Tag: ACL

2014 GRC Technology Innovation Award: ACL Integrates Automated GRC Monitoring with Proactive Surveys & Questionnaires

The GRC Pundit BlogPublished on1 Comment on 2014 GRC Technology Innovation Award: ACL Integrates Automated GRC Monitoring with Proactive Surveys & Questionnaires

The 2014 GRC Technology Innovation Awards was filled with competition.   Nominations increased to 62 over last year’s awards, and fifteen winners were selected.  GRC 20/20 looked through all of the submissions, asked for clarification where needed, and selected 15 recipients that demonstrated outside the box thinking in taking GRC in new directions to receive this year’s award.

ACL Integrates Automated GRC Monitoring with Proactive Surveys & Questionnaires

In November 2013, ACL delivered an innovation that combines the concepts of management assurance and audit assurance to structurally shift what is considered “data” in the context of measuring risk and control activities in assurance activities. They have created an intuitive and elegant approach to combine data analytics with surveys and questionnaires to provide stronger assurance and automation.

At a tactical level, this innovation revolutionizes the way a GRC professional is able to address problems around control monitoring, compliance violations, and policy violation. It meaningfully blends the capabilities of data analytics with surveying to provide the analyst with a simple, integrated toolkit for monitoring and remediation.

At a strategic level, this innovation structurally shifts and aligns “human data” with “systems data”, effectively allowing the GRC analyst to treat populations of people as a data source. With the ability to seamlessly blend “human data” with “systems data”, a new world of analysis is possible to identify red flags, as well as serve as the basis for rich visualization of blended data.

Prior to this innovation, control monitoring and other data analytics were loosely integrated into broader GRC risk & control platforms and GRC architecture. Results of analytics were often simply attached as files to serves as control evidence. This new approach fully integrates into a unified GRC architecture with analytics so GRC evaluations, assessments, and decisions can be made seamlessly in real-time using the most up-to-date information available in the organization. Introducing the surveying/questionnaire piece allows ACL users to feed the same control monitoring engine with survey data (“human data”) and drive the same remediation actions as could be done from transactional data.

The core functionality of the technology is to take the results of control monitoring analytics and bring those into a centralized, easy-to-use web environment where it is integrated into the overall GRC information and process architecture. It provides an intuitive questionnaire builder to develop questionnaires when a “trigger” condition happens that allows for automatic triggering of questionnaires based on data analysis criteria. It blends data analysis records with the questionnaire results to provide a consolidated dataset that the organization may use to drive remediation, act as control evidence, or provide executive reporting.

The key technical functionality is the “Big Data” engine that lies at the heart of the ACL GRC Results Manager module. This data engine uses an innovative data store that is capable of storing unstructured and arbitrary data. This is critical for several reasons but primarily because 1) organization need to analyze different types of data that a traditional database system cannot effectively ingest the “arbitrary” data needed for analysis, 2) these organizations need to be able to “blend” a transaction record with a survey response on the fly without doing traditional database table joins, and 3) the ability operate at cloud scale to drive the fastest performance and response times. Layered on top of the big data engine is ACL GRC’s development stack and intuitive user interface built in HTML5, CSS3, and high performance JavaScript. The overall solution is not just functional on a new level but brilliant in its intuitiveness and ease of use.

To learn more about the GRC 20/20 2014 GRC Innovation Awards and other recipients, please visit this post: GRC 20/20 Announces 2014 GRC Innovation Award Recipients

2014 GRC Technology Innovation Award: ACL Goes Mobile with the Most Complete and Intuitive Mobile Interface for GRC

The GRC Pundit BlogPublished on1 Comment on 2014 GRC Technology Innovation Award: ACL Goes Mobile with the Most Complete and Intuitive Mobile Interface for GRC

The 2014 GRC Technology Innovation Awards was filled with competition.   Nominations increased to 62 over last year’s awards, and fifteen winners were selected.  GRC 20/20 looked through all of the submissions, asked for clarification where needed, and selected15 recipients that demonstrated outside the box thinking in taking GRC in new directions to receive this year’s award.

ACL Goes Mobile with the Most Complete and Intuitive Mobile Interface for GRC

ACL has brought end-to-end audit management functionality to Apple mobile devices in the form of a native mobile app, used in conjunction with their cloud-based GRC and audit management platform. The ability to leverage a native app (not mobile web or low-fidelity “hybrid” type applications) enables ACL to make full use of the hardware capabilities of Apple mobile devices including:

  • User Interface.  Touch, gestures, responsiveness, hardware rotation, etc.
  • Multimedia evidence capture. Create and attach photos, videos, sound recordings, geo-location, etc. from within an audit procedure, control walkthrough, control test, etc.
  • Scan to PDF. Use the app to “scan” hard copy documents directly into the system without leaving a given audit step or control test by taking a picture of the document. The app’s PDF generation engine will automatically convert to a document-quality PDF.
  • Cloud connected. Built to enable connectivity and integration to their native multi-tenant software as a service ACL GRC platform so that none of the typical connectivity challenges to on premise server infrastructures impede easy access and use.

This is the first GRC mobile app to bring the full power of design delivered through powerful and capable devices, to the problem of audit management. GRC 20/20 sees a major shift beginning occurring where document, spreadsheets, and paper binders are being replaced by multimedia including audio, video, photo, data visualization, geo-location, etc.

There are many GRC mobile solutions on the market – but they offer limited functionality and do not always take full advantage of the native mobile environment. ACL has now fully engaged the capability of the device to leverage multimedia capabilities of the devices as well as redesigned the application from the ground-up to take advantage of the incredible power available in the iOS SDK. The platform was expanded to enable complete enterprise risk assessment and reporting in a fully touch interactive environment.

The historic reality after fieldwork finished there would be an additional two weeks of work to be completed compiling notes, transcribing, documenting, etc. after leaving the field, then another two weeks of report writing and revisions. Progressively leveraging ACL GRC for iOS and its multimedia capability, the auditors can potentially walk out of the field completely done and documented with multimedia backing up a clean, engaging audit report. This enables users to work in an environment where they are able to create and capture both interactive media and structured data to accomplish existing audit goals while not relegating themselves to countless hours of tedious document preparation only to end up with all of their data forever “trapped” by documents.

The key innovation is that the app leverages the native iOS SDK to provide the most superior mobile GRC user experience that GRC 20/20 has encountered with deep integration with the device’s hardware capabilities including camera, microphone, GPS, touch gestures, hardware rotation, etc. This provides a faster, better, more beautiful, and more tightly integrated experience for the user than a mobile web app or a wrapper for the web that pretends to be an app.

To learn more about the GRC 20/20 2014 GRC Innovation Awards and other recipients, please visit this post: GRC 20/20 Announces 2014 GRC Innovation Award Recipients