7 grc myths webinar 20110127 final (2)
TRANSCRIPT
![Page 1: 7 Grc Myths Webinar 20110127 Final (2)](https://reader030.vdocument.in/reader030/viewer/2022032714/55ab3f171a28abf2318b4748/html5/thumbnails/1.jpg)
The 7 Myths of GRC Initiatives
![Page 2: 7 Grc Myths Webinar 20110127 Final (2)](https://reader030.vdocument.in/reader030/viewer/2022032714/55ab3f171a28abf2318b4748/html5/thumbnails/2.jpg)
Today’s Agenda - 35 minutes
About Lightwave Security
Why GRC
GRC Myths
Countering the Myths
Our Solution
2
![Page 3: 7 Grc Myths Webinar 20110127 Final (2)](https://reader030.vdocument.in/reader030/viewer/2022032714/55ab3f171a28abf2318b4748/html5/thumbnails/3.jpg)
About Lightwave Security
Lightwave Security is:
A privately held Strategic IT Security Services Company Established in 2006 and comprised of industry veterans
Servicing Global Enterprise, Commercial and Government
Located in Atlanta, GA with multi-location presence in USA
Focused on Automated IT GRC Solutions and Services
Exclusive distributor of SecureAware® in North America
Learn more at www.lightwavesecurity.com
3
![Page 4: 7 Grc Myths Webinar 20110127 Final (2)](https://reader030.vdocument.in/reader030/viewer/2022032714/55ab3f171a28abf2318b4748/html5/thumbnails/4.jpg)
SecureAware®
SecureAware®, an all-in-one platform for compliance, best practices and security
awareness that incorporates an automated compliance workflow system built in
accordance with ISO international standards.
It currently supports ISO 2700x, PCI DSS, and CoBIT 4.1 frameworks out-of-the
box
4
![Page 5: 7 Grc Myths Webinar 20110127 Final (2)](https://reader030.vdocument.in/reader030/viewer/2022032714/55ab3f171a28abf2318b4748/html5/thumbnails/5.jpg)
Webinar Series: Effective GRC Management
Part 1: “The 7 Myths of GRC Initiatives”
Today
Part 2: “Defining a Best-In-Class GRC Program”
Thursday, February 10th, 2010 - 1:00 PM
5
![Page 6: 7 Grc Myths Webinar 20110127 Final (2)](https://reader030.vdocument.in/reader030/viewer/2022032714/55ab3f171a28abf2318b4748/html5/thumbnails/6.jpg)
What is GRC?
Manage
Risk exposures
Security practices
Compliance requirements
Satisfy the Auditors
Communicate with Regulators
6
![Page 7: 7 Grc Myths Webinar 20110127 Final (2)](https://reader030.vdocument.in/reader030/viewer/2022032714/55ab3f171a28abf2318b4748/html5/thumbnails/7.jpg)
Aberdeen Group Report
7
Effective GRC ManagementPositioning Your Company for Growth
December 2010
In-depth and comprehensive look into
process, procedure, methodologies, and
technologies with best practice identification
and actionable recommendations.
Download from
http://www.lightwavesecurity.com/grc_report.html
![Page 8: 7 Grc Myths Webinar 20110127 Final (2)](https://reader030.vdocument.in/reader030/viewer/2022032714/55ab3f171a28abf2318b4748/html5/thumbnails/8.jpg)
Aberdeen Effective GRC Report
Over 100 companies were surveyed between
November and December 2010:
Guidance on implementing effective Governance,
Risk, and Compliance (GRC) management
Review of capabilities and enabling technologies that
help improve financial and operational control
Identify best practices and current initiatives in
enterprise GRC management
8
![Page 9: 7 Grc Myths Webinar 20110127 Final (2)](https://reader030.vdocument.in/reader030/viewer/2022032714/55ab3f171a28abf2318b4748/html5/thumbnails/9.jpg)
Setting the Stage for GRC
Ongoing corporate consolidations and new
regulatory requirements amidst a recovering
economy has introduced a series of new liabilities for
organizations
Parent companies continue to be concerned about
management standards across their constituent
companies, operational risks, and the ability to
comply in a dynamic regulatory environment
9
![Page 10: 7 Grc Myths Webinar 20110127 Final (2)](https://reader030.vdocument.in/reader030/viewer/2022032714/55ab3f171a28abf2318b4748/html5/thumbnails/10.jpg)
New Economy Challenges
Today’s companies must comply or be fined /
banned from selling their products in a state or
region
Organizations must closely track and manage their
processes against regulations that vary widely
The global economy necessitates expediting key
processes and mitigating risks
10
![Page 11: 7 Grc Myths Webinar 20110127 Final (2)](https://reader030.vdocument.in/reader030/viewer/2022032714/55ab3f171a28abf2318b4748/html5/thumbnails/11.jpg)
Key Definition - Governance
Method in which executives:
“Conduct" their organizations
Provide clear visibility of management directives to
the staff
Ensure initiatives are properly executed in a timely
manner
Maintain top priorities on the executive's agenda
11
![Page 12: 7 Grc Myths Webinar 20110127 Final (2)](https://reader030.vdocument.in/reader030/viewer/2022032714/55ab3f171a28abf2318b4748/html5/thumbnails/12.jpg)
Understanding GRC Drivers
Internal:
Measure impact of proper governance and risk mitigation
External
Quantify the impact of tightened regulations
12
![Page 13: 7 Grc Myths Webinar 20110127 Final (2)](https://reader030.vdocument.in/reader030/viewer/2022032714/55ab3f171a28abf2318b4748/html5/thumbnails/13.jpg)
The Executive’s Role
Responsible for:
Identifying liability associated with any business
decision
Performing an accurate risk assessment to formulate
mitigation strategies
Work effectively with government and regulatory
bodies to ensure business compliance
13
![Page 14: 7 Grc Myths Webinar 20110127 Final (2)](https://reader030.vdocument.in/reader030/viewer/2022032714/55ab3f171a28abf2318b4748/html5/thumbnails/14.jpg)
The GRC Challenge
Implementing GRC management can significantly
improve operational and financial control
BUT
Many organizations lack the initiatives, capabilities,
and technological enablers to realize the benefits
14
![Page 15: 7 Grc Myths Webinar 20110127 Final (2)](https://reader030.vdocument.in/reader030/viewer/2022032714/55ab3f171a28abf2318b4748/html5/thumbnails/15.jpg)
Myth #1 – GRC is a Cost Center
GRC management has traditionally been viewed as a
means to:
Reduce liability-related costs
Address problems associated with financial and
operational control
This traditional approach relegates GRC to a Cost
Center, not a business enabler
15
![Page 16: 7 Grc Myths Webinar 20110127 Final (2)](https://reader030.vdocument.in/reader030/viewer/2022032714/55ab3f171a28abf2318b4748/html5/thumbnails/16.jpg)
Myth #1 - Busted by GRC Enablement
Given the dynamic regulatory environment, GRC
management is now setting the stage for new revenue
opportunities:
Improving access to selling into global markets
Attracting new customers through liability-reduction
Best-in-class companies view GRC solutions and
services as key elements to their growth strategy
16
![Page 17: 7 Grc Myths Webinar 20110127 Final (2)](https://reader030.vdocument.in/reader030/viewer/2022032714/55ab3f171a28abf2318b4748/html5/thumbnails/17.jpg)
Myth #2 – GRC Misunderstands Risk
GRC processes are not able to identify risk reliably,
let alone mitigate them quickly enough to compete in
today’s economy
GRC prevents executives from being able to
understand the impact of risk on overall corporate
performance in a timely manner
17
![Page 18: 7 Grc Myths Webinar 20110127 Final (2)](https://reader030.vdocument.in/reader030/viewer/2022032714/55ab3f171a28abf2318b4748/html5/thumbnails/18.jpg)
Myth #2 - Busted GRC Counters Risk
Top companies have taken the initiative to
standardize GRC processes to enable better trade,
safety, and environmental compliance, as well as
improve their abilities to quickly identify risk elements
to expedite mitigation actions
In these organizations, executives are able to
understand the impact of risk on overall corporate
performance
18
![Page 19: 7 Grc Myths Webinar 20110127 Final (2)](https://reader030.vdocument.in/reader030/viewer/2022032714/55ab3f171a28abf2318b4748/html5/thumbnails/19.jpg)
Myth #3 – GRC Can’t Fit My Organization
GRC is a straight-jacket that will prevent
management and executives from correcting
problems as they occur
GRC is too generic and can’t generate enough data
to identify the sources of issues in my complex
organization
We need both Quantitative and Qualitative data and
GRC can't supply both
19
![Page 20: 7 Grc Myths Webinar 20110127 Final (2)](https://reader030.vdocument.in/reader030/viewer/2022032714/55ab3f171a28abf2318b4748/html5/thumbnails/20.jpg)
Myth #3 – Busted GRC Can Fit Everyone
Executive driven GRC allows them intervene and
provide a corrective paths quickly
Both qualitative and quantitative feedback can be
collected from various departments, at various
levels, to validate the success of the strategy
GRC scales to large, complex organization
20
![Page 21: 7 Grc Myths Webinar 20110127 Final (2)](https://reader030.vdocument.in/reader030/viewer/2022032714/55ab3f171a28abf2318b4748/html5/thumbnails/21.jpg)
Myth #4 – GRC Data is Too Dispersed
GRC efforts result in data scattered all across an
enterprise preventing timely stakeholder access
Management can’t get easily get mission-critical risk
data that impacts corporate objectives
21
![Page 22: 7 Grc Myths Webinar 20110127 Final (2)](https://reader030.vdocument.in/reader030/viewer/2022032714/55ab3f171a28abf2318b4748/html5/thumbnails/22.jpg)
Myth #4 – Busted GRC Centralizes Data
Effective GRC centralizes risk data and compliance
information to facilitates stakeholder access,
particularly in situations where the organization is
dispersed geographically and operating in different
time zones
Best-in-Class companies leverage this centralized
repository to maintain GRC information to provide
visibility into to management directives, risk
elements, and regulatory changes
22
![Page 23: 7 Grc Myths Webinar 20110127 Final (2)](https://reader030.vdocument.in/reader030/viewer/2022032714/55ab3f171a28abf2318b4748/html5/thumbnails/23.jpg)
Myth #5 – GRC Impacts Performance
There is too much overhead in GRC programs to
monitor all my risks and compliance needs, so it
can’t really tell us what is going on
Getting real-time data out of a GRC program is
nearly impossible, so I can’t get actionable
information
23
![Page 24: 7 Grc Myths Webinar 20110127 Final (2)](https://reader030.vdocument.in/reader030/viewer/2022032714/55ab3f171a28abf2318b4748/html5/thumbnails/24.jpg)
Myth #5 – Busted GRC Enhances Performance
Effective GRC programs systematically monitors key
risk indicators, so organizations can consistently get
a pulse on the health of the business
Best-in-Class companies are therefore better at
measuring how well their staff is following
management directives
Timely tracking of corporate governance
effectiveness enables executives to ensure the
alignment of staff execution to enterprise objectives
24
![Page 25: 7 Grc Myths Webinar 20110127 Final (2)](https://reader030.vdocument.in/reader030/viewer/2022032714/55ab3f171a28abf2318b4748/html5/thumbnails/25.jpg)
Myth #6 – GRC is NOT a Technology Problem
We need to rely on our employees to manage risk
due to the highly regulated nature of our business
Our data is created by people, and they understand
it best
Our executives are tired of technology solutions
25
![Page 26: 7 Grc Myths Webinar 20110127 Final (2)](https://reader030.vdocument.in/reader030/viewer/2022032714/55ab3f171a28abf2318b4748/html5/thumbnails/26.jpg)
Myth #6 – Busted Technology Enables GRC
Companies relying completely on people for
communication are at a disadvantage when
compared to software-enabled organizations
Effective GRC provides an infrastructure that allows
executives to concurrently access GRC data /
information
GRC tears down silos of information, allowing
decisions to be made in a quick and informed
manner
26
![Page 27: 7 Grc Myths Webinar 20110127 Final (2)](https://reader030.vdocument.in/reader030/viewer/2022032714/55ab3f171a28abf2318b4748/html5/thumbnails/27.jpg)
Myth #7 – GRC is just another “Me Too” project
Everyone has tried it, and the benefits don’t exceed
the costs
The ROI for GRC just isn’t there
27
![Page 28: 7 Grc Myths Webinar 20110127 Final (2)](https://reader030.vdocument.in/reader030/viewer/2022032714/55ab3f171a28abf2318b4748/html5/thumbnails/28.jpg)
Myth #7 – Busted GRC Differentiates
Implementing a GRC program will help to
differentiate a company from its competitors
GRC provides a quantifiable ROI due to increased
agility and growth
GRC = Governance, Risk and Compliance
OR
“Guard Assets, Revenue Enhancement, Cost Reduction”
28
![Page 29: 7 Grc Myths Webinar 20110127 Final (2)](https://reader030.vdocument.in/reader030/viewer/2022032714/55ab3f171a28abf2318b4748/html5/thumbnails/29.jpg)
GRC Truths
Initiatives foster growth
Is a competitive differentiator
Protects innovation
Attract new customers in new markets
Facilitates stakeholder action
Designed for Executive involvement
29
![Page 30: 7 Grc Myths Webinar 20110127 Final (2)](https://reader030.vdocument.in/reader030/viewer/2022032714/55ab3f171a28abf2318b4748/html5/thumbnails/30.jpg)
Key GRC Management Benefits
Driving organizational alignment of executive and
staff agendas through effective governance
Understanding risks in terms of dollar-value impact
and corporate brand equity
Prioritizing organizational initiatives based on risk
level
Creating additional revenue opportunities by meeting
compliance requirements for selling into new
markets / regions
30
![Page 31: 7 Grc Myths Webinar 20110127 Final (2)](https://reader030.vdocument.in/reader030/viewer/2022032714/55ab3f171a28abf2318b4748/html5/thumbnails/31.jpg)
Enterprise Benefits
Companies can better position themselves for
growth if they become proactive in their GRC
management initiatives:
making sure that objectives, risk, regulatory information,
and accountability information are made visible to
stakeholders ahead of time to enable informed decisions
31
![Page 32: 7 Grc Myths Webinar 20110127 Final (2)](https://reader030.vdocument.in/reader030/viewer/2022032714/55ab3f171a28abf2318b4748/html5/thumbnails/32.jpg)
Call to Action for Effective GRC
Best-in-Class Companies:
Define a workflow from Risk Identification to
Mitigation
Align staff accountability to corporate objectives
Establish platforms to promote visibility and
collaboration on strategic, financial and operational
plans
32
![Page 33: 7 Grc Myths Webinar 20110127 Final (2)](https://reader030.vdocument.in/reader030/viewer/2022032714/55ab3f171a28abf2318b4748/html5/thumbnails/33.jpg)
SecureAware – Our GRC Solution
• Policies, rules, and procedures
• PCI, ISO, and COBIT templates
• Import existing policies
• Create new policies
• Rapidly deploy SAT training
• IT risk management
• Risk assessment
• Vulnerability assessment
• Business impact assessment
• Business process map with IT systems
• Compliance gap analysis
• Internal audit
• Self assessments
• Tasks linked to policies
• Workflow for review & approval
• Recurring tasks
• Documents performed activities
• Gap analysis
• Business continuity plans
• BCP structures
• BCP templates
• Tasks with compliance
Complete customization (skins)
Multiple portals
Multiple languages
API for integration
Interfaces with Active Directory
Automated security awareness
Mapped to policies and procedures
Certificate of completion
33
![Page 34: 7 Grc Myths Webinar 20110127 Final (2)](https://reader030.vdocument.in/reader030/viewer/2022032714/55ab3f171a28abf2318b4748/html5/thumbnails/34.jpg)
Contact Information
Thank you for attending our webinar!
Erik Rolf
Vice President Enterprise GRC
Lightwave Security
For a copy of this presentation please send an email to:
34