The fourth annual GRC Innovation Awards recognize GRC solutions that are revolutionizing the Governance, Risk Management and Compliance (GRC) market. Thirty-three awards are given this year out of 119 applicants across fifteen GRC solution categories. These are broken into two innovation areas:
- User Experience Innovation
- Technology Innovation
Over the years GRC technology has evolved and changed. The GRC Technology Innovation Awards process for 2015 recognizes this evolution and represents the most competitive pool of nominations to date. GRC 20/20 closely evaluated all of the written nominations and selected recipients to receive this honor. Some of these recognitions go to established solution providers — others go to up-and-comers. Some have mature offerings, others are still being polished — but all are advancing GRC into new areas. The current award recipients show thought leadership that take GRC in new directions.
These awards are challenging as there is a strong subjective element to them. There are many great technologies nominated that GRC 20/20 desires to recognize but did not quite make the award process. Unlike GRC 20/20’s Value Awards which are focused on quantitative value organizations have received from solutions, the innovation awards are based on what really captivates and intrigues GRC 20/20 analyst attention as new possibilities and directions in GRC technology. These awards are not for who has a better solution. They are for who is thinking outside the box and taking GRC in new technology directions as well as who is delivering better user experiences in GRC.
Below are the 2015 GRC Innovation Award Winners for Innovation in User Experience. The award winners for Technology Innovation are found in the post: 2015 GRC Innovation Awards: Technical Innovations.
2015 GRC Innovation Award Winners for Innovation in User Experience
It has been stated that (attribution goes to either Einstein or Schumacher):
Any intelligent fool can make things bigger, more complex and more violent. It takes a touch of genius – and a lot of courage to move in the opposite direction.
A primary innovation of GRC is to provide GRC solutions that are simple yet gets the job done. Like Apple with its innovative technologies, organizations must approach GRC engagement in a way that re-architects the way it works as well as the way it interacts. The GRC innovation goal is simple; it is itself Simplicity. Simplicity is often equated with minimalism. Yet true simplicity is more than just absence of clutter or removal of embellishment. It’s about offering up the right GRC information, in the right place, when the individual needs it. It’s about bringing interaction and engagement to GRC process and data. GRC interactions should be intuitive.
The 2015 GRC Technology Innovation Award recipients are. . .
Quest CE’s Branch Audit Tool: Innovation in User Experience for Audit Management
Internal Audit departments have been under a significant metamorphosis as they have had to conduct more audits for different purposes. This is particularly true in context of financial services when auditors have to go to a branch for an audit that is constantly expanding to encompass more areas of evaluation. Auditors still heavily rely on spreadsheets and documents while many of the audit solutions available on the market are difficult to use. Quest CE’s Branch Audit Tool helps firms efficiently execute branch audits through a powerful workflow engine that automates the entire audit lifecycle. Users can schedule audits, assign pre-audit/branch audit questionnaires, and track results from one secure platform. Quest CE’s platform is completely mobile compatible, allowing users to access the tool from any internet accessible device. Whether working in the corporate office or a branch location, auditors can document observances as they occur in real time, avoiding the time consuming and error prone process of manual intervention. Featuring a reactive design layout, menu items and audit questionnaires can expand and collapse as needed, allowing tablet users to efficiently utilize screen space.
Business Continuity Management
ContinuityLogic’s FrontLine Live: Innovation in User Experience for Business Continuity Management
In today’s dynamic, distributed, and complex business environment, business continuity management is necessary for public and private corporate. Most organizations have approached business continuity management in documents, spreadsheets or emails; a mix of homegrown solutions; or narrowly focused and difficult to use business continuity products. Overall the user experience for business continuity has been poor and suffers out-of-date information and a lack of user adoption, making it difficult for the organization to access a real-time enterprise-wide view of continuity plans and risks. Continuity Logic’s FrontLine Live is taking user experience in business continuity platforms to a new level. Specifically, the solution improves risk-reward decision making at all levels of the organization by ensuring the right information is available in the right format, whenever and wherever it is needed. Their interface is intuitive and easy-to-use, with a self-service model that allows users to design their own data capture, workflows, and reporting formats with no programming –all accessible anytime, anywhere, on any device via secure cloud.
- Webinar: Transform Your BCP Program with an Engaging User Experience Design
- 2015-10-22 , 2:00 pm – 3:00 pm CDT
- REGISTER FOR WEBINAR
Convercent’s Disclosure Manager: Innovation in User Experience for Compliance Management
Though conflicts of interest (COI) can present a major risk area for any company, regardless of size or industry, organizations in high-risk industries especially have a history of COI-driven regulatory actions. Traditionally, disclosure management has been done through ad-hoc forms (whether electronic or paper-based) and basic solutions that allowed for simple form completion and workflow. This approach left compliance teams with imperfect solutions that did not accurately capture the nature of relationships or their effect on organizational risk. Convercent’s Disclosure Manager delivers a unique framework for employees to make conflict of interest disclosures. It is specifically intended to break away from traditional approaches that leave employees feeling like they are reporting wrongdoing, when in fact that is often not the case. Convercent’s Disclosure Manager is designed to encourage open and honest reporting and communication and increase the likelihood that employees will self-report relationships that could potentially present conflicts of interest—or worse, ultimately lead to misconduct. It provides compliance teams with an easy-to-use interface to communicate with disclosing parties, review disclosures and record and communicate decisions and stipulations.
Environmental Health & Safety
Rivo: Innovation in User Experience for EH&S
The environmental, health & safety (EH&S) market is a mature market that has established technology solutions that go back decades. This also means that the EH&S software market often struggles with solutions that are dated, particularly in user experience. Rivo is recognized with a GRC Innovation Award in User Experience for EH&S. GRC 20/20 sees innovation in the intuitiveness and ease of use in reporting incidents and risk events to provide faster visibility for greater risk mitigation and increased safety. Through advanced analytics for trending, Rivo drives intelligent decision making. Rivo is also advancing in mobility for EH&S with their offline mobile capability with an intuitive design that allows reporting of incidents with auto-GPS location of incidents and near misses, which once synced trigger notification workflows and immediately pins location onto maps within the incident application, displaying associated photos, videos, and details on hover.
Enterprise GRC Platforms
Resolver GRC Cloud: Innovation in User Experience for Enterprise GRC
The user experience for GRC has been typically poor in most organizations, resulting in time-consuming and redundant processes, a check-box mentality and lack of central coordinated efforts for GRC communications. GRC for the average employee of the organization has been confusing and disconnected from what they do. Too often they see GRC activities as a burdensome task that gets in the way of real work with no real value provided. Resolver’s GRC Cloud delivers an intuitive and engaging user experience that makes organizations more efficient, effective, and agile. Resolver GRC Cloud’s primary innovation and benefit is found in their approach to GRC Programs and Activities. This enable the organization to reduce their documentation, improve navigation through the application, and simplify the end user experience. GRC 20/20 is finding that Resolver GRC Cloud is establishing itself as a next generation GRC platform that is breaking free of the rigidity, complexity, and cost of legacy GRC platforms of the past decade.
Internal Control Management
Workiva Wdesk: Innovation in User Experience for Internal Control Management
Keeping complexity and change in sync is a significant challenge for boards, executives, and governance, risk management, and compliance professionals (GRC) throughout the business. Complexity of business breeds an element of chaos and uncertainty as the organization manages silos of risk and control in scattered departments that have redundant processes and disconnected information. Relying on spreadsheets, documents, and emails to assess, audit, manage, and monitor internal controls leads to GRC failure. Organizations need GRC solutions for internal control management that actively engage and are useable at all levels of the organization, in addition to supporting the needs of audit, risk and compliance professionals. Workiva Wdesk is a GRC solution that GRC 20/20 has researched, evaluated, and reviewed with organizations that are using it in changing, distributed, and dynamic business environments. Their innovation lies in the fact that Workiva has addressed a compelling user experience through a set of common functionality all within the context of productivity and usability and have provided users with flexibility in configuring the platform.
- Webinar: GRC’s Positive Impact on Internal Control Management
- 2015-11-03 , 1:00 pm – 2:00 pm CDT
- REGISTER FOR WEBINAR
Issue Reporting & Management
Convercent Predictive Analytics: Innovation in User Experience for Issue Reporting & Management
In the past, compliance management was manual and disconnected. Compliance functions spent more time managing the volume of documents than it did actually managing and improving compliance. Currently, most compliance reporting is tied together by document, file sharing, spreadsheets and manual processes. As a result, compliance professionals spend a disproportionate amount of time collecting data, versus time spent adding strategic value to the business through analyzing and trending the data collected. To truly assess and report on effectiveness, organizations need to provide a 360° contextual intelligence and awareness of compliance information. Compliance data needs to become federated into a compliance intelligence and analytics warehouse to overcome the inefficiencies of the manual and document-centric approaches of the past. Convercent’s Predictive Analytics is a GRC solution that organizations are using in distributed, and dynamic business environments. GRC 20/20 finds Predictive Analytics to be a compelling compliance data analytics and reporting platform that delivers actionable insight and intelligence into compliance issues and trends enabling 360° contextual awareness of compliance.
LockPath Bulk Operations: Innovation in User Experience for IT GRC
Information security operations often are encumbered by processes that take extensive time to modify and update. When mass changes need to take place, it is time consuming to go into each record and modify and manipulate data. For example, when vulnerability scanners report on finding assets that are about to be decommissioned, action items in remediation will be a waste of time. Another example is when a business division splits or is dissolved and IT assets and security records needs to be reassigned to one division or another. LockPath Bulk Operations is an innovative solution that makes it easy and intuitive for organizations to manage bulk changes to IT GRC data. LockPath clients can now easily identify data that needs some sort of change, whether it’s a change in the value of a single or multiple fields, the addition of new fields, the removal/deletion of existing fields, or shifting workflow and tasks. This saves organizations hours of work. Because the feature is built into the ad hoc reporting engine, organizations can easily and quickly filter data sets they want to edit.
- Webinar: GRC 20/20 Innovation Award: LockPath’s Bulk Operations
WK ELM Solutions Passport: Innovation in User Experience for Legal Management
Corporate legal departments have struggled with the manual and paper-intensive nature of their jobs. Huge inefficiencies existed with little to no visibility into or control over legal costs. To address these pain points, companies began implementing various solutions, including systems for managing matter information and for managing the spend associated with matters. Today, the lack of visibility into all legal and risk-related data has become a critical issue. Organizations need an improved user experience for their corporate legal department staff, more flexibility in the management and configuration of their systems, and fewer legal vendors to manage. WK ELM Solutions Passport consolidates legal and risk-related data onto a single platform, as well as enables clients to integrate with and use existing best-in-class legal applications as a part of an overall solution rather than replicating and competing with existing best-in-class solutions. GRC 20/20 finds that Passport simplifies the way staff work and improves collaboration across internal teams and with external service providers through an intuitive and easy to use interface.
Policy & Training Management
NAVEX Global’s Agile Code of Conduct: Innovation in User Experience for Policy & Training Management
The user experience for policies has been typically poor in most organizations, resulting in time-consuming and redundant processes, a check-box mentality and lack of central coordinated efforts for communications. Organizations are recognizing that effective GRC includes those on the front lines of the business. Compliance and ethics needs to communicate the Code of Conduct in a way that delivers an exceptional end-user experience: getting employees involved by providing intuitive interfaces into the Code of Conduct that are interactive, engaging and social. NAVEX Global’s Agile Code of ConductTM is a GRC solution that GRC 20/20 has researched, evaluated, and reviewed with organizations that are using it in dynamic business environments. GRC 20/20 sees this as a compelling offering for engaging employees on the Code of Conduct. Through an integration of web technologies into a unified user experience, the Agile Code of Conduct makes compliance and ethics communications more efficient, effective, and agile.
Sword Active Risk ARM Risk Express: Innovation in User Experience for Risk Management
Risk management can be overwhelming for many and not practical to use. Too often risk management technologies are not adopted across the enterprise because they are complex and overwhelming, they fail to deliver intuitive risk management that all levels of the organization can utilize and gain value from. The Sword Active Risk ARM Risk Express is an innovative new user interface designed specifically for risk owners in the line of business. It is aimed at business and process owners who need a light touch yet fully featured risk management solution to identify and manage risks that could negatively or positively impact their business performance objectives. Risk Express is designed specifically to replace the use of spreadsheets, with a much easier and more intuitive way for business users to manage risk. GRC 20/20 see that the ARM Risk Express solution has the intuitive interface and user experience needed for enterprise wide adoption to every part of the business by engaging the business leaders themselves into the risk network.
Strategy & Performance
SAP GRC Strategy Selector App: Innovation in User Experience for Strategy & Performance
The primary challenge of the organization is a need to be agile in a distributed, dynamic, and disrupted environment. In the past, GRC focus was on the back office: risk management, finance, security, compliance and audit. GRC needs to move to engage all levels of employees in the organization. GRC needs to deliver an exceptional end-user experience: getting employees involved by providing intuitive interfaces into GRC that are interactive, engaging and social. It delivers an intuitive and engaging user experience that engages all levels of the organization in GRC strategy in the form of a mobile app. GRC 20/20 sees the innovation in the SAP GRC Strategy Selector App in its ease of use and intuitiveness to engage all levels of management in understanding risk and strategy through the lens of consequence, likelihood, and acceptance. While other solutions can deliver these capabilities, the innovation is in a mobile app that simplifies this in an intuitive and easy to use format.
Third Party Management
Source Intelligence Network: Innovation in User Experience for Third Party Management
Traditional brick and mortar business is a thing of the past: physical buildings and conventional employees no longer define organizations. The modern organization is an interconnected mess of relationships and interactions that span traditional business boundaries. Organizations need a scalable approach that enables them to manage the ecosystem of supplier and third party relationships with real-time information about third party performance, risk, and compliance and how it impacts the organization. GRC 20/20 sees the Source Intelligence Network as a compelling offering for managing risk and compliance in organizations with complex and distributed third party relationships. The Source Intelligence innovation is the platform’s core capability in cloud-based information sharing and analytics that simplifies supply chain transparency and traceability. GRC 20/20 particularly sees the innovation in user experience as the solution empowers users to manage supply chain risks and leverages the information gathered from others to provide a 360° contextual awareness of third party relationships and the risk to the organization.
- Webinar: Innovating Supply Chain Risk Management
- 2015-10-07, 1:00 pm – 2:00 pm CDT
- REGISTER FOR WEBINAR