openclose

Partner Spotlight: Satarla

All postsarrow
Partner Spotlight: Satarla

This post is part of our Partner Spotlight Series, where we let our partners describe their companies, backgrounds, and experience with LogicGate. This month we sat down with Ollie de Boer, Software Lead at Satarla.

LOGICGATE: Can you provide an overview of your company and how you work with your clients? 

OLLIE: Satarla delivers Enterprise Risk Management training, consultancy, and research services to its global client base across all industries, both onsite and remotely from their offices in London, Sydney, Lima, Johannesburg, and other locations in Canada and the US.  Regarding software, Satarla works with clients to help them understand their own readiness and timeline for adoption, find and assess  products that will meet their needs, and support implementation.

What sets you apart from other companies in your field?

Everyone at Satarla was previously a risk management or sustainability manager or director (or both!), working in a specific industry.  This means when we build our teams for client projects, we bring the appropriate expertise. Satarla comprises a global network of practitioners who understand the cultural differences that affect risk management success in different parts of the world.  When you pay for our services you are getting those actual experts in the room with you.

How do you see client needs evolving over the next year? Next 3 years?

The landscape of client needs is incredibly varied, so we prefer to frame needs in terms of organizational maturity.  The majority of organizations still don’t use any form of risk management software, therefore most organizations first need to understand if they are ready to reap software's benefits.  For those that have already adopted software, we are seeing a move towards using it for multiple use cases—for example ERM linked to incident management and internal audit.

What trends have you noticed in the GRC market in the last few years?

One notable trend is the shift in focusing a product's features and functionality away from the risk teams (the frequent users) to those that use it infrequently, because these are actually your most important users. These are the people who are populating the tool with new information and making better decisions from the reporting.  Second, technological change has allowed the underlying architecture (the database), to create a network-style relationship between different records of information, automating how risks appear in the real world. Previously it would force a hierarchy which makes it hard to understand the relationship between different risks.

What is the greatest pitfall you see people face when tackling a new Risk Management process?

I would say it’s over-engineering the risk management process.  Simplicity often wins over complexity when it comes to making risk-informed decisions. Why? Members of the ERM team are not the decision makers in an organization. They are there to guide decision making based on their organization's risk universe.  But how are decision makers to make informed, risk-based decisions if they don’t understand the process that’s been put in place? Sometimes organizations don’t know which tools or techniques to use at which point in their process, which can lead to risks being over-analyzed and little done to manage them.

What is the best advice you would give someone who is charged with leading a new Risk Management program or ERM process deployment?

Keep it simple. Unless you have regulations that obligate you to do risk management in a certain way, make it as easy as possible for risks to be captured and recorded, whether using software or not.  Some questions you can ask to simplify your process include:

  • Do you really need to assess your risks twice (inherent and residual)?
  • Is likelihood a good metric for prioritizing your risks?
  • Are we focusing on doing something about our risks now (through controls), and closing the gap if needed (through actions)?

In your opinion, where should someone start when creating a Risk Management program?

When creating a risk management program from scratch there are two things you need to understand:  your context and stakeholders. Understanding your context means your risk management program must be designed with the knowledge of how your organization operates. This includes the inputs your program will require, its value chain, and the outputs it creates, as well as what external influences exist.  Also, you need to understand who your stakeholder groups are and how they interact. There are some risk management tools that will help you gain this knowledge and get your tailored risk management program off the ground.

In your experience, how have your clients fostered executive awareness or support for investment in a GRC program (for services or technology investment)? Do you think this is always necessary?

‘Tone at the top’ is essential for sponsoring this kind of investment: without executive buy-in it is unlikely you will be able to secure budget for your program.  The benefits of investing in ERM services and/or a technology investment need to be communicated to your customer stakeholder group. Typically, executives will not only set the budget, they will want to understand the ROI and to see enhanced reporting as business benefits.

Why did you select LogicGate as a trusted partner?

Satarla’s software experts believe that LogicGate has a strong set of product features and a flexible technology platform that allows clients to configure what they need—as opposed to the technology driving the client's needs.  It should be noted: Satarla is software-agnostic, meaning we don’t form any paid partnerships with any software vendors, because we want to offer our clients impartial advice on which products would best suit their needs. However, we choose to work closely with software companies whose products can automate integrated enterprise-wide management of risk without imposing technological constraints. 

arrowAll posts

Related Posts

View all postsarrow