LockPath Ready Summit 2016

[button link=”https://lockpath.com/event/lockpath-ready-summit-2016-10-04/”]Learn More[/button] [tabs style=”default”] [tab title=”Overview”] To help your organization learn from the combined experiences of our customers, partners and staff, we’re hosting the 2nd Annual LockPath Ready Summit (LPRS) in October. We are excited to invite users of our Keylight GRC platform, as well as our partners and other industry experts, for two days of workshops, customer presentations, solution showcases, and more. [/tab] [tab title=”GRC 20/20 Participation”] GRC 20/20’s, Michael Rasmussen, The GRC Pundit, will be attending this event as an analyst participant. rasmussenMichael Rasmussen – The GRC Pundit @ GRC 20/20 Research, Michael Rasmussen is an internationally recognized pundit on governance, risk management, and compliance (GRC) – with specific expertise on the topics of GRC strategy, process, information, and technology architectures and solutions. With 23+ years of experience, Michael helps organizations improve GRC processes, design and implement GRC architectures, and select solutions that are effective, efficient, and agile. He is a sought-after keynote speaker, author, and advisor and is noted as the “Father of GRC” — being the first to define and model the GRC market in February 2002 while at Forrester Research, Inc. [/tab] [tab title=”Benefits”]
Attendees of LPRS will have the opportunity to:
  • Network with LockPath customers and partners and learn how others are using Keylight.
  • Hear from industry experts in compliance, risk management and IT security.
  • Preview what the future holds for LockPath and Keylight.
Whether you’ve been a LockPath customer for several years or still in the process of implementing Keylight, your organization will benefit from attending LPRS.
[/tab] [tab title=”Who Should Attend”]
  • IT and IT Security Professionals
  • Business Continuity Professionals
  • Audit Professionals
  • Risk Management Professionals
  • Compliance & Ethics Professionals
  • Internal Control Professionals
  • Fraud Analysts & Investigators
  • Legal Professionals
  • Finance and Accounting Professionals
[/tab] [tab title=”Conference Host”]

Screen Shot 2016-02-10 at 2.00.21 PMLockPath was created by GRC experts who recognized the need for intuitive GRC software that was flexible and scalable to serve ever-changing and expanding organizations.

In addition to the company’s founders, LockPath’s executive team comprises top industry professionals in the fields of software development, accounting and consulting, cybersecurity, financial services, market development and other industries. LockPath employs dozens of talented professionals and has several open positions.

LockPath serves a client base of global organizations ranging from small and midsize companies to Fortune 10 enterprises across industries. Along with their ecosystem of technology and channel partners, LockPath provides unparalleled customer satisfaction from initial project discovery discussions to ongoing customer support.

[/tab] [/tabs]

ACL Connections 2016

[button link=”https://lockpath.com/event/lockpath-ready-summit-2016-10-04/”]Learn More[/button] [tabs style=”default”] [tab title=”Overview”] Join us for our customer conference this year to experience the biggest releases in ACL history. [/tab] [tab title=”GRC 20/20 Participation”] GRC 20/20’s, Michael Rasmussen, The GRC Pundit, will be attending this event as an analyst participant. rasmussenMichael Rasmussen – The GRC Pundit @ GRC 20/20 Research, Michael Rasmussen is an internationally recognized pundit on governance, risk management, and compliance (GRC) – with specific expertise on the topics of GRC strategy, process, information, and technology architectures and solutions. With 23+ years of experience, Michael helps organizations improve GRC processes, design and implement GRC architectures, and select solutions that are effective, efficient, and agile. He is a sought-after keynote speaker, author, and advisor and is noted as the “Father of GRC” — being the first to define and model the GRC market in February 2002 while at Forrester Research, Inc. [/tab] [tab title=”Benefits”]
Conference registration fee includes:
  • Intensive hands-on workshop on Wednesday
  • Access to all conference sessions
  • All meal functions as outlined in the agenda
  • A fun-filled evening’s entertainment on Monday
  • 18 CPE credits
[/tab] [tab title=”Who Should Attend”]
  • Audit Professionals
  • Internal Control Professionals
  • Risk Management Professionals
  • Finance and Accounting Professionals
  • Fraud Analysts & Investigators
  • Compliance & Ethics Professionals
  • IT and IT Security Professionals
  • Business Continuity Professionals
  • Legal Professionals
[/tab] [tab title=”Conference Host”]
ACL-FinalLogo-color-notagACL is a software company with a vision for the future of the Governance, Risk Management and Compliance (GRC) professions: a community of compliance pros, auditors, risk management experts, IT and finance teams who are sought after for the value they deliver to their organizations. Through a unique combination of extreme ease-of-use, cloud delivery and the integration of industry standard risk analytics, ACL’s platform helps people focus more time on identifying and managing the highest-impact risks. [/tab] [/tabs]

Workiva TEC

The Exchange Community. TEC.

The Exchange Community, or TEC, is the annual Wdesk user conference that brings together users, reporting professionals, and industry thought leaders for three days of networking, best practice sharing, and industry discussions. [button link=”https://tec.workiva.com”]Learn More[/button] [tabs style=”default”] [tab title=”Overview”] The fifth annual Wdesk user conference will be held in San Diego. TEC brings together Wdesk users, financial reporting professionals, thought leaders, and Workiva employees for three days of intensive Wdesk training and professional development. Attendees will get the chance to network, share best practices, and discuss industry trends all while earning CPE credits. Sessions at The Exchange Community range from advanced XBRL training and trending SEC regulations, to SOX and internal controls audit compliance and risk management practices. [/tab] [tab title=”GRC 20/20 Participation”] GRC 20/20’s, Michael Rasmussen, The GRC Pundit, will be attending this event as an analyst participant. rasmussenMichael Rasmussen – The GRC Pundit @ GRC 20/20 Research, Michael Rasmussen is an internationally recognized pundit on governance, risk management, and compliance (GRC) – with specific expertise on the topics of GRC strategy, process, information, and technology architectures and solutions. With 23+ years of experience, Michael helps organizations improve GRC processes, design and implement GRC architectures, and select solutions that are effective, efficient, and agile. He is a sought-after keynote speaker, author, and advisor and is noted as the “Father of GRC” — being the first to define and model the GRC market in February 2002 while at Forrester Research, Inc. [/tab] [tab title=”Benefits”]
  • “The breakout sessions were very instructional and informative. The social events were amazing, and the level of detail was spectacular.”
  • “The conference was very well organized, provided valuable sessions, and great entertainment in the evenings. As a new user, I was continually impressed by the capabilities of Wdesk, and I’m excited to start using it in Q3.”
  • “The Wdesk Lounge was great with the Solution Pods for product demos and the Q&A Bar where I could get specific technical help on my issues.”
  • “The mobile app was hugely beneficial to find the rooms and change around my class choices. I also liked having access to development managers to give my input on future Wdesk features.”
  • “I loved how professionally run the conference was. It really knocked my socks off—probably the most proficiently organized conference I have ever been to.”
  • “What did I like the most? Everything. The execution was extremely thorough from minor details to group sessions. Excellent speakers (Paul DePodesta was great!), fabulous events, and the Wdesk Lounge was a great optional resource. Good schedule too, not too jam-packed but leaves it more up to you how much you want to get out of it. I loved that. I could do as little or as much as I wanted and could really tailor my experience. Awesome.”
  • “The energy was great, the information relevant, staff friendly, networking exceptional! We are already planning for our group to attend next year!”
  • “Excellent! I am full of new ideas and have definitely walked away from the conference much more knowledgeable about the product we are using. Thank you, thank you, thank you!”
  • “I had a great time and it was, by far, the best conference that I have ever attended. I gained a lot (including some new friends) and am already looking forward to next year!”
  • “Great conference and well worth the time away from work to attend.”
[/tab] [tab title=”Who Should Attend”] The Exchange Community is open to all Workiva customers and prospects. Educational tracks will be available for new and experienced users of all Wdesk solutions and for individuals in all stages of their reporting careers. Be ready to:
  • Discover best practices
  • Learn from industry thought leaders
  • Experience one-on-one, hands-on training
  • Influence real Wdesk features
  • Network, network, network
[/tab] [tab title=”Conference Host”]
Screen Shot 2016-02-10 at 10.55.14 PMWe started with an idea: make complex collaboration easy. We’ve been there. As accountants, engineers, and entrepreneurs, we experienced the struggles of using incorrect and untimely data. When we started, reporting was still manual—often involving hundreds of collaborators and many versions before the final draft. With old processes and tools, we were not confident in the quality of our data or reports. We knew there was a better way, and that’s why we created Wdesk. It’s an all-in-one platform that simplifies complex collaboration while keeping data in sync, thus reducing risk. That’s why it’s already used by thousands of companies around the globe, including over 65% of the Fortune 500. We have arrived at an inflection point where data is available
at such a scale that analytics can be applied to solve problems and yield real-time results in ways never before possible. IBM Analytics can help developers innovate faster and more securely, help business professionals find a smarter way to work via better problem solving and collaboration, and help enterprises gain deeper insight faster.
[/tab] [/tabs]

IBM Vision 2016

Outthink. Outperform

[button link=”https://www-01.ibm.com/software/analytics/vision/”]Learn More[/button] [tabs style=”default”] [tab title=”Overview”] IBM Vision 2016 is the premier global conference for finance, risk management and sales compensation professionals. Over three days, you will experience how IBM cognitive solutions can help you drive profitable growth, manage risk and optimize performance through the latest advances in analytics and cloud. This year’s tracks focus on three key areas including:
  • Governance, Risk and Compliance. See how governance, risk and compliance solutions from IBM help organizations achieve profitable growth and address the increasing demands for regulatory compliance in today’s complex marketplace.
  • Financial & Operational Performance Management. Learn how IBM Business Analytics solutions improve performance reporting and scorecarding, planning, analysis and forecasting, profitability modeling, financial consolidation and regulatory reporting.
  • Sales Performance Management. IBM’s sales performance management solutions improve sales results and operational efficiencies with better management of incentive compensation plans, and smarter administration of sales territories and quotas.
[/tab] [tab title=”GRC 20/20 Participation”] GRC 20/20’s, Michael Rasmussen, The GRC Pundit, will be attending this event as an analyst participant. rasmussenMichael Rasmussen – The GRC Pundit @ GRC 20/20 Research, Michael Rasmussen is an internationally recognized pundit on governance, risk management, and compliance (GRC) – with specific expertise on the topics of GRC strategy, process, information, and technology architectures and solutions. With 23+ years of experience, Michael helps organizations improve GRC processes, design and implement GRC architectures, and select solutions that are effective, efficient, and agile. He is a sought-after keynote speaker, author, and advisor and is noted as the “Father of GRC” — being the first to define and model the GRC market in February 2002 while at Forrester Research, Inc. [/tab] [tab title=”Benefits”] At Vision 2016, you will learn how to capitalize on the latest advances in analytics to turn your company into a cognitive business. Along with keynotes from industry thought leaders and real-world case studies from customers and product experts, Vision 2016 offers more than 120 sessions and workshops. You’ll get a first-hand look at the latest innovations in IBM Cognos TM1, IBM Cognos Disclosure Management, IBM Controller, IBM Cognos Sales Performance Management, IBM OpenPages Governance, Risk and Compliance (GRC) solutions, IBM Cognos Business Intelligence, IBM SPSS products and more. Learn about the key solutions and strategies you need to address challenges that are top-of-mind for chief financial officers, chief risk officers, chief compliance officers and sales compensation professionals in virtually all industries. Join us, and learn how to:
  • Transform your finance, risk, and sales operations organizations by capitalizing on the latest innovations in cognitive computing, analytics, cloud and other key areas.
  • Build relevant analytical capabilities to drive profitable growth.
  • Use the latest cognitive tools, synthesize information, see trends and deliver insights to improve decision quality.
  • Leverage the cloud to scale your solution platform quickly, while reducing costs.
  • Enhance planning, budgeting, forecasting, reporting, analysis, and internal control, plus risk management, compliance, and sales performance management.
  • Implement best practices developed by leading IBM customers and product experts.
[/tab] [tab title=”Who Should Attend”]
  • Board of Directors & Executives
  • Chief Executive Officers
  • Finance and Accounting Professionals
  • IT and IT Security Professionals
  • Audit Professionals
  • Risk Management Professionals
  • Compliance & Ethics Professionals
  • Internal Control Professionals
  • Business Continuity Professionals
  • Fraud Analysts & Investigators
  • Legal Professionals
[/tab] [tab title=”Conference Host”]
Screen Shot 2016-02-10 at 10.28.23 PM Each day, we create 4.5 quintillion bytes of data from a variety of sources—from climate information
 to posts on social media sites, purchase transaction records and medical images.  IBM has the world’s most comprehensive portfolio of data and analytics capabilities in the market. Our strategy is to help enterprises across all industries extract new insights from the explosion of available data to drive competitive advantage. IBM delivers a full spectrum of analytics—from descriptive, predictive and prescriptive to cognitive—to turn big data into big insights and reinvent how decisions are made. We also provide talent management and social collaboration solutions powered by workforce science and cognitive analytics capabilities. We also provide talent management and social collaboration solutions powered by workforce science and cognitive analytics capabilities. We have arrived at an inflection point where data is available
at such a scale that analytics can be applied to solve problems and yield real-time results in ways never before possible. IBM Analytics can help developers innovate faster and more securely, help business professionals find a smarter way to work via better problem solving and collaboration, and help enterprises gain deeper insight faster.
[/tab] [/tabs]

MetricStream GRC Summit 2016

Leading With GRC

[button link=”http://grc-summit.com/#”]Learn More[/button] [tabs style=”default”] [tab title=”Overview”] Join us as we bring together experts from the GRC Community to collectively bring to life our vision of ‘Leading with GRC.’ [/tab] [tab title=”GRC 20/20 Participation”] GRC 20/20’s, Michael Rasmussen, The GRC Pundit, will be participating in this event in the following capacity:
  • Analyst Presentation on Day 2, 11:40a to 12:30p
rasmussenMichael Rasmussen – The GRC Pundit @ GRC 20/20 Research, Michael Rasmussen is an internationally recognized pundit on governance, risk management, and compliance (GRC) – with specific expertise on the topics of GRC strategy, process, information, and technology architectures and solutions. With 23+ years of experience, Michael helps organizations improve GRC processes, design and implement GRC architectures, and select solutions that are effective, efficient, and agile. He is a sought-after keynote speaker, author, and advisor and is noted as the “Father of GRC” — being the first to define and model the GRC market in February 2002 while at Forrester Research, Inc. [/tab] [tab title=”Benefits”] The MetricStream GRC Summit is the premier forum to connect and network with the who’s who of the GRC world including GRC practitioners, thought leaders, and analysts. Over 500 attendees from across 200 companies are expected to attend the 3-day conference. [/tab] [tab title=”Who Should Attend”]
  • Board of Directors & Executives
  • Chief Executive Officers
  • Finance and Accounting Professionals
  • IT and IT Security Professionals
  • Audit Professionals
  • Risk Management Professionals
  • Compliance & Ethics Professionals
  • Internal Control Professionals
  • Business Continuity Professionals
  • Fraud Analysts & Investigators
  • Legal Professionals
[/tab] [tab title=”Conference Host”]
MetricStream
MetricStream is simplifying Governance, Risk, and Compliance (GRC) for modern and digital enterprises. Our market-leading enterprise and cloud Apps for GRC enable organizations to strengthen risk management, regulatory compliance, vendor governance, and quality management while driving business performance.
[/tab] [/tabs]

2016 East Africa GRC Forum

Creating Governance, Risk and Compliance Capacity for Sustainable Success in Developing Markets

[button link=”http://www.ubcompliance.com/Conferences.html#”]Learn More[/button] [button link=”http://grc2020.com/wp-content/uploads/2016/02/Agenda-2016.pdf”]Download Agenda[/button] [tabs style=”default”] [tab title=”Overview”] This conference has been created specifically for developing market leaders, governance, risk management, and compliance practitioners work in either the public or private sectors (at all levels) or have exposure to these organizations. It aims at creating a capacity in good corporate governance in East African organizations. East African organizations across various industries today face an increasing challenge of complying with an an every increasing number of regulatory changes, setting up an effective risk management framework and controls, and implementing good corporate governance at all levels. At the 2016 East Africa GRC Forum, we invite board members, CIOs, CAEs, CROs, CISOs, VPs, AVPs, directors, heads and managers of  audit, risk, and compliance, ICT of various organizations to come debate and address a wide range of highly relevant topics from thought leaders, practitioners, experts, and analysts in the region. You will be joining hundreds of regional governance, risk and compliance professionals from various East African countries at this event that brings together the global best practices, practical solutions, and brightest minds to embrace challenges, forge solutions, and define your future GRC capabilities. Come jumpstart your GRC program! [/tab] [tab title=”GRC 20/20 Participation”] GRC 20/20’s, Michael Rasmussen, The GRC Pundit, is the Conference Chair and Advisory Panel Member. Michael Rasmussen will be make an opening statement to open the program as well as closing comments each day, and will also conduct the following:
  • Building & Implementing an Enterprise Risk Management Framework, Panel Discussion moderated by Michael Rasmussen
  • Keynote Presentation on Day 2 by Michael Rasmussen
rasmussenMichael Rasmussen – The GRC Pundit @ GRC 20/20 Research, Michael Rasmussen is an internationally recognized pundit on governance, risk management, and compliance (GRC) – with specific expertise on the topics of GRC strategy, process, information, and technology architectures and solutions. With 23+ years of experience, Michael helps organizations improve GRC processes, design and implement GRC architectures, and select solutions that are effective, efficient, and agile. He is a sought-after keynote speaker, author, and advisor and is noted as the “Father of GRC” — being the first to define and model the GRC market in February 2002 while at Forrester Research, Inc. [/tab] [tab title=”Benefits”] Personal Gain . . .
  • Experience practical skill. Choosing the sessions that matter most to you and your organization.
  • Interact face-to-face. Gain insights and share ideas at this world-class networking event.
  • Update your knowledge and skills. Earn valuable CPE credits.
  • Exceptional value for your time investment. Receive certification and documentation from every session that can be shared with colleagues.
  • Access to industry experts. Discover tested solutions that work for successful professionals and could work for your organization too.
  • Meet leading vendors. Discover GRC capabilities in GRC solution POC that decrease risk and increase ROI.
[/tab] [tab title=”Who Should Attend”]
  • Board of Directors & Executives
  • Chief Executive Officers
  • Finance and Accounting Professionals
  • IT and IT Security Professionals
  • Audit Professionals
  • Risk Management Professionals
  • Compliance & Ethics Professionals
  • Internal Control Professionals
  • Business Continuity Professionals
  • Fraud Analysts & Investigators
  • Legal Professionals
[/tab] [tab title=”Conference Host”]
Screen Shot 2016-02-10 at 9.41.01 PMUnited Business Compliance is a dynamic and a niche provider for high quality Governance, Risk, Compliance, Information Security, Fraud control and Revenue assurance trainings, seminars and business conferences globally across industries.
[/tab] [/tabs]
Posted on Leave a comment

Quick Start to a GRC RFP

So far 2015 has been the busiest year I have seen in the GRC market. There is increased demand for GRC solutions in all varieties, across industries and geographies. The GRC market is a broad market with a variety of segments. It is not all about Enterprise GRC Platforms. In fact, only about 25% of the inquiries GRC 20/20 gets from organizations are for Enterprise GRC strategies and platforms. A good 75% of the market is aimed at solving department and specific regulatory or risk area needs. There are over 700 technology solution providers in the GRC market across 16 primary market segments. In addition to this there are over 90 GRC intelligence (content) providers offering over 350 GRC intelligence solutions of various capabilities. The challenge is: how do you find the right GRC solution for your organization? This is where GRC 20/20 comes in. If you are looking for GRC solutions for various purposes, GRC 20/20 Research offers complimentary inquiries to explore your needs and identify a short list of solutions that best fit your specific needs. Simply register an inquiry on the GRC 20/20 website. I will do my best to see that you are responded to quickly and efficiently. GRC 20/20 is currently answering between 5 and 10 inquiries each week from organizations looking for GRC related solutions. The next step is building out the requirements for a GRC RFP. Whether this is for an enterprise GRC platform or a very specific segment of GRC, GRC 20/20 has detailed RFP criteria for many domains of GRC. These involve over 200 requirements (sometime many more) in a given segment of GRC that are broken into basic, common, and advanced functionality. This allows organizations to select the criteria that best fits their needs as require only simple functionality while others require advanced functionality. GRC RFP Criteria is available, in an engagement, in the following areas:
  • Enterprise GRC Solutions
  • Audit Management Solutions
  • Policy & Training Management Solutions
  • Risk Management Solutions
  • Third Party Management Solutions (e.g., vendor, supplier)
  • Compliance Management Solutions
  • IT GRC Management Solutions
  • Internal Control Management Solutions
  • Automated/Continuous Control Management Solutions
  • Business Continuity Management Solutions
  • Environmental, Health & Safety Management Solutions
  • Issue Reporting & Management Solutions
  • Quality Management Solutions
GRC 20/20 can be engaged on RFP projects to rapidly enable organizations to developing RFPs based on our RFP criteria library. Simply email me at mkras@grc2020.com and we can scope your needs for a RFP criteria project. GRC 20/20 is often engaged in more detailed RFP projects to help manage the RFP and keep solution providers honest based on our broad experience in the market.
Posted on 2 Comments

Considerations When Purchasing GRC Solutions

Every organization does GRC. . . It makes no difference whether you use the acronym ‘GRC’ or not, every organization has some approach to governance, risk management, and compliance. Your organization’s approach to GRC may be:
  • Ad hoc and fly by the seat of your pants;
  • Decentralized and siloed; or,
  • Collaborative and integrated.
No matter an organizations approach to GRC, the use of technology is pervasive in GRC processes. Technology for GRC can be using documents, spreadsheets, and emails; or in focused applications deployed to meet specific GRC needs; or in enterprise GRC platforms and architectures that pull many functions together. GRC 20/20 Research is deeply focused on analyzing, monitoring, differentiating, and forecasting the market for GRC solutions. In this context I have mapped over 600 solutions into the GRC market.  These include solutions focused on specific areas of GRC (e.g., policy management, investigations, health & safety, legal matters, third party management) to GRC platforms that bring multiple modules together at a department or enterprise level. In the course of an average week, GRC 20/20 answers between 5 and 10 inquiries from organizations looking for GRC related solutions and assists many organizations in RFP development, management, and evaluation of solutions. Over the next few months I will be doing a regular series of posts on buying considerations in different areas of GRC. However, before getting into specific areas, I want to share considerations organizations should have when looking at any type of GRC related solution.  The guidance provided below is applicable whether you are looking for something very narrow such as occupational health & safety, or very broad such as enterprise GRC platforms. When considering GRC related solutions, organizations should:
  • Think GRC Architecture and not GRC Platform. There is no GRC silver bullet that does everything. Solution providers may sincerely think they can do it all but they do not. Yes, there can be a core platform that becomes the hub of GRC integration and reporting but it is often not the only GRC solution involved. Organizations often have several GRC related solutions deployed for different purposes. Just this past week I had dinner with individuals from three major financial services organizations that all had deployed one solution for operational risk management and another for IT GRC. I have been seeing this for years. Organizations are too focused on trying to find one platform to be all things and then find they have watered down areas of GRC and forced different GRC groups to work to the lowest common GRC denominator.
  • Be Diligent in Checking Client References. Ask the hard questions. Push them to find out what they do not like about the solution, find out where it has under-delivered, how issues were responded to. Understand that when solution providers give you a reference it is usually vetted and it is a decision-maker that purchased the product that has a vested interest in the product, and the solution provider treats them like royalty. I talk to these references, but I also insist on talking to someone else who uses the solution on a daily basis on a separate call without others on the line. Often the decision-maker will sing the solution’s praises on the first call and the other call you will hear the truth of the implementation and frustration with the solution.
  • Be Wary of the RFP “Yes, We Do That” Responses. This really frustrates me. Some solution providers basically answer ‘yes’ to nearly every criteria in an RFP. They simply believe it is a matter of ‘configuring’ their solution to support this requirement. They do not tell you it will be a six-month project to do configure it for this feature. This is why organizations have to get solutions and test drive it themselves. I have gotten to the point that I add a field in RFPs that asks if it is a native feature existing out of the box in the solution or if it is something that has to be configured and built-out.
  • Know the Solution Provider’s Expertise. A common complaint I am getting these days is that the GRC solution providers developers have no clue on GRC. Some of the most basic fundamentals of risk management have to be explained over and over again. Everything sounded great throughout the sales process, but as soon as the deal was closed and the implementation begun the implementation team and supporting developers are ignorant of GRC concepts. Make sure that you have a good understanding of the implementation team expertise and background in GRC and the developers supporting that team.  Note, I have stated developers a few times, several of the leading solutions are very bespoke and require a lot of build out for each implementation.
  • Be Cautious with Analyst Rankings and Advise. In full disclosure – I am an analyst. I spent seven years at Forrester and now eight on my own. My concern over analyst reports and rankings is growing at an alarming rate. The recent series of Magic Quadrants from Gartner has put me into a state of shock. Organizations rely on these reports to make decisions. Yes, Gartner has a veiled warning that solutions in the upper right may not be the best fit for all organizations. Still, the perception and ranking marks the ones in the furthest upper right as the best. Some advice:
    • Consider Solutions Beyond the ‘Leaders.’ I hate the two-dimensional rankings of the Forrester Wave and Gartner Magic Quadrant. There is a natural assumption that those in the upper right are the best solutions when reality it is someone in the lower left or not even in the report that may be the best fit for your organization. Many solutions cannot even get into the Gartner and Forrester reports based on their criteria for number of offices, global presence, and revenue. These are still very capable solutions and often are more agile and using newer and more innovative technologies with better user interfaces. A good RFP and evaluation often has a mixture of those evaluated and ranked highly by major analyst firms as well as a few that are not covered or did not score as highly.
    • Gartner does not publish criteria. Seriously, why can’t this be transparent? I guess this is the magic in the magic quadrant as Gartner does not want anyone to know the criteria and scores of each solution. A research organization should be able to publish its criteria, methodology, and scores or it should not call itself a research organization. Forrester does publish criteria and scores though they have been rolling up GRC Waves and it has become very high-level and lacks usefulness.
    • Reliance on video demos and questionnaires. Gartner does not have a consistent process for Magic Quadrants across their research, and even in the range of GRC Magic Quadrants they just published there is variance. However, the general approach for the recent series of GRC Magic Quadrants has been having GRC solution providers fill out a survey questionnaire and submit a video demo of the solution. For some Magic Quadrants they did not dig deeper than this. Companies are investing hundreds of thousands of dollars in GRC solutions based on Gartner rankings which in turn are based on a video demo and survey. This simply turns the Magic Quadrant process into a video beauty pageant.
    • Client references done by surveys. On top of this, Gartner did online client surveys for reference checks and randomly called a few to fact check responses. This is ridiculous. Subscribers pay tens of thousands of dollars for research access. Gartner sells redistribution rights to Magic Quadrants to vendors for thousands of dollars. Organizations are making big purchasing decisions based on these reports. Get on the phone and talk to all the client references and grill them, don’t just send them survey questions. BTW, Gartner’s day rate for consulting is over $15,000 a day which is higher than most Wall Street lawyers. Earn your money and get on the phone with clients and roll-up your sleeves and dig deep into the solutions.
    • Rankings that simply do not make sense. I look at the Magic Quadrant graphic for operational risk management and scratch my head in bewilderment. The plotting is a mystery to me. Some marked as Leaders have deep operational analytic capabilities, they have operational loss data and metrics tied to loss databases aggregating industry loss information to go into capital modeling for operational risk. These are solid solutions. Then you have others in the Leaders category that barely skim the surface of operational risk management with limited analytical capabilities. These are apples and oranges. Those that have very deep operational risk capabilities are being plotted next to others that have limited capabilities. I guess that is to be expected when evaluation is being done by submitting a video demo and questionnaire. Under those circumstances anything can be made to look better – it is like airbrushing magazine models. This was again verified this past week at the dinner I referenced above, all three major financial services firms picked one of the leaders for operational risk management because of their deep operational risk analytic capabilities while not choosing the incumbent already being used for IT GRC which scores further in the upper right in Gartner’s operational risk Magic Quadrant. Go figure . . . I could state the same for the IT Risk Management Magic Quadrant.
This is some collected advice and experience I have from a few decades of experience. What is your experience and advice to organizations in evaluating solutions related to GRC?
Posted on 1 Comment

2014 GRC Technology Innovation Award: Integrc’s RouteONE Delivers Significant Efficiences in GRC Implementation

The 2014 GRC Technology Innovation Awards was filled with competition.   Nominations increased to 62 over last year’s awards, and fifteen winners were selected.  GRC 20/20 looked through all of the submissions, asked for clarification where needed, and selected 15 recipients that demonstrated outside the box thinking in taking GRC in new directions to receive this year’s award. Integrc’s RouteONE Delivers Significant Efficiences in GRC Implementation The cost and time to implement enterprise GRC solutions has been a barrier to many organizations, paritcularly those integrated with an ERP environment such as SAP. This often means that SAP GRC projects feel like necessary overheads that are difficult, costly and drag-on.  Integrc is an innovative service provider that enables organization to achieve the rich value of SAP GRC but in a way that is radically different. Their goal is to implement SAP GRC ten-times faster. With Integrc’s innovative RouteONE, many elements of an SAP GRC deployment have been reduced from weeks to minutes. RouteONE is inspired by Michael Hewitt-Gleeson’s x10 thinking, which has been the mantra of Google CEO, Larry Page. Most companies would be happy to improve a product by 10%. But as Page sees it, a 10% improvement means that you’re basically doing the same thing as everybody else. That’s why Page expects Google employees to create products and services that are 10 times better than the competition. It works on the basis that ten heads are better than one, so rather than having top management provide inspiration, you enable your employees to do it. It’s a concept also referred to as ‘Bottom-up innovation’. X10 is one hundred times 10% – and that radical objective changes the approach from modify to re-design from scratch. RouteONE has become a revolutionary way to deploy SAP GRC solutions faster and cheaper. For organisations with a SAP centric application strategy, this now brings an integrated technology solution within reach in a way that has not been affordable or manageable before. RouteONE unlocks GRC automation, enabling organisations to bring IT enablement to enhance their GRC business practices. RouteONE is centered around an innovative automated configuration engine combined with an accelerated methodology, a library of pre-built content and an award-winning end-user adoption framework – Engaging Risk (recognized last year in GRC 20/20’s 2013 GRC Innovation Awards). When used by experienced SAP GRC consultants, RouteONE typically halves thetime and cost of implementing SAP GRC but delivers the tailored outcomes expected from a traditional approach. The core of the RouteONE capability is the QuickBuilder engine, which automates the necessary configuration components of the SAP GRC products. It also automates the configuration of the SAP suite using business design workshops based on the customers own environment. The Quickbuilder is supplemented with the Quickloader tools, which enable the related master and transactional data to be managed via Excel spreadsheets. When compared to either a templated or traditional approach to deploying SAP GRC, RouteONE provides significant gains in efficiency, effectiveness, and agility. Customers no longer have to compromise any of their requirements or accept a long and potentially expensive project. RouteONE is transformational in that it delivers a solution specific to their unique needs, but goes beyond accelerators and basic knowledge transfer materials and enables the automation of key tasks throughout the implementation. This means organisations wanting an integrated system, tailored to their exact GRC needs, now have a much faster, more manageable and more affordable option. RouteONE is game-changing because it unlocks the potential of integrated SAP GRC, which for many SAP customers was previously out of reach. Now they can dismantle many of their technology, cost and time-related barriers, roll-out SAP GRC far more quickly and cost-effectively than ever before and focus more effort on business change and end-user adoption. In short, it makes GRC automation more possible for many more organisations. RouteONE has a continual emphasis on benefits realisation and on ensuring business users embrace the new system.Automation not only reduces human error, enables Integrc’s clients to go faster and saves them money – it also frees up time for more value-added activities, which is where Integrc’s change management framework – EngagingRISK comes into play. RouteONE can also provide a draft build of the system within 24 hours of starting a project, giving customers the benefit of hindsight in advance. So all in all, not only can faster outcomes be achieved, these outcomes are often better as well.

To learn more about the GRC 20/20 2014 GRC Innovation Awards and other recipients, please visit this post: GRC 20/20 Announces 2014 GRC Innovation Award Recipients