Ziff Davis (formerly J2 Global) needed to replace an old, on-prem, legacy GRC system with a globally accessible cloud-based platform to perform all of the necessary Internal Audit functions and streamline processes.
- Use cases addressed: SOC 2 Compliance, Third-Party Risk Management, and Enterprise Risk Management up and running in 90 days
- Saved valuable time and money while empowering the team to work independently
- Easily transferred original processes and workflows into their new GRC platform
LogicGate and Ziff Davis: From Legacy System to Intuitive Internal Audit
If you asked Ziff Davis’ Director of Internal Audit, Ken Thommen, about the foundational elements of governance, risk, and compliance, he’d tell you “Accountability and Participation.”
Ziff Davis is a leading Internet information and services company. When Ken inherited their on-prem, legacy GRC system — which was used as a data repository for Internal Audit testing information and to perform risk assessments — it had been in place for more than a decade.
Each year Ziff Davis performs over 1,000 internal tests and makes over 700 requests to gather data for external auditors. As part of this process, over 80 senior executives receive letters indicating any internal audit deficiencies or risks that were uncovered within their department, all of which require sign-off.
For such a high volume of work, the legacy system caused limited global accessibility and a loss of time, money, and energy for every needed change. A simple visual update meant the involvement of the development team.
For Ken, “It became obvious we needed a new tool.”
“Risk Cloud is user-friendly and very customizable.” — Ken Thommen, Director Of Internal Audit
Keeping the Baby, Not the Bathwater
Ziff Davis needed a new system to continue to perform all imperative Internal Audit functions in addition to streamlining the process for their executives. Quarterly required sign-offs were generated, sent, and managed manually, and Ken quickly recognized that executive adoption of a complicated new method for a duty that only came once per quarter was a nonstarter. They needed an intuitive system to help make the change as simple as possible.
The automated email feature and follow up reminders available in Risk Cloud® quickly addressed this challenge.
“With LogicGate, we recognized we could send out a request through evidence request functionality,” Ken notes. “It just opens up a form and allows our senior executives to review verbiage that they agree and attest to the accuracy of the information. They could digitally sign and keep that information on file.”
With Risk Cloud, Ziff Davis is also able to track the completion of each attestation using Risk Cloud reporting tools, and Ken’s team is now centralized and able to understand at any given time where they are compared to plan.
“Risk Cloud is user-friendly and very customizable. We are now able to store all of our internal audit evidence every year. We also like that it was cloud-based versus being hosted in a Ziff Davis data center."
The Importance of The Cloud
For Ken, a cloud-based platform was key. Ziff Davis has major offices in New York, Los Angeles, Dublin, and London. Previously, each office had to log in to the system via VPN, making for a very slow, cumbersome data upload process. Moreover, the New York office was on a separate system entirely. Now, each geographic team can utilize one single system for their assessments.
Flexibility is the other value Risk Cloud brought to Ziff Davis. When they adopted their original system, the company was at about $300k in revenue. By the time they were looking for a new tool, that figure had climbed to $1.2 Billion—and yet the company didn’t have a single consolidated Internal Audit system. The increased complexity necessitated a need for more commonality among different Internal Audit processes, from evidence gathering to sub-certifications and beyond.
The LogicGate Experience
“I’ve overseen several different software implementations over the years, and I’ve never had one go smoother or with such a tremendous degree of focus and support—from bringing ideas, thoughts, and best practices to customizing to the needs that we have,” Ken says. “The Customer Success team has been phenomenal. I can’t say enough good things about the support team—five stars, A-plus!”
In order to make the transition a smooth experience, LogicGate’s Customer Success team was responsive via multiple channels. “If we had a question or concern, they’d get back to us in a matter of hours, sometimes sooner,” says Ken.
This fine-tuning from LogicGate’s Customer Success team came in the form of customizing unique fields for better tracking of evidence requests. The previous system relied on an analyst or auditor to manually track when a file was processed or a document was created since the business owner for a control was typically not the person executing the work. Within a matter of days, this process was automated in Risk Cloud.
A New Outlook
News of Risk Cloud’s data repository and data gathering capabilities spread at Ziff Davis and other teams began adopting the platform. Expanding use cases for Risk Cloud include risk assessments, GDPR compliance, financial statement close checklist, and even unique workflow processes implemented by the ISO team.
Risk Cloud gives Ziff Davis the advanced visibility into its work and have now expanded its data repository usage to the European divisions’ ISO data gathering and compliance process because of the smooth communication it facilitates between ISO auditors and the internal audit department. Plus, all of this communication is stored and catalogued right within the platform.
“We also recognized that Risk Cloud could be used for more than just internal audit,” added Ken.
New advantages have opened themselves up from the onset of partnering with LogicGate and Ken believes many more opportunities will present themselves as the partnership matures.
- SOX Controls Management
- Financial Close Management
- GDPR Controls Management
- User Access Review Automation
- Ext. Audit Evidence Request Automation
- ISO 27002 Controls Management