Enabling the Front Office to the Back Office in GRC
Executive SummaryThree Lines of Defense is an integrated GRC framework with the goal of allowing different parts of the organization to work cohesively together to reliably achieve objectives while addressing uncertainty and acting with integrity. It enables what OCEG calls Principled Performance, and ensures that there are clear responsibilities, accountability, and oversight of risk and control at all levels of the organization. Organizations are adopting the Three Lines of Defense Model for GRC as they have come to realize that silos of GRC that do not collaborate and work together lead to inevitable failure. There is a need for visibility across these lines of defense that is scalable, integrated, and consistent. The Three Lines of Defense Model enables efficient, effective, and agile business. Wdesk is a solution that GRC 20/20 has researched, evaluated, and reviewed with organizations that are using it in complex, distributed, and dynamic business environments. It allows organizations to manage GRC processes and content for internal control management, audit management, risk management, compliance management, and policy management. GRC 20/20 has evaluated the capabilities of Wdesk, and finds that it delivers an intuitive and robust solution for all three lines of defense. The Wdesk solution enables what was once labor-intensive tasks associated with managing risk, policies, and controls.
Table of Contents
- Three Lines of Defense: Enabling High Performing Organizations
- Workiva for the Three Lines of Defense
- Enabling the Front Office to the Back Office in GRC
- What Wdesk Delivers for the Three Lines of Defense
- Wdesk for the First Line of Defense
- Wdesk for the Second Line of Defense
- Wdesk for the Third Line of Defense
- Benefits of Wdesk for Three Lines of Defense
- Considerations in Context of Wdesk for the Three Lines of Defense
- About GRC 20/20 Research, LLC
- Research Methodology
AuthorMichael Rasmussen – The GRC Pundit @ GRC 20/20 Research, Michael Rasmussen is an internationally recognized pundit on governance, risk management, and compliance (GRC) – with specific expertise on the topics of GRC strategy, process, information, and technology architectures and solutions. With 23+ years of experience, Michael helps organizations improve GRC processes, design and implement GRC architectures, and select solutions that are effective, efficient, and agile. He is a sought-after keynote speaker, author, and advisor and is noted as the “Father of GRC” — being the first to define and model the GRC market in February 2002 while at Forrester Research, Inc.
©GRC 20/20 Research, LLC. All Rights Reserved. No part of this publication may be reproduced, adapted, stored in a retrieval system or transmitted in any form by any means, electronic, mechanical, photocopying, recording or otherwise, without the prior permission of GRC 20/20 Research, LLC. If you are authorized to access this publication, your use of it is subject to the Usage Guidelines established in client contract. The information contained in this publication is believed to be accurate and has been obtained from sources believed to be reliable but cannot be guaranteed and is subject to change. GRC 20/20 accepts no liability whatever for actions taken based on information that may subsequently prove to be incorrect or errors in analysis. This research contains opinions of GRC 20/20 analysts and should not be construed as statements of fact. GRC 20/20 disclaims all warranties as to the accuracy, completeness or adequacy of such information and shall have no liability for errors, omissions or inadequacies in such information. Although GRC 20/20 may include a discussion of related legal issues, GRC 20/20 does not provide legal advice or services and its research should not be construed or used as such.