nasdaq bwise grc journey issue 2 - 2015
DESCRIPTION
GRC Journey Magazine for Leading Risk Management, Audit, Internal Control and Compliance Professionals.TRANSCRIPT
JOURNEYGRC MAGAZINE FOR LEADING RISK MANAGEMENT, AUDIT, INTERNAL CONTROL AND COMPLIANCE PROFESSIONALS
GRC TRENDSINTEGRATED GRCWHO OWNS THE BUDGET?BIG DATABEYOND THE BUZZDIRECTORS DESK AND INTEGRATION WITH BWISE
T H I S I S S U E
E V E N T S A N D W E B I N A R S
T H E P E O P L E B E H I N D T H E C O M PA N Y
B U S I N E S S I N C O N T R O L W I T H B W I S E
#2/2015
BUILDING THE BUSINESS CASE FOR INTEGRATED
GRC
2ISSUE #2JOURNEY
P 4P 6
P 8P 10
GRC TRENDS
INTEGRATED GRCWHO OWNS THE BUDGET?
BIG DATA
BEYOND THE BUZZ
DIRECTORS DESK AND INTEGRATION
WITH BWISE
CONTENTS
CONTENTS GRC JOURNEY MAGAZINE
P 12 THE PEOPLE BEHIND THE COMPANY
P 13 THE BWISE® GRC PLATFORM
P 14 ANALYST RECOGNITION
P 15 EVENTS AND WEBINARS
3ISSUE #2JOURNEY
TO PRESENT YOU THE
LATEST ISSUE OF THE
GRC JOURNEY MAGAZINE. THE GRC MARKET
IS LARGER AND MORE DYNAMIC THAN EVER
BEFORE. THERE ARE NEW REGULATIONS TO
COMPLY WITH, NEW AUDIT FINDINGS TO RE-
SPOND TO AND NEW POTENTIAL RISKS TO
BE ASSESSED.
As BWise is now fully integrated with Nasdaq, I am proud to lead a fantastic management team. Luc Brandts, co-founder of BWise drives our vision in his role as CTO. Rob van Straten manages global sales & delivery, while Magnus Vargmar is in charge of support and academy services. Clarinda Dobbelaar handles our product portfolio and manages customer communications.
We are now taking steps to extend BWise’s market leadership and have expanded our global presence, Asia in particular. We have launched a significant investment initiative to further extend BWise’s capabilities, especial-ly with IT GRC/Information Security. Recently, we have announced our first ever BWise Global Customer Summit, to be held in New York in October. For two days, we will gather our customers from around the world to learn about the latest trends, peer to peer information sharing and networking. Together with our growing network of partners, we are more than ready to deliver world-leading GRC solutions.
This issue of the GRC Journey Magazine is focused on diving deeper into the trends and developments of the ever-changing GRC environment. I hope you will enjoy reading it. Please don’t hesitate to contact me if you have any questions.
Best regards
Peter de VerdierHead of Nasdaq BWise
IT IS MY PLEASURE
FOREWORD PETER DE VERDIER
Peter de VerdierHead of Nasdaq BWise
3ISSUE #2JOURNEY
4ISSUE #2JOURNEY
GRC TrendsTHE DEMAND FOR END-TO-END GRC TECHNOLOGY WILL CONTINUE TO GROW
TODAY GRC
(GOVERNANCE, RISK AND COMPLIANCE) IS STILL
A VERY SCATTERED LANDSCAPE. ANALYSTS HAVE STATED THAT ABOUT 80% OF THE
GRC SOLUTIONS CURRENTLY IMPLEMENTED ARE POINT SOLUTIONS. THIS IS THE RESULT OF THE WAY
COMPANIES DEAL WITH THEIR GRC NEEDS. OFTEN ORGANIZATIONS ARE LOOKING FOR A SOLUTION
TO SOLVE AN IMMEDIATE PAIN POINT, AND SELECT THE BEST OF BREED. IN THOSE AREAS WHERE
IT IS PARTICULARLY IMPORTANT TO SHARE INFORMATION, AND TO BUILD FROM ONE
COMMON DATA MODEL, A MORE STRATEGIC
APPROACH IS SEEN.
The Changing role of Internal AuditThe third line of defense, Internal Audit, over-sees the risk, compliance, internal control and information security functions and has always been collecting data, through audits, from across the entire organization. With technolo-gies allowing them to automate their process and large portions of the data collection, they are the genuine drivers for integration and standardization of a common risk language and one framework to connect risks and control to
This is especially true in Operational Risk that closely aligns with Compliance, Internal Con-trol over Financial Reporting and Information Security. Those separate functions often share common data structures in business processes, organizational structures, and risk definitions. An integrated approach to GRC is in those cases preferred.
There are several factors driving the demand for integrated GRC technology platforms:
By: Luc BrandtsCTO and Founder
5ISSUE #2JOURNEY
regulatory changes that compliance officers of international organizations need be aware of is astonishing. Existing regulations are being defined further and additional regulations are added to the ledgers. The risk of non-compli-ance continues to grow. We observe that many companies are changing their perspectives and behaviors on the risk of non-compliance. This pushes a strong need for regulatory alerts management, often in combination with case management and policy management.
Now, most companies are behaving more conservatively and their risk appetites are reduced. As the global economy turns around, more customers are doing what they can to fuel that positive momentum, often staying well within newly defined risk tolerance levels. This is what risk monitoring and management is intended to facilitate. Controls can be adjust-ed as the organization changes its view on the threats of the external factors.
Reputational risksOther external factors driving GRC technology needs are threats to the organizations’ reputation including supply chain issues such as vendor and business continuity management. Ever-growing outlets for posting opinions that become facts can damage an organization’s name or brand overnight. This risk coupled with actual production issues, faulty-design liabilities, poor quality com-ponents, miss management vendors to just unexpected bad weather, can cause interrup-tions to the organization’s intended customer experience.
This is happening in both the business-to-con-sumer and the business-to-business worlds. This doesn’t go unnoticed by customers or prospects. These risks are a growing concern to management and boards. We know from experience that a strong GRC platform needs to allow flexibility to capture the breadth of these potential risks and offer sophisticated capabilities to handle sharing the information and analysis between functional areas.
We expect these trends to drive GRC imple-mentations into the next decade. Effectively managing the effects of each trend with solid GRC technology will lead to overall better business performance and it seems that the business world is perceiving that.
the business processes. Eventually, by enhanc-ing a GRC platform, audit is enabled to create a more transparent view of aggregated risks across the enterprise allowing the company to better balance performance and risks.
Internal organizational issuesInternal organizational issues such as the increasing burden of compliance and the nev-er-ending search for efficiency improvement and (IT) cost reductions will compel organi-zations to look for GRC platforms that can support all GRC in one integrated environment.
At BWise we are replacing the first generation of GRC point solutions with our second gen-eration integrated platform in basically every region and industry. Standalone functional departments and siloed entities have inter-dependencies that need to be linked for cost and operational efficiencies. Rapidly changing business priorities require sharing information between departments and those changes require synchronized decision-making through-out the organization. Integrated GRC platforms are designed to facilitate this.
The increasing importance and volume of data Modern technologies enable GRC profession-als in Audit, Internal Control and IT security to process warehouses of information and his-torical records. This allows them to fade away from e.g. at random control testing towards real time 100% control testing or auditing, improving not only the quality of their work, but also allowing them to be alerted when it happens instead of after the fact while it’s freeing up time to work on the incidents or risks instead of finding them.
Continuous Monitoring and Continuous Audit-ing (CM/CA) technologies are very promising: Let’s simply look at the data organizations have and what they could use to detect anomalies, potential risks emerging, detect and prevent fraud. It is quite amazing what technology allows you to do, at a cost much lower than the return in the very first year.
Regulatory changesThe more sophisticated, connected and stressed the world becomes, the more human nature drives the need for the number of reg-ulatory bodies and the amount of regulations mandated by each to expand. The amount of
GRC TRENDS THE DEMAND WILL CONTINUE TO GROW
Is your company ready to look at second generation GRC Technologies? Or do you have questions for Luc Brandts, contact us to get in touch with our experts.
6ISSUE #2JOURNEY
Investing in eGRC (also called integrated GRC) can be rewarding from an ROI point of view. The challenge often is to find the answer to the question: “Who will be the owner of the platform and who has the budget?” Similar to ERP 25 years ago, GRC currently is often fragmented over various departments and functions such as risk, audit, compliance, ICFR, etc. These departments grew organically over the past years to their current size and importance in today’s transparent and regulated corporate environment. GRC projects often start as a
need for better software tooling for one or a few GRC functions with specific needs and requirements. Those who took the initiative, ‘automatically’ became the owners of their GRC platform. They will be challenged when they deploy their GRC platform in the future to other departments for integration. From a financial perspective, the substantial and structural savings achieved by using an integrated platform for other departments and functions are not always taken into account since those savings often are outside the department’s domain.
Integrated GRCWHO OWNS THE BUDGET?
MANY ENTERPRISES INVEST IN GRC SOFTWARE AND MANY
DECIDE TO IMPLEMENT AN ENTERPRISE GRC PLATFORM (EGRC)
RATHER THAN ‘POINT SOLUTIONS’ FOR RISK MANAGEMENT,
INTERNAL AUDIT, INTERNAL CONTROL OR COMPLIANCE. THE
FINANCIAL JUSTIFICATION FOR A POINT SOLUTION IS RATHER
STRAIGHTFORWARD, BUT TO ALLOCATE A BUDGET FOR EGRC
THAT WILL BE USED BY MULTIPLE GRC FUNCTIONS CAN BE MORE
CHALLENGING.
By: Rob van StratenGlobal Head of Sales and Delivery
7ISSUE #2JOURNEY
By: Rob van StratenGlobal Head of Sales and Delivery
Tactically relevant, easy to calculateInvestigating what GRC processes are in place within the organization, as well as the organization’s IT tooling and supporting IT infrastructure, often lead to surprising high costs. It is relatively easy to do by calculating all IT costs of the GRC supporting tools, including costs such as depreciation of hardware and software, subscriptions, maintenance contracts, hosting costs, network costs, upgrade costs (often much higher than assumed) and last but not least, administrators and IT staff costs to maintain and operate the GRC IT landscape. All that is owned and operated can be replaced by one platform with limited costs and one vendor relation to manage. The ROI is often realized in a matter of months rather than years.
Enterprises are now challenged to answer the questions, “Who owns eGRC? Is it Risk? Audit? Perhaps the CFO or should there be a strategic role for IT?”. CIO’s and IT leaders should define eGRC programs and facilitate the various GRC user groups. In the past few years, the first generation of visionary CIOs implemented eGRC platforms as a strategic companywide initiative. Industry analysts and experts predict continuous growth of this eGRC approach as point solutions in Europe and North America are entering their end-of-life cycle and decision making is shifting gears towards eGRC. It is interesting to see that in ‘emerging markets’ the banks and leading enterprises skip the step of GRC point solutions and start their GRC Journey with eGRC immediately.
Financial justificationThe financial justification of an integrated GRC platform should not only take into account the ROI of the selected GRC solution for the needs of e.g. risk management or audit, but also the cost reductions that will result from expanding the platform over multiple GRC domains over time. Some of the integration benefits are strategic but hard to calculate, whereas others are easier to quantify.
Strategically important but hard to calculateThere are a number of very strategic arguments to an integrated GRC approach. These are fundamentally more difficult to quantify but it is nonetheless crucial not to overlook them:
Improved steering of the enterprise by aggregated risk, audit and compliance reports that show ‘one version of the truth.’
Ability to react dynamically to changing corporate environments (e.g. mergers, acquisitions, changing corporate structures) or the regulatory landscape.
Efficiencies in the GRC departments such as Risk Management, Internal Audit, Compliance, and Internal Control will increase as a result of more advanced tooling and use of enterprise frameworks, templates and data, rather than reinventing functions time after time. Growth of the GRC staff can be limited and departments could even merge.
Improved efficiencies throughout the enterprise by ‘asking questions once and reusing the answers.’ People in today’s enterprises suffer substantially from the burden of compliance, as they must provide the same or similar information to different groups within the lines of defense. Multinational enterprises spend between 5% and 10% of their annual revenue on GRC related activities and processes.
Control rationalization by integration of the various GRC domains; better implementation could easily reduce the number of controls by 50% throughout the enterprise. An industry benchmark estimates that the annual costs of one control to be approximately $500.00.
Watch the video “The Financial Justification of integrated GRC.”
INTEGRATED GRC WHO OWNS THE BUDGET?
ISSUE #2JOURNEY7
8ISSUE #2JOURNEY
BEYOND THE BUZZ
What is your definition of Big
Data?Big is very subjective and this is
also where most of the confusion comes from. These days the term “Big
Data” is widely used in the field of data analytics but also in many others. Natu-
rally, the concept of Big Data implies a very large set of data, practically unlimited. To me, another characterization of Big Data is when the volume of data is so big that specific tools are needed to analyze it. Many organizations do not have data sets this large. Moreover, as technology progresses, the capacity for ana-lyzing data sets evolves and therefore, so does the definition of Big Data. On the other hand, the development of technology allows us to record more and more data such as people’s activity. The frequency of the interactions, the large target audience (e.g. car drivers, custom-ers) and its broad applicability result in a rapid increase of the volume of data and with that, the need for new and/or different technology to analyze that data. The conclusion is that the definition of Big Data is likely to be ever evolving for a number of years.
8ISSUE #2JOURNEY
Caroline Souvestre, Senior Product Marketing Specialist, interviewed Anton Lissone on the buzz around Big Data.
9ISSUE #2JOURNEY
Can you give some concrete examples of how customers can use this?We have customers that deployed BWise® to monitor their primary ERP applications daily to check if they are well prepared in various areas such as: Month End Closing (fast-close), Fraud (Anti-Bribery), Operational Excellence (Working Capital and Cash Flow) or Tax Optimization. Data Analytics can also be used to prepare for Security Audits, Financial Audit by external auditors, Data Migration (and data quality) projects. We also provide Key Risk Indicator Analysis, Loss Analysis and Automatic Issue Triggering (Loss, Incidents, and Customer Complaints). It is mostly beneficial to those who are responsible for these GRC topics and are already using a GRC platform to support them in their daily tasks. With BWise, they can perform their internal control, internal audit or risk management tasks while taking advantage of data analytics in one integrated platform. There is no need to run reports with parameters, store files and document their follow-up elsewhere. Everything is within reach using BWise which saves precious time, makes the process more reliable and therefore easily auditable.
Everybody nowadays says they do something with Big Data, why is BWise unique?When we analyze big data, we are not unique. Our distinctive focus is to bring Data Analytics to our primary user groups which are Internal Audit, Internal Control, Information Security, Risk Management and other GRC profession-als. For those users we provide a one-stop-shop for all their needs with not only dash-boards, but also alerts, enterprise GRC related documentation, workflows for follow-up and sign-off as well as reporting for regulators and external auditors. When you use Data Analysis for Anti-Bribery for instance, providing a dashboard on all payments and other types of transactions/interactions with customers is not sufficient to comply with FCPA. Users need to be alerted, see the dashboard, find the needle in the hay-stack, kick-off their due diligence, create investigation cases, follow-up and close cases and eventually report about the progress of that entire cycle. BWise enables customers to cover the entire process.
Why do you think it is such a popular term at the moment?Big Data appeals to the imagination of the reader. The insights found from Big Data analyses are very interesting, valuable and in-novative. This creates a buzz around the term Big Data in such a manner that all of a sudden everyone involved with data analytics (big or not) these days refers to the term Big Data. I consider that 80% of the use cases that can be found on the internet that claim relation to Big Data actually consists of traditional Business Intelligence. Moreover, next to the Big Data trend is the range of available dashboarding and visualization tools that have greatly broad-ened. These are often associated with Big Data which is not necessarily accurate.
What can companies do with ‘big data’? What are the benefits?There are valuable new insights that can be created using Big Data which were not avail-able before and these come at a speed that allows organizations to really use the results in their day-to-day operations. Things like con-sumer behavioral monitoring are now within reach. Within the GRC domain there are also lots of topics that arise: Anti-Money Launder-ing, Revenue Accounting, Account Monitoring, Capital Requirement Calculations, Quantitative Risk Analysis and many more,
BWise also provides a solution that can analyze large amounts of data. Can you describe the BWise CM/CA solution?The BWise® GRC platform relies on the Database Management System (DBMS) layer for its analytical capabilities like many other applications. What makes our solution specific is the fact that it combines day-to-day analytics with an Enterprise GRC solution. It analyzes the data and pushes the results to the responsible party for follow-up, sign-off or investigation if required. All the interactions with the data are stored within the BWise platform to form an audit trail. By using the DMBS and standard available reporting tools, we create a hybrid platform focusing on capturing audit trails and providing distribution of reporting in a smart manner.
INTERVIEW ANTON LISSONE BIG DATA / CONTINUOUS MONITORING
Do you want to know more about data analytics for the various disciplines in GRC? Download our brochure: “BWise Brings two Worlds Together”.
We like to think that we take the Big out of Big Data. We aim to narrow it down to the essentials in light of GRC to allow organizations to successfully implement it and gain tangible benefits. We want to capture the entire process, not only the data analysis part, in such a manner that makes it a sustainable proposition for day-to-day use in the already overburdened area of GRC.
Anton LissoneDirector of Data AnalyticsMr. Lissone specializes in Data Analytics, Continuous Monitoring and is an expert in C- Level Business-Intelligence & Consultancy.
9ISSUE #2JOURNEY
10ISSUE #2JOURNEY
10
RISK AND COMPLIANCE PROFESSIONALS
ARE REGULARLY REQUIRED TO PROVIDE
INFORMATION ON THE COMPANY’S STATE
OF COMPLIANCE OR KEY RISK INDICATORS
TO SENIOR MANAGEMENT AND THE BOARD,
SO THERE IS AN APPROPRIATE OVERSIGHT BY THE
GOVERNING BODY OF THE RISKS FACING THE COMPANY.
THIS IS IN ADDITION TO THEIR DAY-TO-DAY RESPONSIBILITIES
OF KEEPING FINANCIAL AND REPUTATIONAL RISKS UNDER
CONTROL. THIS INTEGRATION EMPOWERS EXECUTIVES TO BRING
CORPORATE ACCOUNTABILITY AND RISK CONTROL TO A HIGHER
LEVEL OF SOPHISTICATION WHILE FACILITATING COMMUNICATION
TO THE BOARD.
By: Clarinda DobbelaarGlobal Head of Portfolio ManagementMarket TechnologyNasdaq BWise
ISSUE #2JOURNEY
DIRECTORS DESK AND INTEGRATION WITH BWISE
11ISSUE #2JOURNEY
Nasdaq offers a comprehensive range of GRC solutionsNasdaq’s GRC solutions provide executives and board members – in both private and public companies – technologies that allow them to drive transparency as well as balance risks and opportunities to help their organizations make better decisions. Reports and a centralized at-a-glance dashboard offer guidance and provide assurance that a company is in control of its key risks, including the risk of non-compliance. Nasdaq’s broad range of GRC solutions and services, of which BWise is the cornerstone, helps organizations manage their GRC process-es from the operations up to board level.
Nasdaq Board Portal: Directors DeskNasdaq’s Directors Desk is a strategic produc-tivity suite that empowers executive man-agement, Corporate Secretaries and Board Members to communicate with audit, risk and compliance committee members and execute tasks faster in an environment designed with security in mind. Corporate Secretaries can easily and confidentially communicate, share board books and critical information, as well as manage calendars, events and documents – for individual directors, committees or the entire board. Additionally, the service is designed to enable decision-makers to access materials at their convenience – anytime, anywhere, in an environment designed with multiple layers of security features.
Seamless integration for leveraging Risk Management, Compliance and Audit informationPreparing the multitude of different Risk Man-agement, Compliance, Audit and Governance related information required for a board meeting used to be a time consuming and manual task. With the integration of Nasdaq Directors Desk and BWise, risk dashboards, audit findings and compliance reports can now be effortlessly pushed from BWise directly to the Directors Desk Document Repository. Directly provide the Board with information on how the company is performing in terms of overall compliance, as well as entity by entity, by leveraging all of the information available within the BWise platform. Now, the board can more effectively monitor and validate control over the company’s exposure to reputational damage, financial risks or liabilities, all within a Board Portal environment that is designed with security features in the application, environ-ment and the systems and processes used to support them.
DIRECTORS DESK AND INTEGRATION WITH BWISE
For more information on Nasdaq’s Directors Desk: request a demo or visit the website.
The choice of integrating BWise and Directors Desks content men-tioned herein is only available for customers that subscribe for both services upon their request and choice. The BWise services refer-enced in this document are offered by local BWise entities, depending on the geographical location of the customer. The Directors Desk ser-vices referenced in this document are offered by local Nasdaq Corpo-rate Solutions entities, depending on the geographical locatioan of the customer. Each such BWise or Nasdaq Corporate Solutions entity is a subsidiary of the Nasdaq OMX Group, Inc. For details of the entity providing the relevant services, and the terms and conditions appli-cable to the services, prospective customers please refer to BWise’s and Nasdaq Corporate Solutions’ master services agreements, and current customers please refer to your contract with BWise and Nasdaq Corporate Solutions for such services.
12ISSUE #2JOURNEY
THE PEOPLE BEHIND THE COMPANY
MAGNUS VARGMAR IS PART OF
THE BWISE MANAGEMENT TEAM
AND RESPONSIBLE FOR BWISE
SERVICES INCLUDING APPLICA-
TION MANAGEMENT, MANAGED
HOSTING AND SUPPORT SER-
VICES ALONG WITH THE BWISE
ACADEMY, IT AND SECURITY.
“As I am responsible for the BWise Services, I oversee customer support, Application Management, Managed Hosting and train-ing services along with IT, Security and the overall responsibility for the integration of the BWise services into Nasdaq. Our Appli-cation Management and Managed Hosting services allow our customers to be easily scalable, maximize accessibility and reliabil-ity as well as benefit from IT best practices to improve the overall quality of software deployment, operation and support. In sup-porting our customers with these services, we pay particular attention to gathering and defining the requirements that meet the business objectives. We are excited about growing this business segment of BWise as we have observed a steady growth in the Application Management and Managed Hosting services segments, with an increase of 50% last year. Another recent milestone has been the introduction of hosting capabilities in the APAC region which has allowed us to complete our global reach for all services. Additionally we continue to invest significantly in the BWise Academy to support our customers and partners through the development of new certification programs and broadening the coverage of courses.”
“The BWise Strategic Account Manage-ment program cornerstones are built around the customer’s business. Our aim is to better understand the customer’s mid to long term business objectives and initiatives in the GRC space, to build better value propositions around our customer offerings. A well-defined action plan and communication plan is structured together with the customer and the appropriate resources are allocated to execute properly. Our strategic customers are multi-national, are recognized leaders in their respective industries and have deployed multiple GRC initiatives with BWise. Our SAM program provides several key benefits to the cus-tomers including a single point of contact to coordinate internally on their behalf as well as the opportunity to participate in the BWise Customer Advisory Board and provide R&D with input. We as BWise de-rive additional benefits from our customers including ways to improve our product and ultimately provide an exceptional BWise customer experience.”
ROOPA DHANALAL IS
RESPONSIBLE FOR IM-
PLEMENTING THE GLOBAL
STRATEGIC ACCOUNT MAN-
AGEMENT (SAM) PROGRAM
TO IMPROVE THE CUSTOMER’S
BWISE EXPERIENCE, INCREASE
CUSTOMER SATISFACTION AND
WORK WITH THEM AS THEY
PROGRESS ALONG THEIR GRC
JOURNEY.
TOM PASSON IS RESPONSIBLE
FOR MANAGING THE BID PRO-
CESS AND PARTNER ENABLE-
MENT.
“In today’s rapidly changing GRC environ-ment, a well-structured bid management process is crucial to be able to provide adequate proposals to our prospective cus-tomers and to be competitive. In addition, our partner enablement focuses on defin-ing structures and processes to support our partners since they often have a key role in our strategy worldwide. Our partners allow us to provide high quality services while taking into account local specificities. One of our key objectives is to enable scalability without compromising on the quality of delivery. We have taken several initiatives, to ensure this. First, we have been working with the BWise Academy to continuously improve our training and certification programs. Another area of focus has been the development of the Rapid Deployment Solutions (RDS) that provide role-based standardized best practices, which are used to deploy the BWise platform in a matter of weeks. Finally, we are building a Virtual Knowledge Center that will be launched soon which will accelerate and streamline knowledge sharing among our consultants and partners.”
13ISSUE #2JOURNEY
BWise
Damian ThomsonChief InformationSecurity Officer
Ann GreenHead of Internal Audit
Gerard ParkerChief Risk Officer
Michael BauerCorporate GroupController
Jackie McLaren Chief ComplianceOfficer
BWise offers role-based integrated Governance, Risk Management and Compliance (GRC) Software for all three lines of defense.
"With BWise we are in Control of our Financial and Reputation Risk."
Who is Nasdaq BWiseNasdaq BWise is a global leader in Enterprise Governance, Risk Management and Com-pliance (GRC) software. Based on a strong heritage in business process management, the BWise® GRC Platform provides companies with highly-rated, proven software solutions for Risk Management, Internal Control, Internal Audit, Compliance & Policy Management, IT GRC and Sustainability Performance Management.
BWise’s end-to-end solutions support an orga-nization’s ability to understand, track, measure, and manage key organizational risks. Nasdaq BWise helps companies truly be in control by
balancing performance with their financial and reputational risks, improving corporate accountability, increasing financial, strategic and operating efficiencies. Using BWise, or-ganizations are able to efficiently comply with anti-corruption regulations like FCPA and the UK Bribery Act, the Sarbanes-Oxley Act, Euro-pean Corporate Governance Codes, ISAE3402/SAS-70, PCI-DSS, Solvency II, Basel II and III, Dodd-Frank, ISO-standards, and many more.
Nasdaq BWise sales, service and support offic-es around the globe provide for the GRC needs of hundreds of leading companies worldwide. For more information, visit www.bwise.com.
BUSINESS IN CONTROL WWW.BWISE.COM
Download our role-based brochures for:Internal Audit, Risk Management, Internal Control and Compliance & Policy Management.
14ISSUE #2JOURNEY
ANALYSTRECOGNITION
Independent research firm Forrester cited BWise as a “Leader in GRC Platforms”
“BWise’s strategy is very strong in support of all GRC roles and continues to earn exceptional customer satisfaction scores,” stated the report.
Source: “The Forrester Wave™: Governance, Risk And Compliance Platforms, Q1 2014.”
Gartner positioned BWise in the Leaders Quadrant of the Gartner Magic Quadrant for Enterprise Governance, Risk
and Compliance Platforms.
“The GRC market is nine years old, and buyers have high expectations for the performance of GRC solutions against a wide variety of use cases. Differentiation today is about
the ability to deliver against multiple use cases, and provide advanced risk management functionality,
with analysis of the impact of risks on strategic objectives and business performance, domain
expertise in multiple highly regulated industries, ease of use — including mobile capabilities —
and configurability.”
Source: Gartner Research “Magic Quadrant for Enterprise Governance,
Risk and Compliance Platforms” by French Caldwell and John A. Wheeler, September 24, 2013.
14ISSUE #2JOURNEY
NASDAQ BWISE GLOBAL LEADER IN GRC
15ISSUE #2JOURNEY
EVENTS AND WEBINARS
EVENTS & WEBINARS SAVE THE DATE
COLOFON
Nasdaq BWise is pleased to host the first ever Global BWise Customer Summit The Customer Summit will take place in New York on October 21 - 22. 2015. The Summit’s central theme, Integrity. Trust. Transparency., will be the foundation for discussions during this executive forum. The program will provide a unique opportunity to hear from GRC leaders across the globe how to deal with complex regulatory landscapes and specific GRC challenges while continuously innovating businesses every day.
GLOBAL BWISE CUSTOMER SUMMIT OCTOBER 21 - 22. 2015INTEGRITY. TRUST. TRANSPARENCY.
WEBINAR GRC INTEGRATION IN ACTIONThe benefits of an integrated approach to Governance, Risk and Compliance (GRC) are undeniable and often put forward. Numerous surveys show integrated GRC leads to a reduction in redundant activities, improved transparency and greater alignment of processes. But how often have you had the chance to see it in action? Nasdaq BWise hosted a webinar to present concrete applications of GRC integration.
“GRC Journey Magazine”
is published by Nasdaq BWiseRietbeemdenborch 14-185241 LG RosmalenT: +31 734 6464 915
EditorialLuc Brandts – CTO and FounderClarinda Dobbelaar – Global Head of Demand Creation & Portfolio Management Market TechnologyAnton Lissone – AVP, Product DevelopmentCaroline Souvestre – Senior Product Marketing Specialist, BWiseRob van Straten – Head of Global Sales and DeliveryPeter de Verdier – Vice President, Head of BWise Market Technology
Design Plushommes, www.plushommes.com
Watch the webinar: www.bwise.com/grc-integration-in-action
JULY 16. 2015Nasdaq BWise will be hosting a ‘GRC by Design workshop’ at the
Nasdaq Headquarters in New York. This one day workshop is guided by GRC expert Michael Rasmussen from GRC 20/20. This
workshop will provide a blueprint for attendees to develop effective enterprise GRC strategies and techniques that can be
applied across the organization.
JULY 29 – 30. 2015The 10th annual OpRisk Asia conference, hosted by
Operational Risk & Regulation, will take place in Singapore and includes a presentation of Rob van Straten, Global Head of Sales and Delivery, BWise.
AUGUST 17 – 19. 2015Nasdaq BWise is an exhibitor and sponsor at the 2015 Governance, Risk and Compliance
(GRC) Conference in Arizona Biltmore. The conference will address emerging
trends and best practices in GRC.
www.bwise.com/news-events
OTHER UPCOMING EVENTS
16ISSUE #2JOURNEY
N A S D A Q B W I S E
R I E T B E E M D E N B O R C H 1 4 - 1 8
5 2 4 1 L G R O S M A L E N
T : + 3 1 7 3 4 6 4 6 4 9 1 5
B W I S E - M A R K E T I N G @ N A S D A Q . C O M
W W W . B W I S E . C O M
B U S I N E S S . N A S D A Q . C O M
G O V E R N A N C E I S T H E C U L T U R E , P O L I C I E S , P R O C E S S E S , L A W S , A N D
I N S T I T U T I O N S T H A T D E F I N E T H E M A N N E R I N W H I C H C O M P A N I E S
A R E D I R E C T E D A N D M A N A G E D .
R I S K I S T H E E F F E C T O F U N C E R T A I N T Y O N B U S I N E S S O B J E C T I V E S ;
R I S K M A N A G E M E N T I S T H E C O O R D I N A T E D A C T I V I T Y T O D I R E C T
A N D C O N T R O L A N O R G A N I Z A T I O N T O R E A L I Z E
O P P O R T U N I T I E S W H I L E M A N A G I N G N E G A T I V E E V E N T S .
C O M P L I A N C E I S T H E A C T O F A D H E R I N G T O A N D D E M O N S T R A T I N G
A D H E R E N C E T O E X T E R N A L L A W S A N D R E G U L A T I O N S A S W E L L A S
T O C O R P O R A T E P O L I C I E S A N D P R O C E D U R E S .
D E F I N I T I O N O F G R C , S O U R C E : O C E G