Key for Successful Risk Management

"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

Sparta Systems TrackWise Digital Solution

Administration and Data Retention. Best Practices for Systems Management

Oracle Database Vault

ALERT LOGIC LOG MANAGER & LOG REVIEW

IT Attestation in the Cloud Era

AT FIRST VIEW C U R R I C U L U M V I T A E. Diplom-Betriebswirt (FH) Peter Konrad. Executive Partner Senior Consultant

Achieving effective risk management and continuous compliance with Deloitte and SAP

Telos and Amazon Web Services (AWS): Accelerating Secure and Compliant Cloud Deployments

Table of Contents. Preface xvii PART ONE: FOUNDATIONS OF MODERN INTERNAL AUDITING

Best Practices & Lesson Learned from 100+ ITGRC Implementations

Risk: Security s New Compliance. Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

Establishing a Common Controls Framework

Balancing Compliance and Operational Security Demands. Nov 2015 Steve Winterfeld

CIP Cyber Security Personnel & Training

LEADING WITH GRC. Approaching Integrated GRC. Knute Ohman, VP, GRC Program Manager. GRC Summit 2017 All Rights Reserved

RSA Solution Brief. The RSA Solution for Cloud Security and Compliance

HITRUST CSF Assurance Program HITRUST, Frisco, TX. All Rights Reserved.

How Security Policy Orchestration Extends to Hybrid Cloud Platforms

Risk Management in Electronic Banking: Concepts and Best Practices

Information Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV

Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud

Securing Your Most Sensitive Data

The Business Value of including Cybersecurity and Vendor Risk in ERM

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines

SOC 3 for Security and Availability

Implementation of a SAP GRC solution at a Swiss Mobile Network Operator. Andreas Eberhardt, Senior Consultant Barcelona,

CRYPTTECH. Cost-effective log management for security and forensic analysis, ensuring compliance with mandates and storage regulations

Ready, Willing & Able. Michael Cover, Manager, Blue Cross Blue Shield of Michigan

I. PURPOSE III. PROCEDURE

The Convergence of Security and Compliance. How Next Generation Endpoint Security Manages 5 Core Compliance Controls

ISACA Cincinnati Chapter March Meeting

IT Audit Process Prof. Liang Yao Week Two IT Audit Function

Compliance and Privileged Password Management

CCISO Blueprint v1. EC-Council

Adobe Sign and 21 CFR Part 11

locuz.com SOC Services

University of Pittsburgh Security Assessment Questionnaire (v1.7)

PREPARING FOR SOC CHANGES. AN ARMANINO WHITE PAPER By Liam Collins, Partner-In-Charge, SOC Audit Practice

IBM services and technology solutions for supporting GDPR program

Virginia State University Policies Manual. Title: Information Security Program Policy: 6110

NASDAQ BWISE ACADEMY COURSE CATALOG

Twilio cloud communications SECURITY

Chapter 8: SDLC Reviews and Audit Learning objectives Introduction Role of IS Auditor in SDLC

NASDAQ BWISE ACADEMY COURSE CATALOG

SECURITY & PRIVACY DOCUMENTATION

OVERVIEW BROCHURE GRC. When you have to be right

Three Key Challenges Facing ISPs and Their Enterprise Clients

Convergence of BCM and Information Security at Direct Energy

Improve Internal Controls with Governance, Risk, and Compliance Solutions

Sparta Systems TrackWise Solution

PCI Policy Compliance Using Information Security Policies Made Easy. PCI Policy Compliance Information Shield Page 1

SOX/COBIT Framework. and Netwrix Auditor Mapping. Toll-free:

Data Processing Agreement for Oracle Cloud Services

A. Introduction 1. Title: 2. Number: 3. Purpose: 4. Applicability: 4.1. Functional Entities: Balancing Authority Distribution Provider

CipherCloud CASB+ Connector for ServiceNow

COMPLIANCE BRIEF: NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY S FRAMEWORK FOR IMPROVING CRITICAL INFRASTRUCTURE CYBERSECURITY

Achilles System Certification (ASC) from GE Digital

This draft standard is being posted for an initial comment and ballot. The draft includes modifications to meet the directives of FERC Order No. 791.

The Future of IT Internal Controls Automation: A Game Changer. January Risk Advisory

The Convergence of Security and Compliance

Next Generation Policy & Compliance

GDPR AMC SAAS AND HOSTED MODULES. UK version. AMC Consult A/S June 26, 2018 Version 1.10

SERVICE ORGANIZATION CONTROL (SOC) REPORTS: WHAT ARE THEY?

An Introduction to the ISO Security Standards

HIPAA Security and Privacy Policies & Procedures

Virtual Machine Encryption Security & Compliance in the Cloud

VANGUARD POLICY MANAGERTM

ISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION

CIP Cyber Security Systems Security Management

Quality Assurance and IT Risk Management

Gain Control Over Your Cloud Use with Cisco Cloud Consumption Professional Services

Summary of PIC/S Guidance Good Practices for Data Management and Integrity in Regulated GMP/GDP Environments

ADIENT VENDOR SECURITY STANDARD

Enterprise GRC Implementation

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Standard CIP Cyber Security Systems Security Management

SAP Security Remediation: Three Steps for Success Using SAP GRC

Why you should adopt the NIST Cybersecurity Framework

VMware vcloud Air Network Service Providers Ensure Smooth Cloud Deployment

UCOP ITS Systemwide CISO Office Systemwide IT Policy. UC Event Logging Standard. Revision History. Date: By: Contact Information: Description:

POLICY MANAGER VANGUARD POLICY MANAGER (AUDIT/COMPLIANCE)

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

COPYRIGHTED MATERIAL. Index

MITIGATE CYBER ATTACK RISK

Transcription:

B u s i n e s s P r o c e s s R e a l i z a t i o n The ProcessGene GRC Suite Solution Presentation Design Processes Supervise Realization Control Changes Enforce Compliance Copyright 2007

About ProcessGene Ltd. ProcessGene develops GRC solutions for global enterprises Serving tier 1, global, multi-subsidiary customers from various industrial branches Over 40 global integrators deploy and use the GRC Suite, with over 1000 installations Copyright 2011 Business Process Realization Copyright Slide 2 of 2007 81

ProcessGene s Offering An end to end GRC software suite, designed for multi-subsidiary enterprises The first integrated BPM/GRC suite in SaaS The only Multi-Org GRC solution- designed for multi-subsidiary enterprises Copyright 2011 Business Process Realization Copyright Slide 4 of 2007 81

Voice of (some) Customers Customer Teva Pharmaceuticals Largest generic pharmaceutical company worldwide, operating in over 40 countries Keter Plastic Group Europe's largest manufacturer of plastic consumer products, operating in 20 countries Strauss Group International food & beverage corporation operating 26 production sites in 17 countries Shufersal Israel's largest retail chain, operating 248 stores nationwide with 13,000 employees Voice of the Customer a central enabler for Teva's Oracle E- business suite global implementation Mr. I. Gilboa, CIO, Teva Pharmaceuticals The most important management tool for exploring, mapping and optimizing our SAP processes & GRC worldwide Mr. J. Sigura, CIO, Keter Plastic Group Multi-Org enables the effective management of global BPM/GRC efforts. SaaS simplifies deployment, reduces cost Mr. O. Strauss, CIO, Strauss Group powerful workflows and dashboards A compliance framework that integrates process-improvement and GRC Mr. S. Zohar, CFO, Shufersal Copyright 2011 Business Process Realization Copyright Slide 5 of 2007 81

Differentiation & Competitive Advantage: ProcessGene Multi-Org Technology The only solution in the market that (1) integrates BPM and GRC, and (2) confronts Multi-Subsidiary complexity Cost and Complexity Multiple Independent Solutions ProcessGene Global Baseline Approach Single Global Solution Standardization Copyright 2011 Business Process Realization Copyright Slide 6 of 2007 81

Benefits and Differentiation of the ProcessGene GRC Solution Leaders in cloud provisioning Designed for multi-subsidiary, global organizations Very fast implementation Full automation, with powerful BPM technology under the hood Supports multiple GRC frameworks Direct connectivity to ERP systems Unlimited amount of viewers via html reports Copyright 2011 Business Process Realization Copyright Slide 7 of 2007 81

ProcessGene GRC Solutions Search and Reports Module End-to-end GRC enablers GRC Diagnostics and Dashboards Risk Management Regulatory Compliance Multi-Org Mechanism Corporate Governance IT GRC Collaboration Mechanism Connectivity to ERP systems Internal Audit End-to-end GRC enablers Graphics engine for Diagrams Business Process Management Engine SaaS Platform Task and Workflow Platform Copyright 2011 Business Process Realization Copyright Slide 8 of 2007 81

Risk Management Identify, evaluate and prioritize organizational risks Relate risks to relevant business processes, systems and organizations Mitigate and control the risks Track and diagnose progress of the risk management program Link KRIs to processes or risks Record and categorize loss events Manage opportunities vs. risks Global and optimized risk vs. return management Business processes that involve high risks are easily monitored and diagnosed Copyright 2011 Business Process Realization Copyright Slide 9 of 2007 81

Regulatory Compliance Support a wide array of compliance programs covering USA and EMEA regulations Specialized functionality & repositories for specific compliance programs Sample regulations: SOx, FDA, FERC, NERC, FAA, OMB A-123, EH&S, HACCP, ISO 22000, PCI, BSA, Patriot Act, GLBA, KYC, AML, Basel II, MaRisk, ISOx- Goshen, SAS70, etom, PCI-DSS, ISO 27002, NIST End to end solution, covering the entire regulatory compliance cycle A common framework to comply with the on-growing regulatory scope enables to reduce compliance costs Copyright Slide 10 of 2007 81

IT GRC Measure and mitigate IT risks by implementing controls that ensure the security and integrity of data, systems, networks and IT facilities Ensure compliance with a set of IT regulations governing data retention, privacy, confidential information, change management, vendor information and disaster recovery Based on leading control frameworks such as Cobit, ISO 27002, NIST, ITIL Automation effectively reduces the cost of enforcement, while providing improved and quantifiable compliance results Direct connectivity to enterprise software systems automates and improves the effectiveness of IT compliance enforcement Easy access to objective evidence for compliance enforcement Copyright Slide 11 of 2007 81

Internal Controls Document, test, sign-off and monitor the organizational controls Automated workflows simplify follow up on testing, signoff and deficiency remediation Collected evidence is documented electronically, with full audit trail Automation reduces costs and prevents errors that are caused by manual, non validated activities A control is tested once and then re-used for several compliance purposes and goes through several types of audits Copyright Slide 12 of 2007 81

Corporate Governance Manage a dynamic set of processes, policies and procedures related to reliability, integrity and compliance with laws and regulations Deploy a workflow of automated approvals to ensure that governance is communicated and enforced Verify, through surveys and enterprise wide acknowledgment processes, that governance is disseminated and enacted Enable a clear and traceable accountability mechanism to ensure adoption of corporate governance principles Comply with required legal regulations Copyright Slide 13 of 2007 81

ProcessGene GRC: Five Roles, Seven Responsibilities Role GRC Manager Control Owners Internal Testers External Auditor Approvers Responsibility Document Business Processes Risks, Controls, Test Plans Execute Controls and document execution evidence Conduct tests over Controls. Report test results Review efficiency of Controls based on test results Manage deficiency remediation Verify deficiency remediation Sign-Off Business Processes Copyright Slide 17 of 2007 81

Login to the USA environment Copyright Slide 18 of 2007 81

Copyright Slide 19 of 2007 81

Copyright Slide 20 of 2007 81

Copyright Slide 21 of 2007 81

Copyright Slide 22 of 2007 81

Easily define and edit the process description and its properties Copyright Slide 23 of 2007 81

Easily edit the process Diagram Copyright Slide 24 of 2007 81

ERP Screens ERP transaction/ Automatic GRC test Description Execute the automatic test or jump directly to an exact location at the ERP system Copyright Slide 25 of 2007 81

Any SAP Screen The SAP transaction is automatically opened Direct connectivity to the ProcessGene application Copyright Slide 26 of 2007 81

The Oracle screen is automatically opened Direct connectivity to the ProcessGene application Copyright Slide 27 of 2007 81

Relate Risks and Controls to the Process Define the list of related Risks Jump to Controls management Copyright 2007

A selected Risk s properties The Risk s description Raw and residual levels Related opportunities Copyright Slide 29 of 2007 81

A selected Risk s diagnostics Copyright Slide 30 of 2007 81

Historical cost events Copyright Slide 31 of 2007 81

The Risk s audit plan and audit execution data The Risk s audit plan, audit schedule and audit results, including the documentation of historical results and the management of deficiency remediation Copyright Slide 32 of 2007 81

Tasks related to the modeling and management of the Risk Copyright Slide 33 of 2007 81

Documents related to the modeling and management of the Risk Copyright Slide 34 of 2007 81

Relate Risks and Controls to the Process Define the list of related Controls Copyright Slide 35 of 2007 81

A selected Control s properties Press to edit the selected Control s properties Assign a Control owner Determine execution frequency Copyright Slide 36 of 2007 81

All fields are editable in the Control s edit form Copyright Slide 37 of 2007 81

Copyright Slide 38 of 2007 81

Copyright Slide 39 of 2007 81

The Control s test plan and test execution data Define the Test and the criteria for the Test s success/failure The Control s test plan Copyright Slide 40 of 2007 81

Assigned tester(s) Scheduling data The Control s test schedule Copyright Slide 41 of 2007 81

Edit the Control s Test schedule Assign testers for the Control Copyright Slide 42 of 2007 81

Save Select a tester Copyright Slide 43 of 2007 81

A tester was Assigned Define the test s schedule Copyright Slide 44 of 2007 81

Scheduling data Copyright Slide 45 of 2007 81

A tester was assigned A schedule was defined Copyright Slide 46 of 2007 81

ProcessGene GRC: Five Roles, Seven Responsibilities Role GRC Manager Control Owners Internal Testers External Auditor Approvers Responsibility Document Business Processes Risks, Controls, Test Plans Execute Controls and document execution evidence Conduct tests over Controls. Report test results Review efficiency of Controls based on test results Manage deficiency remediation Verify deficiency remediation Sign-Off Business Processes Copyright Slide 47 of 2007 81

Copyright Slide 48 of 2007 81

Copyright Slide 49 of 2007 81

Copyright Slide 50 of 2007 81

Copyright Slide 51 of 2007 81

Copyright Slide 52 of 2007 81

Copyright Slide 53 of 2007 81

ProcessGene GRC: Five Roles, Seven Responsibilities Role GRC Manager Control Owners Internal Testers External Auditor Approvers Responsibility Document Business Processes Risks, Controls, Test Plans Execute Controls and document execution evidence Conduct tests over Controls. Report test results Review efficiency of Controls based on test results Manage deficiency remediation Verify deficiency remediation Sign-Off Business Processes Copyright Slide 54 of 2007 81

An automatic email from the control s testing reminder Email notifications are optional Copyright Slide 55 of 2007 81

Elizabeth Martin s Personal task list Open the Control s test task to execute it Copyright Slide 56 of 2007 81

Read the Control s test plan and execute it accordingly Copyright Slide 57 of 2007 81

Report test results. All results are documented in the system and history is saved. Copyright Slide 58 of 2007 81

The Control s test results are documented in the system Copyright Slide 59 of 2007 81

The Control s test result history Copyright Slide 60 of 2007 81

Defining, assigning and scheduling the required deficiency remediation tasks Copyright Slide 61 of 2007 81

ProcessGene GRC: Five Roles, Seven Responsibilities Role GRC Manager Control Owners Internal Testers External Auditor Approvers Responsibility Document Business Processes Risks, Controls, Test Plans Execute Controls and document execution evidence Conduct tests over Controls. Report test results Review efficiency of Controls based on test results Manage deficiency remediation Verify deficiency remediation Sign-Off Business Processes Copyright Slide 63 of 2007 81

View the status of Controls in the entire organization Copyright Slide 64 of 2007 81

A distribution of the Controls test results Copyright Slide 65 of 2007 81

A distribution of the key Controls test results Direct access to grouped Controls (e.g to the ineffective group) Copyright Slide 66 of 2007 81

A distribution of the Raw Risk weight in the organization The average Raw Risk level and Residual Risk level vs. the average Risk tolerance in the organization Copyright Slide 67 of 2007 81

The average controlled vs. residual risk levels in the organization Copyright Slide 68 of 2007 81

The average controlled vs. residual risk levels in the organization distributed per category Copyright Slide 69 of 2007 81

All tasks in the organization can be viewed, monitored and managed from this area Copyright 2011 Jump to the end Business Process Realization Copyright Slide 70 of 2007 81

Sign-off Processes Define Sign-off tasks per process Copyright Slide 71 of 2007 81

View a Sign-off task details Copyright Slide 72 of 2007 81

Edit a Sign-off task details Select the required signing statement Assign user(s) Copyright Slide 73 of 2007 81

Save Select a tester Copyright Slide 74 of 2007 81

Edit a Sign-off task details A user was Assigned Define the task s schedule Copyright Slide 75 of 2007 81

Scheduling data Copyright Slide 76 of 2007 81

The Sign-off task is defined Copyright Slide 77 of 2007 81

ProcessGene GRC: Five Roles, Seven Responsibilities Role GRC Manager Control Owners Internal Testers External Auditor Approvers Responsibility Document Business Processes Risks, Controls, Test Plans Execute Controls and document execution evidence Conduct tests over Controls. Report test results Review efficiency of Controls based on test results Manage deficiency remediation Verify deficiency remediation Sign-Off Business Processes Copyright Slide 79 of 2007 81

An automatic email from the Process s Sign-off reminder Copyright Slide 80 of 2007 81

Michael Chang s Personal tasks area Michael Chang s Sign-off task Copyright Slide 81 of 2007 81

Sign-off task details Approval declaration Required action: Approve now Copyright Slide 82 of 2007 81

Confirm the Sign-off declaration Copyright Slide 83 of 2007 81

The Sign-off declaration is documented in the system Copyright Slide 84 of 2007 81

All historical Sign-offs for this process Copyright Slide 85 of 2007 81

A gauge indicating the current organizational Sign-off status Copyright Slide 86 of 2007 81

Thank You! ProcessGene Ltd. For additional information: www.processgene.com Copyright Slide 88 of 2007 81

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback