GRC 20/20 today announced the launch of its inaugural GRC Value Awards program. Fifteen leaders in GRC were honored for real-world implementations of Governance, Risk Management and Compliance programs and processes that have returned significant and measurable value to an organization.
Nominations from GRC solution providers as well as internal GRC programs within organizations were evaluated and vetted from a pool of 87 total nominations. Nominations were evaluated for depth of quantitative facts and each final selection was validated by GRC 20/20 and the specific implementation to attest to accuracy (even the anonymous entries below were vetted with direct contact with the specific implementation). Fifteen are recognized across the following categories (in alphabetical order):
- 3rd Party GRC: GRC 20/20 Research awarded Hiperos 3PM its 2013 GRC Value award in the Third-Party GRC category for their implementation at a regional bank holding company. The client specifics are anonymous in this publication, but GRC 20/20 has verified the factual accuracy with the bank. After the implementation of Hiperos 3PM solution at the bank, it was able to triple the number of its third-party investigations without any increase in headcount. The number of days needed to assess the inherent risk of a third party also dropped dramatically — from 7.55 in 2011 to 5.22 in 2012 to 3.95 in 2013. Hiperos continues to deliver efficiencies.
- Audit Management: GRC 20/20 Research awarded ACL GRC and their client Traina & Associates its 2013 GRC Value award in the Audit Management category. ACL is an all-in-one cloud-based GRC process management solution. Since ACL GRC’s implementation at the Traina & Associates CPA firm two years ago, the average audit time went from 60 days to 30 days; audit management efficiency increased by 25 percent; and audit revenues increased by 10 percent without increasing staffing.
- Business Continuity Management: GRC 20/20 Research awarded RSA® and Equifax its 2013 GRC Value award in the Business Continuity Management category. After implementing RSA Archer’s Business Continuity Management solution, U.S. consumer credit reporting agency Equifax experienced an immediate 60 percent reduction in time to create business continuity and disaster recovery plans, and a 20 percent OPEX savings for 2013.
- Compliance Management: GRC 20/20 Research awarded The Hartford its 2013 GRC Value award in the Compliance Management category. The Hartford, a leader in property and casualty insurance, group benefits and mutual funds, uses the RSA Archer GRC Platform to support over 80 GRC processes including a New York State Labor regulation instituted in 2012. By building a solution on the RSA Archer eGRC platform the company avoided tens of thousands of dollars in expenses, and brought The Company into compliance one month ahead of schedule.
- Control Monitoring & Assurance: GRC 20/20 Research awarded SAP its 2013 GRC Value award in the Control Monitoring/Assurance category. When SAP Access Control was implemented at a large multinational beverage corporation, during the first year, the company was able to remove more than 4,000 invalid system IDs, implement a process to automatically remove roles from individual profiles if the role is not used within 120 days, and decrease license overall maintenance costs.
- Enterprise GRC: GRC 20/20 Research awarded MetricStream and Sterling Bank its 2013 GRC Value award in the Enterprise GRC category. MetricStream Enterprise GRC Solution Suite allowed Sterling Bank to transition to an automated and integrated GRC program — from hundreds of spreadsheets to track audits, credit reviews and risk assessments, as well as hundreds of documents used to report findings and risk summaries. Today’s single-source GRC solution integrates functions and brings Sterling Bank strong scores from regulators.
- Environmental, Health & Safety: GRC 20/20 Research awarded CMO COMPLIANCE its 2013 GRC Value award in the Environmental Health and Safety category. The CMO COMPLIANCE HSEQ solution was implemented for a contractor, which reports an ROI of $2 million and growing. The solution replaced 20-internal solutions, streamlining ISO certification, and saving them at least one month additional FTE dedicated to ISO management and they continue to find new ways to streamline and save with the solution.
- Identity & Access GRC: GRC 20/20 Research awarded AlertEnterprise, Inc. its 2013 GRC Value award in the Identity and Access category. Enterprise Guardian™ from AlertEnterprise was deployed at a large utility corporation. The implementation provided the utility insight into its identity repository and multiple IT systems to identify risks and eliminate threats, while meeting NERC and NERC CIP compliance. AlertEnterprise estimates the utility sees annual benefits of $1 million perhaps greater as a direct result of the implementation.
- Information & Data Governance: GRC 20/20 Research awarded ClusterSeven ESM its 2013 GRC Value award in Information and Data Governance. With the help of the ClusterSeven Enterprise Spreadsheet Manager (ESM) solution, a global European banking and financial services company was able to meet regulatory demands to demonstrate control over its core financial operations. In the process, the bank projects a 3.5x ROI on ClusterSeven ESM based on risk avoidance.
- Insurance & Claims Management: GRC 20/20 Research awarded Riskonnect RMIS and the State of Utah its 2013 GRC Value award in the Insurance & Claims Management category. Riskonnect RMIS’s fully automated insurance risk management software platform addresses insurance claims, litigation, exposure, and policy management. Within one year of implementation the Utah Division of Risk Management estimates it saved $1 million on reconciliation of insurance premium billing, and saw an 82 percent increase in efficiency in processing high dollar payments.
- Investigations Management: GRC 20/20 Research awarded SAI Global and HealthPlus its 2013 GRC Value award in the Investigations Management category. With the help of the SAI Global solution called Compliance 360®, HealthPlus, a Michigan health and wellness organization, reduced its average days to complete investigations cases by 56 percent. Average days to complete cases has been reduced from nine days to four days. In spite of ever-rising caseload numbers, the SAI Global team was able to complete the implementation two months ahead of schedule.
- IT & Information Risk, Security & Compliance: GRC 20/20 Research awarded LockPath its 2013 GRC Value award in the IT & Information Risk, Security, and Compliance category. A leading manufacturer of medical devices recently extended its use of LockPath’s Keylight platform, including several modules. During the first year, the implementation has meant an 80 percent reduction in IT audit preparation time with five weeks of work reduced to one week, improved clarity and efficiency related to security functions, and improved insight companywide through dashboards and reports.
- Legal GRC: GRC 20/20 Research awarded Datacert Passport® and Marsh & McLennan Companies its 2013 GRC Value award in the Legal GRC category. Datacert’s Passport technology platform provides an integrated legal and GRC ecosystem that allows organizations to respond to the cost of compliance and non-compliance. The Passport implementation at financial leader Marsh & McLennan Companies helped reduced its outside counsel fees by 56 percent, its lowest spend since 2007, among other savings.
- Policy Management: GRC 20/20 Research awarded Hitec Laboratories Ltd and Markel International its 2013 GRC Value award in the Policy Management category for its PolicyHub® solution. Markel International’s implementation of PolicyHub impressed them with its enhanced ability to demonstrate compliance to regulators. Markel International can demonstrate a 100 percent compliance rate for relevant staff, and can take action on noncompliant areas of the organization, which was previously not possible.
- Risk Management: GRC 20/20 Research awarded Modulo Risk Manager its 2013 GRC Value award in the Enterprise Risk Management (ERM) category. A large regional financial services company used Modulo Risk Manager to help it comply with HIPAA, PCI and SOX; as well as its consolidation of 350 independently chartered bank branches, with 6,700 employees and a heterogeneous environment spanning a variety of operating systems, servers, application platforms and legacy systems for each back-end core banking platform.
"We are extremely pleased with the response and the quality of submissions for the first year of the GRC Value Awards, which reflects strong market demand and growth across all GRC segments," said Michael Rasmussen, Chief GRC Pundit for GRC 20/20 and internationally recognized expert. "These are awards play an important role in recognizing today's successes as a milestone toward advancing GRC maturity. In achieving maturity, GRC is part of the organization's strategy and operations and supported by a range of technology, knowledge and services – enabling the organization to achieve greater efficiency, effectiveness, and agility in GRC processes and broader business operations."
About GRC 20/20
GRC 20/20 is the authority in understanding how organizations implement GRC practices that are effective, efficient and agile. Through independent research and industry interaction, GRC 20/20 advises the entire ecosystem of GRC roles within organizations, technology and knowledge solution providers, and professional service firms. Organizations engage GRC 20/20 when they need insight, guidance and advice in dealing with a dizzying array of disruptive issues, challenges, processes, information and technologies while trying to maintain control of a distributed and dynamic business environment. Visit GRC 20/20 at http://www.grc2020.com/ and follow on Twitter at @GRCPundit.