få ut mer av ditt interna kontrollsystem
TRANSCRIPT
FÅ UT MER AV DITT INTERNA KONTROLLSYSTEMI N S P I R E E V E R Y O N E T O O W N R I S K
J E S P E R S A C H M A N N
2
© Copyright 2016 EMC Corporation. All rights reserved.
Is Your GRC Program Ready? Or do you really need one?
3
© Copyright 2016 EMC Corporation. All rights reserved.
The ChallengeR
esults
Reach
Resource overload
High rate of change
Lack of resources
Lack of business context
ComplianceRisk
Opportunity
4
© Copyright 2016 EMC Corporation. All rights reserved.
Inspire Everyone to Own RiskR
esults
Reach
ComplianceRisk
Opportunity
Risk management is the key to protecting your competitive advantage.
TransformHarness
Exploit
5
© Copyright 2016 EMC Corporation. All rights reserved.
Keep The VisionEmpower a Common Risk Conversation
‘Most companies do not have a consistent way of assessing risk across the
enterprise. 20% of companies say there is no process to develop and aggregate
a risk profile and a further 38% rely on a self-assessment by the business units.
Almost half profess difficulties in understanding their enterprise-wide risk
exposure.’
- Global Risk Survey: Expectations of Risk Management Outpacing Capabilities—It’s Time for Action, KPMG,
2013.
• Broadest suite of integrated solutions
• Rapid implementation
• Business context
66
Small building Blocks of your GRC CapabilityRisk Catalog
Bottom-Up Risk Assessment
Key Indicator Management
Loss Event Management
Top-Down Risk Assessment
Operational Risk Management
Third Party Catalog
Third Party Risk Assessment
Third Party Engagement
Third Party Governance
Issues Management
Audit Engagement & Workpapers
Audit Planning & Quality
Plan of Action & Milestones (POA&Ms)
Assessment & Authorization (A&A)
Continuous Monitoring
Business Impact Analysis
Incident Management
Business Continuity and IT Disaster Recovery Planning
Resiliency Management
Corporate Obligations Management
Policy Program Management
Controls Assurance Program Management
Controls Monitoring Program Management
IT and Security Policy Program Management
IT Controls Assurance
IT Security Vulnerabilities Program
IT Risk Management
PCI Management
Security Incident Management
Security Operations and Breach Management
IT Regulatory Management
Information Security Management System (ISMS)
Use Case list as of Q2 2016 (subject to change)
7
Enterprise & Operational Risk ManagementStage 1 Stage 2 Stage 3 Stage 4 Stage 5
AdvantagedTransformManagedTransitionSiloed
Ke
y D
rive
rs:
Ris
k A
sses
smen
tsM
etri
csLo
ss E
ven
tsR
isk
Issu
es
Issues Management
Findings + Remediation Plans
Exec
uti
ve R
isks
Risk Catalog
Operational Risk Management
RCSAs Business Change RiskpRCSAs
Key Indicator ManagementKRIs + Reporting
Bottom-Up Risk AssessmentManual Assessments
Ente
rprise
Risk M
anagem
ent
Third Party Governance
Control Assurance Program Management
IT Risk Management
Audit Planning & Quality
Business Continuity & IT Disaster Recovery Planning
Top Down Risk AssessmentRisk Hierarchy & Risk Register
Loss Event ManagementLoss Event Catalog + Root Cause Analysis
Use Cases Related Use Cases
8
© Copyright 2016 EMC Corporation. All rights reserved.
Constant Vigilance is NecessaryAdapt at the Speed of Risk
• Configurable system administration
• Configurable reporting engine
• Upgradable
‘73% of companies have seen the volume and complexity of risks increase over
the past five years, and 20% of companies have seen the volume and
complexity of risks extensively increase over that same period.’
- Current State of Enterprise Risk Oversight: Progress is Occurring but Opportunities for Improvement Remain,
July 2012, ERM Initiative at North Carolina State University on behalf of the American Institute of CPAs Business,
Industry & Government Team.
9
© Copyright 2016 EMC Corporation. All rights reserved.
Industry Leadership
1300+ deployments43+ countries 25+ industries
Leader in Ops Risk MQ 2015
Leader in IT Risk MQ 2015
Leader in IT Vendor Management 2016
Leader in BCM MQ 2014
59 Fortune 100
Leader in Forrester GRC Wave
Quoted as “the most mature offering in
many occasions”
148 Fortune 500125 Global 500 10 Out of 10 Biggest U.S.
Banks*
* bankrate.com
10
© Copyright 2016 EMC Corporation. All rights reserved.
1010
Next Steps towards a GRC Capability
Reach Out
Attend an Archer Event
NEW ORLEANS, OCTOBER 25-27 2016
EMC, RSA, the EMC logo and the RSA logo are trademarks of EMC Corporation in the U.S. and other countries.