Audit Management and Vendor Compliance Management Audit Management: What is Audit Management? Audit management is the overall process of managing the overall audit process. It enables organizations to reduce dependence on paper, perform the functions faster and with fewer resources and provides a track able audit trail for these functions.
Audit Manager SecureGRC Audit Management feature provides an integrated solution to managing the functions, documents, and tasks associated with audits (IT Security Compliance or Financial) of any organization. In addition, it provides access to the core elements from the SecureGRC platform such as Workflow, Document Management, Audit Work paper repository, Fine-grained access control through a secure Web based interface.
Key Features Single and Centralized repository for all work papers Version control for all work papers Link work papers to controls Schedule audits Assign personnel to audits Audit trail Ability to track audit failures Dashboards and reports
Vendor Compliance Management: SecureGRC Vendor Management solution enables you to manage an effective vendor management process: risk-based vendor selection, centralized document management and remediation management.
What is Vendor Management? Vendor Management is the process financial institutions worldwide use to understand the risks they assume due to their business relationships with their third-party vendors especially regarding their data sharing or outsourcing relationships. Vendor Management is a standard practice today and has matured to an extent where some leading financial industry groups such as BITS have standardized the process significantly through their Standard Information Gathering (SIG) and Agreed upon Procedures (AUP) standards. The usage of these standards or their derivatives helps organizations understand the risk associated with their vendors and then incorporate appropriate governance risk and compliance mitigation techniques and measures to mitigate the risk.
Key Features Automate monitoring of controls such as management of sensitive data and technical controls. Enable vendor managers to manage risk. Assess vendor risk using various assessment types and a library of questions based on bestpractice standards. Derive risk and compliance ratings by type of vendor from assessment results. Measure vendor compliance to policies and procedures. Track and address areas of non-compliance identified in the vendor assessment process.