RSA has introduced two recent, major product updates to enable offering Archer governance, risk and compliance (GRC) solutions by use cases. We understand that organizations and their GRC disciplines can be in very different places along the maturity spectrum. For example, a compliance function might be much more defined and mature than the risk function. Our November 2015, 6.0 update was designed to inspire everyone within an organization to own risk, while our June 2015, 6.1 was developed to encourage the thee lines of defense (3LoD) to engage in the risk management process, and inspire every organization to own risk.
These objectives may sound synonymous, but every organization’s road to GRC maturity is different, and as the graphic above depicts, each GRC function could be at a different point along the journey. Through our new use case approach, we encourage organizations to start small, but gain quick wins within the context of a long-term strategy. As an example, our Audit Management solution has been organized into three use case offerings that customers can deploy separately, or use them to build upon one another. They are:
Issues Management - to manage issues, gaps and findings with related remediation plans. Benefits include:
- A consolidated view into all known issues
- An organized, managed process to escalate issues
- Visibility into known risks and efforts to close/address risks
- Workflow to ensure proper sign-off/approval for issues
Audit Engagements & Work papers - to manage all audit projects and related work papers. Benefits include:
- An audit universe of audit entities
- Workflow for consistent audits and procedures
- Self-serve for external auditors for the information they need
Audit Planning & Quality - to manage audit risk assessments, the audit plan and quality assurance activities Benefits include:
- Workflow and change management for audit planning
- Audit plans aligned with the organization’s priorities
- Appropriate personnel are staffed on audits
- Board-relevant reporting
- Quality management processes for engagements and audits
- Risk based audit approach
Although Internal Audit (IA) is an established discipline, maturity varies widely depending on many factors, such as adherence to standards, tenure of resources, industry requirements and regulatory scrutiny. IA departments can use Archer Audit use cases regardless of their maturity because we have offerings that not only provide value (those quick wins) at each level, but also help them move further along the maturity spectrum, not just as a standalone IA function, but in working together with their GRC counterparts.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.