2014 GRC Technology Innovation Award: ACL Integrates Automated GRC Monitoring with Proactive Surveys & Questionnaires

The 2014 GRC Technology Innovation Awards was filled with competition.   Nominations increased to 62 over last year’s awards, and fifteen winners were selected.  GRC 20/20 looked through all of the submissions, asked for clarification where needed, and selected 15 recipients that demonstrated outside the box thinking in taking GRC in new directions to receive this year’s award.

ACL Integrates Automated GRC Monitoring with Proactive Surveys & Questionnaires

In November 2013, ACL delivered an innovation that combines the concepts of management assurance and audit assurance to structurally shift what is considered “data” in the context of measuring risk and control activities in assurance activities. They have created an intuitive and elegant approach to combine data analytics with surveys and questionnaires to provide stronger assurance and automation.

At a tactical level, this innovation revolutionizes the way a GRC professional is able to address problems around control monitoring, compliance violations, and policy violation. It meaningfully blends the capabilities of data analytics with surveying to provide the analyst with a simple, integrated toolkit for monitoring and remediation.

At a strategic level, this innovation structurally shifts and aligns “human data” with “systems data”, effectively allowing the GRC analyst to treat populations of people as a data source. With the ability to seamlessly blend “human data” with “systems data”, a new world of analysis is possible to identify red flags, as well as serve as the basis for rich visualization of blended data.

Prior to this innovation, control monitoring and other data analytics were loosely integrated into broader GRC risk & control platforms and GRC architecture. Results of analytics were often simply attached as files to serves as control evidence. This new approach fully integrates into a unified GRC architecture with analytics so GRC evaluations, assessments, and decisions can be made seamlessly in real-time using the most up-to-date information available in the organization. Introducing the surveying/questionnaire piece allows ACL users to feed the same control monitoring engine with survey data (“human data”) and drive the same remediation actions as could be done from transactional data.

The core functionality of the technology is to take the results of control monitoring analytics and bring those into a centralized, easy-to-use web environment where it is integrated into the overall GRC information and process architecture. It provides an intuitive questionnaire builder to develop questionnaires when a “trigger” condition happens that allows for automatic triggering of questionnaires based on data analysis criteria. It blends data analysis records with the questionnaire results to provide a consolidated dataset that the organization may use to drive remediation, act as control evidence, or provide executive reporting.

The key technical functionality is the “Big Data” engine that lies at the heart of the ACL GRC Results Manager module. This data engine uses an innovative data store that is capable of storing unstructured and arbitrary data. This is critical for several reasons but primarily because 1) organization need to analyze different types of data that a traditional database system cannot effectively ingest the “arbitrary” data needed for analysis, 2) these organizations need to be able to “blend” a transaction record with a survey response on the fly without doing traditional database table joins, and 3) the ability operate at cloud scale to drive the fastest performance and response times. Layered on top of the big data engine is ACL GRC’s development stack and intuitive user interface built in HTML5, CSS3, and high performance JavaScript. The overall solution is not just functional on a new level but brilliant in its intuitiveness and ease of use.

To learn more about the GRC 20/20 2014 GRC Innovation Awards and other recipients, please visit this post: GRC 20/20 Announces 2014 GRC Innovation Award Recipients


2014 GRC Technology Innovation Award: ERP Maestro Delivers Automated Security & Access Controls Through the Cloud

The 2014 GRC Technology Innovation Awards was filled with competition.   Nominations increased to 62 over last year’s awards, and fifteen winners were selected.  GRC 20/20 looked through all of the submissions, asked for clarification where needed, and selected 15 recipients that demonstrated outside the box thinking in taking GRC in new directions to receive this year’s award.

ERP Maestro Delivers Automated Controls Through the Cloud

Automated Segregation of Duty and Access Control solutions are known to be exorbitantly expensive and take a considerable amount of consulting resources and time to implement. Requiring large software fees, hardware costs, consultant fees and complex training projects, and being overcome by large organizations; they remain a challenge today for organizations of all sizes, particularly the small to medium sized organizations.

ERP Maestro’s Access Analyzer™ solution provides Segregation of Duty and Sensitive Access Analytics and reporting over a completely cloud based architecture.  Their unique utilization overlay reporting graphically identifies risks and remediation paths. With a cloud based delivery mechanism of an Access Controls solution, not a hosted solution technology, customers receive cost benefits of a multi-tenant environment and the exclusivity and security of a dedicated server. The cost savings associated with on demand allocation of servers is passed on to the subscribing customer, allowing small to medium enterprises to afford an enterprise Access Control solution.

The solution is truly innovative as it pools a massive amount of cloud resources to provide on demand server allocation as a dedicated server when needed by the client, while dormant servers are deactivated or recycled to other customers. The solution is contained within a deployment that dynamically grows and shrinks based on its demand (number of organizations using the system).

Interestingly, this can also serve as a bridge for companies implementing SAP GRC10. Large companies want a stopgap solution for the complex implementation process that represents GRC10. Some companies are waiting for budget approvals and/or developing a business case. ERP Maestro’s solution price point allows it to serve as that stopgap solution to address SoD needs until the major SAP GRC solution is implemented.

The model is of particular interest to small and medium sized organization that can now afford the implementation of an enterprise Access Control Solution because of ERP Maestro’s model. The entire process is no longer expensive, complex and drawn out, allowing funds to be focused on remediation efforts. The simplicity of their subscription-based service empowers companies that traditionally would not pursue an Access Controls solution, to now proliferate the capability and manage the risk of Segregation of Duties more effectively.

End users have anywhere, anytime access to a web interface that allows them to connect to their ERP system (SAP is the only ERP currently supported by ERP Maestro). The data is securely analyzed using an on demand, dedicated server located in a server farm, then the results are compiled in to multiple reports for consumption. While cloud technology isn’t new, ERP Maestro’s ability to process analytics on hundreds/thousands of client simultaneously based on it’ analytics engine is indeed new and innovative technology which empowers them to offer a premium service, at a low subscription fee.

To learn more about the GRC 20/20 2014 GRC Innovation Awards and other recipients, please visit this post: GRC 20/20 Announces 2014 GRC Innovation Award Recipients