Page 1

JOURNEY

#2/2015

G R C MAGAZ I NE F O R L EA D I N G R I S K M A N A GE M E NT, AUDIT, INTER NAL C ONTR OL AND C OMPLIANC E PR O FESSI ONA LS

BUILDING THE

BUSINESS CASE

FOR INTEGRATED

GRC

THIS ISSUE

GRC TRENDS INTEGRATED GRC WHO OWNS THE BUDGET? BIG DATA BEYOND THE BUZZ DIRECTORS DESK AND INTEGRATION WITH BWISE

THE PEOPLE BEHIND THE C O M PA N Y

B U S I N E S S IN CONTROL WITH BWISE

EVENTS AND WEBINARS


CONTENTS GRC JOURNEY MAGAZINE

CONTENTS

INTEGRATED GRC

WHO OWNS THE BUDGET?

P4

P6

GRC TRENDS

DIRECTORS DESK

AND INTEGRATION WITH BWISE

P10 BIG

DATA

P8

BEYOND THE BUZZ

P 12 THE PEOPLE BEHIND THE COMPANY P 13 THE BWISE速 GRC PLATFORM P 14 ANALYST RECOGNITION P 15 EVENTS AND WEBINARS

JOURNEY

2

ISSUE #2


FOREWORD PETER DE VERDIER

IT IS MY PLEASURE

TO PRESENT YOU THE LATEST ISSUE OF THE

GRC JOURNEY MAGAZINE. THE GRC MARKET IS LARGER AND MORE DYNAMIC THAN EVER BEFORE. THERE ARE NEW REGULATIONS TO COMPLY WITH, NEW AUDIT FINDINGS TO RESPOND TO AND NEW POTENTIAL RISKS TO BE ASSESSED. As BWise is now fully integrated with Nasdaq, I am proud to lead a fantastic management team. Luc Brandts, co-founder of BWise drives our vision in his role as CTO. Rob van Straten manages global sales & delivery, while Magnus Vargmar is in charge of support and academy services. Clarinda Dobbelaar handles our product portfolio and manages customer communications.

Peter de Verdier Head of Nasdaq BWise

We are now taking steps to extend BWise’s market leadership and have expanded our global presence, Asia in particular. We have launched a significant investment initiative to further extend BWise’s capabilities, especially with IT GRC/Information Security. Recently, we have announced our first ever BWise Global Customer Summit, to be held in New York in October. For two days, we will gather our customers from around the world to learn about the latest trends, peer to peer information sharing and networking. Together with our growing network of partners, we are more than ready to deliver world-leading GRC solutions. This issue of the GRC Journey Magazine is focused on diving deeper into the trends and developments of the ever-changing GRC environment. I hope you will enjoy reading it. Please don’t hesitate to contact me if you have any questions. Best regards Peter de Verdier Head of Nasdaq BWise

JOURNEY

3

ISSUE #2


GRC Trends

THE DEMAND FOR END-TO-END GRC TECHNOLOGY WILL CONTINUE TO GROW

TODAY GRC (GOVERNANCE, RISK AND COMPLIANCE) IS STILL A VERY SCATTERED LANDSCAPE. ANALYSTS HAVE STATED THAT ABOUT 80% OF THE GRC SOLUTIONS CURRENTLY IMPLEMENTED ARE POINT SOLUTIONS. THIS IS THE RESULT OF THE WAY COMPANIES DEAL WITH THEIR GRC NEEDS. OFTEN ORGANIZATIONS ARE LOOKING FOR A SOLUTION TO SOLVE AN IMMEDIATE PAIN POINT, AND SELECT THE BEST OF BREED. IN THOSE AREAS WHERE IT IS PARTICULARLY IMPORTANT TO SHARE INFORMATION, AND TO BUILD FROM ONE COMMON DATA MODEL, A MORE STRATEGIC APPROACH IS SEEN.

By: Luc Brandts CTO and Founder

This is especially true in Operational Risk that closely aligns with Compliance, Internal Control over Financial Reporting and Information Security. Those separate functions often share common data structures in business processes, organizational structures, and risk definitions. An integrated approach to GRC is in those cases preferred. There are several factors driving the demand for integrated GRC technology platforms:

JOURNEY

4

ISSUE #2

The Changing role of Internal Audit The third line of defense, Internal Audit, oversees the risk, compliance, internal control and information security functions and has always been collecting data, through audits, from across the entire organization. With technologies allowing them to automate their process and large portions of the data collection, they are the genuine drivers for integration and standardization of a common risk language and one framework to connect risks and control to


GRC TRENDS THE DEMAND WILL CONTINUE TO GROW

the business processes. Eventually, by enhancing a GRC platform, audit is enabled to create a more transparent view of aggregated risks across the enterprise allowing the company to better balance performance and risks.

Internal organizational issues Internal organizational issues such as the increasing burden of compliance and the never-ending search for efficiency improvement and (IT) cost reductions will compel organizations to look for GRC platforms that can support all GRC in one integrated environment. At BWise we are replacing the first generation of GRC point solutions with our second generation integrated platform in basically every region and industry. Standalone functional departments and siloed entities have interdependencies that need to be linked for cost and operational efficiencies. Rapidly changing business priorities require sharing information between departments and those changes require synchronized decision-making throughout the organization. Integrated GRC platforms are designed to facilitate this.

The increasing importance and volume of data Modern technologies enable GRC professionals in Audit, Internal Control and IT security to process warehouses of information and historical records. This allows them to fade away from e.g. at random control testing towards real time 100% control testing or auditing, improving not only the quality of their work, but also allowing them to be alerted when it happens instead of after the fact while it’s freeing up time to work on the incidents or risks instead of finding them. Continuous Monitoring and Continuous Auditing (CM/CA) technologies are very promising: Let’s simply look at the data organizations have and what they could use to detect anomalies, potential risks emerging, detect and prevent fraud. It is quite amazing what technology allows you to do, at a cost much lower than the return in the very first year.

Regulatory changes The more sophisticated, connected and stressed the world becomes, the more human nature drives the need for the number of regulatory bodies and the amount of regulations mandated by each to expand. The amount of

regulatory changes that compliance officers of international organizations need be aware of is astonishing. Existing regulations are being defined further and additional regulations are added to the ledgers. The risk of non-compliance continues to grow. We observe that many companies are changing their perspectives and behaviors on the risk of non-compliance. This pushes a strong need for regulatory alerts management, often in combination with case management and policy management. Now, most companies are behaving more conservatively and their risk appetites are reduced. As the global economy turns around, more customers are doing what they can to fuel that positive momentum, often staying well within newly defined risk tolerance levels. This is what risk monitoring and management is intended to facilitate. Controls can be adjusted as the organization changes its view on the threats of the external factors.

Reputational risks Other external factors driving GRC technology needs are threats to the organizations’ reputation including supply chain issues such as vendor and business continuity management. Ever-growing outlets for posting opinions that become facts can damage an organization’s name or brand overnight. This risk coupled with actual production issues, faulty-design liabilities, poor quality components, miss management vendors to just unexpected bad weather, can cause interruptions to the organization’s intended customer experience. This is happening in both the business-to-consumer and the business-to-business worlds. This doesn’t go unnoticed by customers or prospects. These risks are a growing concern to management and boards. We know from experience that a strong GRC platform needs to allow flexibility to capture the breadth of these potential risks and offer sophisticated capabilities to handle sharing the information and analysis between functional areas. We expect these trends to drive GRC implementations into the next decade. Effectively managing the effects of each trend with solid GRC technology will lead to overall better business performance and it seems that the business world is perceiving that.

JOURNEY

5

ISSUE #2

Is your company ready to look at second generation GRC Technologies? Or do you have questions for Luc Brandts, contact us to get in touch with our experts.


Integrated GRC

WHO OWNS THE BUDGET?

MANY ENTERPRISES INVEST IN GRC SOFTWARE AND MANY DECIDE TO IMPLEMENT AN ENTERPRISE GRC PLATFORM (EGRC)

By: Rob van Straten Global Head of Sales and Delivery

RATHER THAN ‘POINT SOLUTIONS’ FOR RISK MANAGEMENT, INTERNAL AUDIT, INTERNAL CONTROL OR COMPLIANCE. THE FINANCIAL JUSTIFICATION FOR A POINT SOLUTION IS RATHER STRAIGHTFORWARD, BUT TO ALLOCATE A BUDGET FOR EGRC THAT WILL BE USED BY MULTIPLE GRC FUNCTIONS CAN BE MORE CHALLENGING. Investing in eGRC (also called integrated GRC) can be rewarding from an ROI point of view. The challenge often is to find the answer to the question: “Who will be the owner of the platform and who has the budget?” Similar to ERP 25 years ago, GRC currently is often fragmented over various departments and functions such as risk, audit, compliance, ICFR, etc. These departments grew organically over the past years to their current size and importance in today’s transparent and regulated corporate environment. GRC projects often start as a

JOURNEY

6

ISSUE #2

need for better software tooling for one or a few GRC functions with specific needs and requirements. Those who took the initiative, ‘automatically’ became the owners of their GRC platform. They will be challenged when they deploy their GRC platform in the future to other departments for integration. From a financial perspective, the substantial and structural savings achieved by using an integrated platform for other departments and functions are not always taken into account since those savings often are outside the department’s domain.


INTEGRATED GRC WHO OWNS THE BUDGET?

Financial justification

Tactically relevant, easy to calculate

The financial justification of an integrated GRC platform should not only take into account the ROI of the selected GRC solution for the needs of e.g. risk management or audit, but also the cost reductions that will result from expanding the platform over multiple GRC domains over time. Some of the integration benefits are strategic but hard to calculate, whereas others are easier to quantify.

Investigating what GRC processes are in place within the organization, as well as the organization’s IT tooling and supporting IT infrastructure, often lead to surprising high costs. It is relatively easy to do by calculating all IT costs of the GRC supporting tools, including costs such as depreciation of hardware and software, subscriptions, maintenance contracts, hosting costs, network costs, upgrade costs (often much higher than assumed) and last but not least, administrators and IT staff costs to maintain and operate the GRC IT landscape. All that is owned and operated can be replaced by one platform with limited costs and one vendor relation to manage. The ROI is often realized in a matter of months rather than years.

Strategically important but hard to calculate There are a number of very strategic arguments to an integrated GRC approach. These are fundamentally more difficult to quantify but it is nonetheless crucial not to overlook them: Improved steering of the enterprise by aggregated risk, audit and compliance reports that show ‘one version of the truth.’ Ability to react dynamically to changing corporate environments (e.g. mergers, acquisitions, changing corporate structures) or the regulatory landscape. Efficiencies in the GRC departments such as Risk Management, Internal Audit, Compliance, and Internal Control will increase as a result of more advanced tooling and use of enterprise frameworks, templates and data, rather than reinventing functions time after time. Growth of the GRC staff can be limited and departments could even merge.

Enterprises are now challenged to answer the questions, “Who owns eGRC? Is it Risk? Audit? Perhaps the CFO or should there be a strategic role for IT?”. CIO’s and IT leaders should define eGRC programs and facilitate the various GRC user groups. In the past few years, the first generation of visionary CIOs implemented eGRC platforms as a strategic companywide initiative. Industry analysts and experts predict continuous growth of this eGRC approach as point solutions in Europe and North America are entering their end-of-life cycle and decision making is shifting gears towards eGRC. It is interesting to see that in ‘emerging markets’ the banks and leading enterprises skip the step of GRC point solutions and start their GRC Journey with eGRC immediately.

Improved efficiencies throughout the enterprise by ‘asking questions once and reusing the answers.’ People in today’s enterprises suffer substantially from the burden of compliance, as they must provide the same or similar information to different groups within the lines of defense. Multinational enterprises spend between 5% and 10% of their annual revenue on GRC related activities and processes. Control rationalization by integration of the various GRC domains; better implementation could easily reduce the number of controls by 50% throughout the enterprise. An industry benchmark estimates that the annual costs of one control to be approximately $500.00.

Watch the video “The Financial Justification of integrated GRC.”

JOURNEY

7

ISSUE #2


BEYOND THE BUZZ Caroline Souvestre, Senior Product Marketing Specialist, interviewed Anton Lissone on the buzz around Big Data.

What is your definition of Big Data? Big is very subjective and this is also where most of the confusion comes from. These days the term “Big Data” is widely used in the field of data analytics but also in many others. Naturally, the concept of Big Data implies a very large set of data, practically unlimited. To me, another characterization of Big Data is when the volume of data is so big that specific tools are needed to analyze it. Many organizations do not have data sets this large. Moreover, as technology progresses, the capacity for analyzing data sets evolves and therefore, so does the definition of Big Data. On the other hand, the development of technology allows us to record more and more data such as people’s activity. The frequency of the interactions, the large target audience (e.g. car drivers, customers) and its broad applicability result in a rapid increase of the volume of data and with that, the need for new and/or different technology to analyze that data. The conclusion is that the definition of Big Data is likely to be ever evolving for a number of years.

JOURNEY JOURNEY

88

ISSUE ISSUE#2 #2


INTERVIEW ANTON LISSONE BIG DATA / CONTINUOUS MONITORING

Why do you think it is such a popular term at the moment? Big Data appeals to the imagination of the reader. The insights found from Big Data analyses are very interesting, valuable and innovative. This creates a buzz around the term Big Data in such a manner that all of a sudden everyone involved with data analytics (big or not) these days refers to the term Big Data. I consider that 80% of the use cases that can be found on the internet that claim relation to Big Data actually consists of traditional Business Intelligence. Moreover, next to the Big Data trend is the range of available dashboarding and visualization tools that have greatly broadened. These are often associated with Big Data which is not necessarily accurate.

What can companies do with ‘big data’? What are the benefits? There are valuable new insights that can be created using Big Data which were not available before and these come at a speed that allows organizations to really use the results in their day-to-day operations. Things like consumer behavioral monitoring are now within reach. Within the GRC domain there are also lots of topics that arise: Anti-Money Laundering, Revenue Accounting, Account Monitoring, Capital Requirement Calculations, Quantitative Risk Analysis and many more,

BWise also provides a solution that can analyze large amounts of data. Can you describe the BWise CM/CA solution? The BWise® GRC platform relies on the Database Management System (DBMS) layer for its analytical capabilities like many other applications. What makes our solution specific is the fact that it combines day-to-day analytics with an Enterprise GRC solution. It analyzes the data and pushes the results to the responsible party for follow-up, sign-off or investigation if required. All the interactions with the data are stored within the BWise platform to form an audit trail. By using the DMBS and standard available reporting tools, we create a hybrid platform focusing on capturing audit trails and providing distribution of reporting in a smart manner.

Can you give some concrete examples of how customers can use this? We have customers that deployed BWise® to monitor their primary ERP applications daily to check if they are well prepared in various areas such as: Month End Closing (fast-close), Fraud (Anti-Bribery), Operational Excellence (Working Capital and Cash Flow) or Tax Optimization. Data Analytics can also be used to prepare for Security Audits, Financial Audit by external auditors, Data Migration (and data quality) projects. We also provide Key Risk Indicator Analysis, Loss Analysis and Automatic Issue Triggering (Loss, Incidents, and Customer Complaints). It is mostly beneficial to those who are responsible for these GRC topics and are already using a GRC platform to support them in their daily tasks. With BWise, they can perform their internal control, internal audit or risk management tasks while taking advantage of data analytics in one integrated platform. There is no need to run reports with parameters, store files and document their follow-up elsewhere. Everything is within reach using BWise which saves precious time, makes the process more reliable and therefore easily auditable.

Everybody nowadays says they do something with Big Data, why is BWise unique? When we analyze big data, we are not unique. Our distinctive focus is to bring Data Analytics to our primary user groups which are Internal Audit, Internal Control, Information Security, Risk Management and other GRC professionals. For those users we provide a one-stopshop for all their needs with not only dashboards, but also alerts, enterprise GRC related documentation, workflows for follow-up and sign-off as well as reporting for regulators and external auditors. When you use Data Analysis for Anti-Bribery for instance, providing a dashboard on all payments and other types of transactions/interactions with customers is not sufficient to comply with FCPA. Users need to be alerted, see the dashboard, find the needle in the hay-stack, kick-off their due diligence, create investigation cases, follow-up and close cases and eventually report about the progress of that entire cycle. BWise enables customers to cover the entire process.

JOURNEY

9

ISSUE #2

Anton Lissone Director of Data Analytics Mr. Lissone specializes in Data Analytics, Continuous Monitoring and is an expert in C- Level Business-Intelligence & Consultancy.

We like to think that we take the Big out of Big Data. We aim to narrow it down to the essentials in light of GRC to allow organizations to successfully implement it and gain tangible benefits. We want to capture the entire process, not only the data analysis part, in such a manner that makes it a sustainable proposition for day-to-day use in the already overburdened area of GRC.

Do you want to know more about data analytics for the various disciplines in GRC? Download our brochure: “BWise Brings two Worlds Together”.


DIRECTORS DESK

AND INTEGRATION WITH BWISE By: Clarinda Dobbelaar Global Head of Portfolio Management Market Technology Nasdaq BWise

RISK AND COMPLIANCE PROFESSIONALS ARE REGULARLY REQUIRED TO PROVIDE INFORMATION ON THE COMPANY’S STATE OF COMPLIANCE OR KEY RISK INDICATORS TO SENIOR MANAGEMENT AND THE BOARD, SO THERE IS AN APPROPRIATE OVERSIGHT BY THE GOVERNING BODY OF THE RISKS FACING THE COMPANY. THIS IS IN ADDITION TO THEIR DAY-TO-DAY RESPONSIBILITIES OF KEEPING FINANCIAL AND REPUTATIONAL RISKS UNDER CONTROL. THIS INTEGRATION EMPOWERS EXECUTIVES TO BRING CORPORATE ACCOUNTABILITY AND RISK CONTROL TO A HIGHER LEVEL OF SOPHISTICATION WHILE FACILITATING COMMUNICATION TO THE BOARD.

JOURNEY JOURNEY

10

ISSUE ISSUE#2 #2


DIRECTORS DESK AND INTEGRATION WITH BWISE

Nasdaq Board Portal: Directors Desk Nasdaq’s Directors Desk is a strategic productivity suite that empowers executive management, Corporate Secretaries and Board Members to communicate with audit, risk and compliance committee members and execute tasks faster in an environment designed with security in mind. Corporate Secretaries can easily and confidentially communicate, share board books and critical information, as well as manage calendars, events and documents – for individual directors, committees or the entire board. Additionally, the service is designed to enable decision-makers to access materials at their convenience – anytime, anywhere, in an environment designed with multiple layers of security features.

Nasdaq offers a comprehensive range of GRC solutions Nasdaq’s GRC solutions provide executives and board members – in both private and public companies – technologies that allow them to drive transparency as well as balance risks and opportunities to help their organizations make better decisions. Reports and a centralized ata-glance dashboard offer guidance and provide assurance that a company is in control of its key risks, including the risk of non-compliance. Nasdaq’s broad range of GRC solutions and services, of which BWise is the cornerstone, helps organizations manage their GRC processes from the operations up to board level.

Seamless integration for leveraging Risk Management, Compliance and Audit information Preparing the multitude of different Risk Management, Compliance, Audit and Governance related information required for a board meeting used to be a time consuming and manual task. With the integration of Nasdaq Directors Desk and BWise, risk dashboards, audit findings and compliance reports can now be effortlessly pushed from BWise directly to the Directors Desk Document Repository. Directly provide the Board with information on how the company is performing in terms of overall compliance, as well as entity by entity, by leveraging all of the information available within the BWise platform. Now, the board can more effectively monitor and validate control over the company’s exposure to reputational damage, financial risks or liabilities, all within a Board Portal environment that is designed with security features in the application, environment and the systems and processes used to support them.

The choice of integrating BWise and Directors Desks content mentioned herein is only available for customers that subscribe for both services upon their request and choice. The BWise services referenced in this document are offered by local BWise entities, depending on the geographical location of the customer. The Directors Desk services referenced in this document are offered by local Nasdaq Corporate Solutions entities, depending on the geographical locatioan of the customer. Each such BWise or Nasdaq Corporate Solutions entity is a subsidiary of the Nasdaq OMX Group, Inc. For details of the entity providing the relevant services, and the terms and conditions applicable to the services, prospective customers please refer to BWise’s and Nasdaq Corporate Solutions’ master services agreements, and current customers please refer to your contract with BWise and Nasdaq Corporate Solutions for such services.

For more information on Nasdaq’s Directors Desk: request a demo or visit the website.

JOURNEY

11

ISSUE #2


THE PEOPLE

BEHIND THE COMPANY TOM PASSON IS RESPONSIBLE FOR MANAGING THE BID PROCESS AND PARTNER ENABLEMENT. “In today’s rapidly changing GRC environment, a well-structured bid management process is crucial to be able to provide adequate proposals to our prospective customers and to be competitive. In addition, our partner enablement focuses on defining structures and processes to support our partners since they often have a key role in our strategy worldwide. Our partners allow us to provide high quality services while taking into account local specificities. One of our key objectives is to enable scalability without compromising on the quality of delivery. We have taken several initiatives, to ensure this. First, we have been working with the BWise Academy to continuously improve our training and certification programs. Another area of focus has been the development of the Rapid Deployment Solutions (RDS) that provide role-based standardized best practices, which are used to deploy the BWise platform in a matter of weeks. Finally, we are building a Virtual Knowledge Center that will be launched soon which will accelerate and streamline knowledge sharing among our consultants and partners.”

ROOPA DHANALAL IS RESPONSIBLE FOR IMPLEMENTING THE GLOBAL STRATEGIC ACCOUNT MANAGEMENT

(SAM)

PROGRAM

TO IMPROVE THE CUSTOMER’S BWISE EXPERIENCE, INCREASE CUSTOMER SATISFACTION AND WORK WITH THEM AS THEY PROGRESS ALONG THEIR GRC JOURNEY.

MAGNUS VARGMAR IS PART OF THE BWISE MANAGEMENT TEAM AND RESPONSIBLE FOR BWISE SERVICES INCLUDING APPLICATION MANAGEMENT, MANAGED HOSTING AND SUPPORT SERVICES ALONG WITH THE BWISE ACADEMY, IT AND SECURITY.

“The BWise Strategic Account Management program cornerstones are built around the customer’s business. Our aim is to better understand the customer’s mid to long term business objectives and initiatives in the GRC space, to build better value propositions around our customer offerings. A well-defined action plan and communication plan is structured together with the customer and the appropriate resources are allocated to execute properly. Our strategic customers are multi-national, are recognized leaders in their respective industries and have deployed multiple GRC initiatives with BWise. Our SAM program provides several key benefits to the customers including a single point of contact to coordinate internally on their behalf as well as the opportunity to participate in the BWise Customer Advisory Board and provide R&D with input. We as BWise derive additional benefits from our customers including ways to improve our product and ultimately provide an exceptional BWise customer experience.”

JOURNEY

12

ISSUE #2

“As I am responsible for the BWise Services, I oversee customer support, Application Management, Managed Hosting and training services along with IT, Security and the overall responsibility for the integration of the BWise services into Nasdaq. Our Application Management and Managed Hosting services allow our customers to be easily scalable, maximize accessibility and reliability as well as benefit from IT best practices to improve the overall quality of software deployment, operation and support. In supporting our customers with these services, we pay particular attention to gathering and defining the requirements that meet the business objectives. We are excited about growing this business segment of BWise as we have observed a steady growth in the Application Management and Managed Hosting services segments, with an increase of 50% last year. Another recent milestone has been the introduction of hosting capabilities in the APAC region which has allowed us to complete our global reach for all services. Additionally we continue to invest significantly in the BWise Academy to support our customers and partners through the development of new certification programs and broadening the coverage of courses.”


BWise BWise offers role-based integrated Governance, Risk Management and Compliance (GRC) Software for all three lines of defense.

"With BWise we are in Control of our Financial and Reputation Risk." Damian Thomson Chief Information Security Officer

Ann Green

Head of Internal Audit

Gerard Parker Chief Risk Officer

Jackie McLaren Chief Compliance Officer

Who is Nasdaq BWise

Nasdaq BWise is a global leader in Enterprise Governance, Risk Management and Compliance (GRC) software. Based on a strong heritage in business process management, the BWise® GRC Platform provides companies with highly-rated, proven software solutions for Risk Management, Internal Control, Internal Audit, Compliance & Policy Management, IT GRC and Sustainability Performance Management.

balancing performance with their financial and reputational risks, improving corporate accountability, increasing financial, strategic and operating efficiencies. Using BWise, organizations are able to efficiently comply with anti-corruption regulations like FCPA and the UK Bribery Act, the Sarbanes-Oxley Act, European Corporate Governance Codes, ISAE3402/ SAS-70, PCI-DSS, Solvency II, Basel II and III, Dodd-Frank, ISO-standards, and many more.

BWise’s end-to-end solutions support an organization’s ability to understand, track, measure, and manage key organizational risks. Nasdaq BWise helps companies truly be in control by

Nasdaq BWise sales, service and support offices around the globe provide for the GRC needs of hundreds of leading companies worldwide. For more information, visit www.bwise.com.

13

ISSUE #2

Corporate Group Controller

Download our role-based brochures for: Internal Audit, Risk Management, Internal Control and Compliance & Policy Management.

BUSINESS IN CONTROL JOURNEY

Michael Bauer

WWW.BWISE.COM


NASDAQ BWISE GLOBAL LEADER IN GRC

ANALYST RECOGNITION Independent research firm Forrester cited BWise as a “Leader in GRC Platforms” “BWise’s strategy is very strong in support of all GRC roles and continues to earn exceptional customer satisfaction scores,” stated the report. Source: “The Forrester Wave™: Governance, Risk And Compliance Platforms, Q1 2014.” Gartner positioned BWise in the Leaders Quadrant of the Gartner Magic Quadrant for Enterprise Governance, Risk and Compliance Platforms. “The GRC market is nine years old, and buyers have high expectations for the performance of GRC solutions against a wide variety of use cases. Differentiation today is about the ability to deliver against multiple use cases, and provide advanced risk management functionality, with analysis of the impact of risks on strategic objectives and business performance, domain expertise in multiple highly regulated industries, ease of use — including mobile capabilities — and configurability.” Source: Gartner Research “Magic Quadrant for Enterprise Governance, Risk and Compliance Platforms” by French Caldwell and John A. Wheeler, September 24, 2013.

JOURNEY JOURNEY

14 14

ISSUE ISSUE#2 #2


EVENTS & WEBINARS SAVE THE DATE

EVENTS AND WEBINARS OTHER UPCOMING EVENTS

GLOBAL BWISE CUSTOMER SUMMIT OCTOBER 21 - 22. 2015 INTEGRITY. TRUST. TRANSPARENCY.

JULY 16. 2015

Nasdaq BWise will be hosting a ‘GRC by Design workshop’ at the Nasdaq Headquarters in New York. This one day workshop is guided by GRC expert Michael Rasmussen from GRC 20/20. This workshop will provide a blueprint for attendees to develop effective enterprise GRC strategies and techniques that can be applied across the organization.

JULY 29 – 30. 2015

The 10th annual OpRisk Asia conference, hosted by Operational Risk & Regulation, will take place in Singapore and includes a presentation of Rob van Straten, Global Head of Sales and Delivery, BWise.

AUGUST 17 – 19. 2015

Nasdaq BWise is an exhibitor and sponsor at the 2015 Governance, Risk and Compliance (GRC) Conference in Arizona Biltmore. The conference will address emerging trends and best practices in GRC. www.bwise.com/news-events

Nasdaq BWise is pleased to host the first ever Global BWise Customer Summit

The Customer Summit will take place in New York on October 21 - 22. 2015. The Summit’s central theme, Integrity. Trust. Transparency., will be the foundation for discussions during this executive forum. The program will provide a unique opportunity to hear from GRC leaders across the globe how to deal with complex regulatory landscapes and specific GRC challenges while continuously innovating businesses every day. 

WEBINAR GRC INTEGRATION IN ACTION The benefits of an integrated approach to Governance, Risk and Compliance (GRC) are undeniable and often put forward. Numerous surveys show integrated GRC leads to a reduction in redundant activities, improved transparency and greater alignment of processes. But how often have you had the chance to see it in action? Nasdaq BWise hosted a webinar to present concrete applications of GRC integration. Watch the webinar: www.bwise.com/grc-integration-in-action

COLOFON “GRC Journey Magazine” is published by Nasdaq BWise Rietbeemdenborch 14-18 5241 LG Rosmalen T: +31 734 6464 915 @: bwise-marketing@nasdaq.com www.bwise.com business.nasdaq.com

Editorial

Luc Brandts – CTO and Founder Clarinda Dobbelaar – Global Head of Demand Creation & Portfolio Management Market Technology Anton Lissone – AVP, Product Development Caroline Souvestre – Senior Product Marketing Specialist, BWise Rob van Straten – Head of Global Sales and Delivery Peter de Verdier – Vice President, Head of BWise Market Technology

Design Plushommes, www.plushommes.com

JOURNEY

15

ISSUE #2


G O V E R N A N C E I S T H E C U LT U R E , P O L I C I E S , P R O C E S S E S , L AW S , A N D I N S T I T U T I O N S T H AT D E F I N E T H E M A N N E R I N W H I C H C O M PA N I E S ARE DIRECTED AND MANAGED. R I S K I S T H E E F F E C T O F U N C E R TA I N T Y O N B U S I N E S S O B J E C T I V E S ; R I S K M A N A G E M E N T I S T H E C O O R D I N AT E D A C T I V I T Y T O D I R E C T A N D C O N T R O L A N O R G A N I Z AT I O N T O R E A L I Z E O P P O R T U N I T I E S W H I L E M A N A G I N G N E G AT I V E E V E N T S . C O M P L I A N C E I S T H E A C T O F A D H E R I N G T O A N D D E M O N S T R AT I N G A D H E R E N C E T O E X T E R N A L L AW S A N D R E G U L AT I O N S A S W E L L A S T O C O R P O R AT E P O L I C I E S A N D P R O C E D U R E S .

DEFINITION OF GRC, SOURCE: OCEG

NASDAQ BWISE

BWISE-MARKETING@NASDAQ.COM

RIETBEEMDENBORCH 14-18

W W W. B W I S E . C O M

5241 LG ROSMALEN

BUSINESS.NASDAQ.COM

T: +31 734 6464 915 JOURNEY

16

ISSUE #2

Nasdaq GRC Journey Magazine issue 2 - 2015  

GRC Journey Magazine for Leading Risk Management, Audit, Internal Control and Compliance Professionals.

Nasdaq GRC Journey Magazine issue 2 - 2015  

GRC Journey Magazine for Leading Risk Management, Audit, Internal Control and Compliance Professionals.