GRC & Chill: Kickstarting Your Risk Management with Quantification
In this episode of GRC & Me, Megan Phee talks to Netflix's Senior Information Security Risk Engineer, Tony…
OCEG recently released their 2016 GRC Technology Strategy survey findings and the results contain some interesting observations about current and future state GRC solutions. For those that may not be familiar, OCEG is a nonprofit think tank and community that helps educate and inform members on governance, risk management, and compliance. They provide content, best practices, education, and certifications to drive leadership and business strategy through the application of the OCEG GRC Capability Model and Principled Performance. The survey was designed and analyzed by GRC 20/20, which is headed up by Michael Rasmussen.
This year’s survey consisted of 290 respondents, which were organizations using or considering GRC solutions. Our biggest takeaways from the survey are below.
Ease of Use Tops the List of Most Important Criteria for New GRC Purchases
Organizations responded that the most important factor considered when purchasing new GRC solutions is ease of use. This clearly illustrates that enterprises are fed up with legacy software that is not intuitive and ultimately leads to countless hours of wasted time trying to get things working correctly. Often times, legacy software is rife with custom add-ons that do not fit into the core offering of the tool, over complicating the user interactions.
With an easy to use solution, organizations can focus on their business processes, reporting, and improving their overall GRC regime. The software should be able to be picked up by virtually anyone in a matter of minutes. This means that organizations do not need to send staff through time consuming and expensive training and certification programs or engage an army of consultants to implement the solution. The primary focus of LogicGate is to empower companies to build or easily modify out-of-the-box GRC solutions that intuitive, agile, and easy to use for both administrators and end-users. Pre-configured templates can be selected so that companies can be up and running in days, not months. One of our core philosophies is to create GRC solutions that are intuitive, thereby increasing adoption rates and helping organizations achieve a much quicker ROI than traditional compliance software.
Spreadsheets, Documents, and Emails Remain the Top Enterprise GRC Platform
It’s hard to imagine that about half of organizations still use spreadsheets, documents, and emails as their primary solution to perform activities like risk management, compliance management, policy management, and incident management. The lack of a central repository to manage GRC activities results in inadequate reporting capabilities, lost productivity, and opens organizations up to more risks that regulations and internal policies are not being properly followed.
We have detailed in a previous post why it is a bad idea to run your business on excel and the risks involved. The major problems being that there are no formal controls around access, there are multiple version of truth, and data quality is very difficult to maintain.
The LogicGate workflow platform is designed such that different components of an organization’s governance, risk, and compliance program can be added on to the centralized platform as they are needed. Unlike traditional GRC solutions, each module can talk to the other and share data to keep CCOs informed of every part of their business. The rules, logic, and workflow that govern each GRC activity can be modified at any point by a power user.
Keep an Agile Approach to Enterprise GRC
We call our approach with LogicGate ‘Agile GRC’. This empowers companies to:
- Quickly deploy compliance solutions as problems arise or the business landscape changes.
- Enable compliance employees to alter workflows and rules that drive activities through your compliance regime.
- Automate workflow, delegate tasks, and facilitate communication between compliance, legal, and risk departments and decision makers.
- Provide a digital audit for all activities that can be accessed at any point in time.
How to Access the Survey Results
You can download the full report from the OCEG website at https://www.oceg.org/auth/resources/2016-grc-technology-strategy-survey-report/
