Very participative discussion with highlights / notes below:
- Leading product mentioned were Archer (of course), RSAM, ServiceNow, MetricStream, Protiviti, ACL
- Key question raised was requesting and formulation of requirements from all GRC participants i.e. Stakeholders, end-users
- Determining what processes require inclusion is vital to the strategy and success of a GRC solution...as well as obtain professional services at pivotal points
- No single executive sponsor witnessed to drive solution from strategy to deployment - which results from high cost of investment for a comprehensive/cross-departmental deployment.
- Essential fact is that, demonstrating success within your own/individual deployment or department will break the barriers with others / cross-divisional lines
- Considerations with existing platforms such as company ERP, ERM, Security Practice can greatly influence requirements, architecture, support, etc.
- Off-line feature can be essential when working remote or due to other limitations. However, off-set mobile capabilities are still in its infancy
- GRC delivers metrics, reflection of trends and operational status; however, decision making, ROI and particularly risk reduction is a future state.
- Multiple (GRC) toolset is the norm so set your expectations and plan accordingly for integration i.e. a single solution is highly unlikely
- To achieve "sexy" or comprehensive dashboards for C-Suite levels to Managers to End-Users require other visualization tools.
- Not accessing change management for deployment and daily usage will hamper implementation and longevity
- Data privacy (access, storage) is a concern for global organizations although most are turning to cloud based solutions (that offer better product/service support and customer accessibility)
- Product mobility and accessibility is a need, yet 2+ years away from general use/release e.g. leverage GRC for operational efficiency via mobile devices is just a wish for now regardless of marketing slides
No comments:
Post a Comment