Posted on 1 Comment

2014 GRC Technology Innovation Award: ACL Integrates Automated GRC Monitoring with Proactive Surveys & Questionnaires

The 2014 GRC Technology Innovation Awards was filled with competition.   Nominations increased to 62 over last year’s awards, and fifteen winners were selected.  GRC 20/20 looked through all of the submissions, asked for clarification where needed, and selected 15 recipients that demonstrated outside the box thinking in taking GRC in new directions to receive this year’s award. ACL Integrates Automated GRC Monitoring with Proactive Surveys & Questionnaires In November 2013, ACL delivered an innovation that combines the concepts of management assurance and audit assurance to structurally shift what is considered “data” in the context of measuring risk and control activities in assurance activities. They have created an intuitive and elegant approach to combine data analytics with surveys and questionnaires to provide stronger assurance and automation. At a tactical level, this innovation revolutionizes the way a GRC professional is able to address problems around control monitoring, compliance violations, and policy violation. It meaningfully blends the capabilities of data analytics with surveying to provide the analyst with a simple, integrated toolkit for monitoring and remediation. At a strategic level, this innovation structurally shifts and aligns “human data” with “systems data”, effectively allowing the GRC analyst to treat populations of people as a data source. With the ability to seamlessly blend “human data” with “systems data”, a new world of analysis is possible to identify red flags, as well as serve as the basis for rich visualization of blended data. Prior to this innovation, control monitoring and other data analytics were loosely integrated into broader GRC risk & control platforms and GRC architecture. Results of analytics were often simply attached as files to serves as control evidence. This new approach fully integrates into a unified GRC architecture with analytics so GRC evaluations, assessments, and decisions can be made seamlessly in real-time using the most up-to-date information available in the organization. Introducing the surveying/questionnaire piece allows ACL users to feed the same control monitoring engine with survey data (“human data”) and drive the same remediation actions as could be done from transactional data. The core functionality of the technology is to take the results of control monitoring analytics and bring those into a centralized, easy-to-use web environment where it is integrated into the overall GRC information and process architecture. It provides an intuitive questionnaire builder to develop questionnaires when a “trigger” condition happens that allows for automatic triggering of questionnaires based on data analysis criteria. It blends data analysis records with the questionnaire results to provide a consolidated dataset that the organization may use to drive remediation, act as control evidence, or provide executive reporting. The key technical functionality is the “Big Data” engine that lies at the heart of the ACL GRC Results Manager module. This data engine uses an innovative data store that is capable of storing unstructured and arbitrary data. This is critical for several reasons but primarily because 1) organization need to analyze different types of data that a traditional database system cannot effectively ingest the “arbitrary” data needed for analysis, 2) these organizations need to be able to “blend” a transaction record with a survey response on the fly without doing traditional database table joins, and 3) the ability operate at cloud scale to drive the fastest performance and response times. Layered on top of the big data engine is ACL GRC’s development stack and intuitive user interface built in HTML5, CSS3, and high performance JavaScript. The overall solution is not just functional on a new level but brilliant in its intuitiveness and ease of use.

To learn more about the GRC 20/20 2014 GRC Innovation Awards and other recipients, please visit this post: GRC 20/20 Announces 2014 GRC Innovation Award Recipients

Posted on 1 Comment

2014 GRC Technology Innovation Award: Digital Reasoning Provides Intelligence on Communications, Relationships and Risks

The 2014 GRC Technology Innovation Awards was filled with competition.   Nominations increased to 62 over last year’s awards, and fifteen winners were selected.  GRC 20/20 looked through all of the submissions, asked for clarification where needed, and selected15 recipients that demonstrated outside the box thinking in taking GRC in new directions to receive this year’s award. Digital Reasoning Provides Intelligence on Communications, Relationships and Risks Financial institutions are seeking a more complete picture of the people and organizations that pose risks or promise opportunities. In some cases, financial institutions have decided not to service entire industries, because they’re concerned that they don’t know enough about the entities and individuals within these markets. The game-changing innovations delivered in Synthesys 3.8 provide real-time situational awareness for decision makers within financial services organizations, because they can rapidly examine human communication and uncover relationships and risks that may have been intentionally concealed. Synthesys reads and understands vast volumes of data at blazing-fast speeds. It reads through data and highlights important people, places, organizations, events and facts. It takes those highlighted points and determines what’s important, connecting the dots together.. Synthesys is a machine-learning platform, which understands human communication (emails, social media, chat, documents, etc.) on a massive scale and identifies and visualizes complex relationships. In its most recent release, version 3.8, Digital Reasoning has introduced innovations that allow financial services institutions to aggregate and visualize knowledge in real time. Specifically, it identifies and aggregates knowledge about people and organizations to make relevant predictions about future behavior of employees, customers or bad actors. The platform is designed to identify relationships and risks that are being intentionally concealed. Without the use of keywords and/or fragile rule engines, Synthesys schematically analyzes data and determines what relationships and activities are risky. This approach significantly decreases risk and compliance based false positives while increasing the potential of identifying true positives (real risks), as Synthesys continually learns from business and data context, allowing Synthesys to stay one step ahead of evolving risks within the financial institution. In addition to its core analytics, Synthesys provides real-time query capabilities, which allows organizations to explore a wealth of aggregated, categorized and prioritized knowledge on employees, customers and market information from news, social media and many other public sources of information. Using Digital Reasoning’s new web application, called Synthesys Glance™, analysts can interactively browse and analyze various profiles of people and organizations to discover valuable patterns and relationships. Synthesys has a surprising understanding of human language. It understands time and place, learns the meaning of words based on how they’re used and can read and understand different languages. It determines how people, places and organizations are connected. It understands not just the words being said, but what they actually mean in context. It’s always on the lookout for information related to the answers. It can provide answers to questions an organization never thought to ask, or tip you off to relationships you never knew existed. It delivers data insights to your organization in an easy-to-digest format. Through app integration, data insights can be visualized for quick understanding and easy sharing. Alarms and alerts can also be set up to notify the organization when important findings turn up in data. Its knowledge graph gets smarter and grows with the organization. Synthesys teaches itself to draw conclusions based on what the organization has been looking for in its data. For example, Synthesys can analyze suspicious activity reports (SARs), wire instructions and other unstructured descriptions and narratives. It reveals employees who have become ethically exposed, involved in bribery, unauthorized trading and fraudulent activities and other traffic for related behaviors and assertions. With the Digital Reasoning Synthesys platform, users can uncover relationships between employees that are on a restricted trading list, and examine their communications. This approach allows financial institutions to reveal intentionally concealed risks and relationships, before reputations are compromised or regulatory penalties are levied.

To learn more about the GRC 20/20 2014 GRC Innovation Awards and other recipients, please visit this post: GRC 20/20 Announces 2014 GRC Innovation Award Recipients

Posted on Leave a comment

2014 GRC Technology Innovation Award: Lexer Enables Organizations to Monitor and Manage Brand & Reputation in Moments of Crisis

The 2014 GRC Technology Innovation Awards was filled with competition.   Nominations increased to 62 over last year’s awards, and fifteen winners were selected.  GRC 20/20 looked through all of the submissions, asked for clarification where needed, and selected 15 recipients that demonstrated outside the box thinking in taking GRC in new directions to receive this year’s award. Lexer Enables Organizations to Monitor and Manage Brand & Reputation in Moments of Crisis Lexer’s innovation is a solution to integrate and visualize streams of data to manage reputation risk across social media content.  Lexer does this by producing highly accurate geographic insights used as the conduit between the various data sources such as census, socio-economic, transactional, CRM, and customer support.. This unified data set offers businesses a new perspective on reputation and brand risk since it offers a wealth of detail on data previously inaccessible. In 2013, Lexer invested greatly in the enrichment process of the data it collects and, as previously outlined, the introduction of geographical enrichment as a highly accurate and reliable conduit between many external data sources. Using these new data sets, Lexer now has the ability to create complex personas based on behavioral, social and economic profiles – ensuring their data sets align with brand segments, key audiences and most importantly, stakeholders. Whether it’s in prediction, reaction or reflection, Lexer’s enriched data sources give businesses a new perspective on the way consumers react, engage and change in brand incidents. Moments of crisis regularly impact organizations, digital media has accelerated the speed at which information about a crisis can spread and during times of crisis, poor decisions are made due to inexperience, pressure and the lack of hard data. These poor decisions result in enhanced financial, reputational, health, safety and environmental risks. Lexer uses integrated datasets to deliver routine reports on the details of incidents and the aftermath that includes influencer analysis, trend data and trajectories, topic and sentiment analysis – but most intriguingly, they are able to track the incident right to the root. Lexer’s prime technical innovation is the ability to collect, process and unify unstructured data sources in real time. The technical focus for 2013 was to identify and develop into the core of the Lexer platform a common point of reference in which other data sources; such as CRM, Transactional and Socio-Economic data could integrate. After extensive research and prototyping it was clear that geospatial detail was required to create a clear conduit between sources. As such, Lexer invested its efforts in being able to determine the location of social media users even when they didn’t share details such as longitude and latitude. Their enrichment process uses Machine Learning and Real-Time Data Processing infrastructure to analyze language, physical reference points and trends for each piece of data consumed by the Lexer platform. They are now able to obtain 3rd party data and integrate that geospatial data to map once abstract sources together, allowing more specific querying of data, clearer segmentation that’s relative to the organization’s segments, and insights that take in the whole picture. Their core ability is to help organizations understand the cost of making a wrong decision.

To learn more about the GRC 20/20 2014 GRC Innovation Awards and other recipients, please visit this post: GRC 20/20 Announces 2014 GRC Innovation Award Recipients

Posted on 3 Comments

2014 GRC Technology Innovation Award: Modulo Enables Intuitive Reporting and Analytics through GRC Intelligence Integration

The 2014 GRC Technology Innovation Awards was filled with competition.   Nominations increased to 62 over last year’s awards, and fifteen winners were selected.  GRC 20/20 looked through all of the submissions, asked for clarification where needed, and selected15 recipients that demonstrated outside the box thinking in taking GRC in new directions to receive this year’s award. Modulo Enables Intuitive Reporting and Analytics through GRC Intelligence Integration Modulo Risk Manager’s innovation is in enhanced reporting and analytics with its first GRC Intelligence module.  GRC Intelligences acts as a portal from any data source – including IT security, physical security and incident management tools; vendor surveys; social and mobile analytics and more – in context of GRC management programs through the reporting capabilities of Microsoft Business Intelligence tools. Users can access metadata from GRC assessments with drag and drop reporting in PowerPoint for rapid data visualization and collaborative business analytics. GRC Intelligence allows integration in a SaaS implementation with SharePoint to enhance business and GRC Intelligence. The SharePoint integration automatically mirrors role-based access to eliminate set-up time. Reports can be accessed in the cloud through a browser, on any authenticated mobile device, in a command and control center or on a secure private server. This tool allows users to drag and drop data from any aspect of the GRC program into reports of their design.  This enables users of Modulo GRC Intelligence to quickly and easily visualize their organization’s GRC data and enhance this through collaboration on GRC and business insights in intuitive and broadly used Microsoft solutions that users already know how to use. Using SharePoint and PowerPoint 2013, GRC Intelligence facilitates the process of sharing by allowing users to access GRC data directly on interactive PowerPoint slides – with the ability to drill-down to supporting data, geo-referenced maps and monitoring dashboards – ensuring real-time data and incident management while maintaining security through Windows authentication. Creating a tabular model of GRC data in memory using MS SQL analysis service enables Risk Manager to benefit from the new Microsoft BI platform, released in June 2013, with Power View. It delivers a fast, easy-to-use, real time interface that can be filtered and drilled down directly in PowerPoint slides or in the user interface. The access control can be set down to the line level of a column and can be managed directly in Risk Manager. This infrastructure is scalable both vertically and horizontally. Terabytes can be processed in memory in milliseconds.

To learn more about the GRC 20/20 2014 GRC Innovation Awards and other recipients, please visit this post: GRC 20/20 Announces 2014 GRC Innovation Award Recipients