[email protected] / +1-855-366-8444

www.blended.net / [email protected] / +1-855-366-8444


4 OFFERINGS OF EXCELLENCE

Professional ServicesFull-Stack Atlassian Support

MigrationsSupport/Training

Domain ExpertiseAccredited Atlassian expertsPMP’s & Scrum mastersITSM/ITIL process expertsGRC expertise

Managed ServicesFully managed end to end Licensing

HostingExtended Payment Terms

SolutionsDevOps/ITSMScaled AgileReal-Time PPMSDLCGRC

www.blended.net / [email protected] / +1-855-366-8444 4


https://www.blendedperspectives.com/reimagining-grc-governance-risk-compliance/

www.blended.net / [email protected] / +1-855-366-8444 6

ITIL 4

SAFe

Integrated GRC

Dev Ops

Integration

Cooperation

Value Delivery

Performance over control

Enterprise Relationship Management


GRC is IRM (Integrated Risk Management)

• DRM Digital Risk

Management

• VRM Vendor Risk

Management

• BCM Business Continuity

Management

• AM Audit Management

• CCO Corporate Compliance

and Oversight

• ELM Enterprise Legal

Management

The Move to Integrated Risk Management


According to Gartner IRM requires;• Content management• Document management• User event input/output, distribution, and communication• Risk analytics• Risk and control management• Workflow management• Audit management• Dashboards and reporting• Regulatory change management

Typical features;•Alerts/Notifications• Audit Planning• Auditing• Business Process Control• Corrective Actions (CAPA)• Dashboard• Exceptions Management• IT Risk Management• Internal Controls Management• Issue Management


https://www.blendedperspectives.com/reimagining-grc-governance-risk-compliance/

Fortress Architectures are widespread and embedded


Salesforce

Service Now

Jira

SAP/Oracle

Clarity/Planview

Lockpath/Metric streamCRM

ITSM

GRC

SDLC/Devops

ERP

PPM

And many others


The un-

magical

quadrant

Risk Management solutions are not frankly that great!


•Stand alone point based solutions – Audit findings in Auditor’s system•Risk management events dispersed in fortress architectures•Spreadsheets Spreadsheets Spreadsheets•No collaborative dimension to tracking just email•Difficult to see threats across the various silos


What is GRC for?

Where are the big risks?


If you spend most of your time

talking about transformation, cyber

security and IT – I have a pretty

good answer for you


Who is this Atlassian?


185,000 plus customers

30,000 plus service management

customers

75% of all Agile teams use Jira &

Confluence


Research Methodology & Approach

The Marketplace

is a giant

functional

laboratory!


But, it’s more like

this!


MARS - Marketplace Analytics

Research Service

We have created a database

that tracks all 3rd party apps

that is organized via our own

custom categories


Marketplace Overview

Administration

Database

Business Analysis

Code Management

CRM

Email

Integration

Mobile

Publishing

Security

Time Management

Utilities

Code Build

Collaboration

Diagramming

Forms

PlanningReporting

Scripting / Automation

Test Management

Translation

Workflows

0

20

40

60

80

100

120

-4% -2% 0% 2% 4% 6% 8% 10% 12%

Nu

mber

of A

pps

2021 Percentage Growth

Synthesis T M


PPM

GRC

Testing

CRM

HR

Collection of structured solution configurations and documentation as well as knowledge structures which act as a solution accelerator

HIGH LEVEL BLUEPRINT

GRC PORTAL

Status

Overall Risk Views

PORTFOLIO VIEWSWork Portfolio

Virtual Management & Reporting

GRC Documentation

Control Management

Single Platform!


• Business Risks

• IT risks

• Financial risks

• Legal risks

• Incidents

• Security threats

• Controls

• Audit findings

• Tasks

• Audit projects

• Remediation projects

Jira What’s it all about?


Highly functional UI

“Issue type” = Item type

Confluence What’s it all about?


High Level View – User Interface


• Single platform

enables a fully

integrated view

across enterprise

application domains

• We walk the talk!

• Enables cross

enterprise or

integrated line of

business views also

GRC High Level View


• Major functional

components

• Easy to modify

• Simplifies user

interface

• OKRs are included

throughout this solution

• Simply a template

ready for modification

Risk Records


Risk Management -Kanban


Risk Management – Transparency across the enterprise


Wrap


• We know budgets are always tight – if you have

Atlassian – Jira/Confluence – you can simply use

them for all GRC – save big dollars!!

• Push back against silo approaches to GRC – risk is

where you find it

• Adopt Agile GRC and constantly evolve (forget

fixed SAAS solutions

Wrap


Risk Management – Assessments Kanban


Audit Management

Risk Management –Audit Management


Issue Type = Finding


Audit Finding = Issue Type

5 C’s

Condition = What is the particular problem identified?

Criteria = What is the standard that was not met?

Cause = Why did the problem occur?

Consequence = What is the risk?

Corrective action = What should management do?

Risk Management –Audit Management


Risk Management – Findings Dashboard


Assessment core records


Risk Management – Assessment record and Sub tasks


Risk Management – Assessments Plan


Assessment Self Service


Assessment Service Desk


Assessment Dashboard




Control Management


LOB

Control Objectives


Control Management



Incident Management

Incident Management – Open to all


Incident Management – Dashboard




Vendor Management


LOB



Enterprise



GRC Documentation

Approach Agile Sprint iterations – Don’t stop improving


Conclusions Benefits


• PM risks become GRC risks

• ITIL/ITSM incidents transparent – they are in Jira

• Start with a working blueprint speeding up your solution

• Highly configurable solution to meet most complex use cases

• Initial functioning solution in 10 days!

• Custom documentation along the way

• Training can be part of later sprints

• Leverages everyone managing risk – less silos

Approach


[email protected] / +1-855-366-8444

Documents