få ut mer av ditt interna kontrollsystem

FÅ UT MER AV DITT INTERNA KONTROLLSYSTEMI N S P I R E E V E R Y O N E T O O W N R I S K

J E S P E R S A C H M A N N

2

© Copyright 2016 EMC Corporation. All rights reserved.

Is Your GRC Program Ready? Or do you really need one?

3


The ChallengeR

esults

Reach

Resource overload

High rate of change

Lack of resources

Lack of business context

ComplianceRisk

Opportunity

4


Inspire Everyone to Own RiskR

esults

Reach

ComplianceRisk

Opportunity

Risk management is the key to protecting your competitive advantage.

TransformHarness

Exploit

5


Keep The VisionEmpower a Common Risk Conversation

‘Most companies do not have a consistent way of assessing risk across the

enterprise. 20% of companies say there is no process to develop and aggregate

a risk profile and a further 38% rely on a self-assessment by the business units.

Almost half profess difficulties in understanding their enterprise-wide risk

exposure.’

- Global Risk Survey: Expectations of Risk Management Outpacing Capabilities—It’s Time for Action, KPMG,

2013.

• Broadest suite of integrated solutions

• Rapid implementation

• Business context

66

Small building Blocks of your GRC CapabilityRisk Catalog

Bottom-Up Risk Assessment

Key Indicator Management

Loss Event Management

Top-Down Risk Assessment

Operational Risk Management

Third Party Catalog

Third Party Risk Assessment

Third Party Engagement

Third Party Governance

Issues Management

Audit Engagement & Workpapers

Audit Planning & Quality

Plan of Action & Milestones (POA&Ms)

Assessment & Authorization (A&A)

Continuous Monitoring

Business Impact Analysis

Incident Management

Business Continuity and IT Disaster Recovery Planning

Resiliency Management

Corporate Obligations Management

Policy Program Management

Controls Assurance Program Management

Controls Monitoring Program Management

IT and Security Policy Program Management

IT Controls Assurance

IT Security Vulnerabilities Program

IT Risk Management

PCI Management

Security Incident Management

Security Operations and Breach Management

IT Regulatory Management

Information Security Management System (ISMS)

Use Case list as of Q2 2016 (subject to change)

7

Enterprise & Operational Risk ManagementStage 1 Stage 2 Stage 3 Stage 4 Stage 5

AdvantagedTransformManagedTransitionSiloed

Ke

y D

rive

rs:

Ris

k A

sses

smen

tsM

etri

csLo

ss E

ven

tsR

isk

Issu

es

Issues Management

Findings + Remediation Plans

Exec

uti

ve R

isks

Risk Catalog

Operational Risk Management

RCSAs Business Change RiskpRCSAs

Key Indicator ManagementKRIs + Reporting

Bottom-Up Risk AssessmentManual Assessments

Ente

rprise

Risk M

anagem

ent

Third Party Governance

Control Assurance Program Management

IT Risk Management

Audit Planning & Quality

Business Continuity & IT Disaster Recovery Planning

Top Down Risk AssessmentRisk Hierarchy & Risk Register

Loss Event ManagementLoss Event Catalog + Root Cause Analysis

Use Cases Related Use Cases

8


Constant Vigilance is NecessaryAdapt at the Speed of Risk

• Configurable system administration

• Configurable reporting engine

• Upgradable

‘73% of companies have seen the volume and complexity of risks increase over

the past five years, and 20% of companies have seen the volume and

complexity of risks extensively increase over that same period.’

- Current State of Enterprise Risk Oversight: Progress is Occurring but Opportunities for Improvement Remain,

July 2012, ERM Initiative at North Carolina State University on behalf of the American Institute of CPAs Business,

Industry & Government Team.

9


Industry Leadership

1300+ deployments43+ countries 25+ industries

Leader in Ops Risk MQ 2015

Leader in IT Risk MQ 2015

Leader in IT Vendor Management 2016

Leader in BCM MQ 2014

59 Fortune 100

Leader in Forrester GRC Wave

Quoted as “the most mature offering in

many occasions”

148 Fortune 500125 Global 500 10 Out of 10 Biggest U.S.

Banks*

* bankrate.com

10


1010

Next Steps towards a GRC Capability

Reach Out

Attend an Archer Event

NEW ORLEANS, OCTOBER 25-27 2016

EMC, RSA, the EMC logo and the RSA logo are trademarks of EMC Corporation in the U.S. and other countries.