RSA Archer ERM Capability Analysis  RSA Archer is a solution provider in the GRC market that Corporate Integrity has researched and evaluated. Through an adaptable end-to-end offering RSA Archer eases the burden by delivering operational effectiveness, efficiency, and agility to risk management processes. RSA Archer’s ERM module is ideally suited for organizations that need a platform to bring together distributed…

Compliance 360 is a GRC vendor that Corporate Integrity has researched, evaluated, and reviewed with application users. Compliance 360 delivers on the vision of GRC with a robust technology and information architecture to enable risk and compliance processes that are agile, efficient, and effective in managing regulatory requirements, enterprise risk, and obligations. Compliance 360 is a provider of software applications,…

The mismanagement of policies has grown exponentially within organizations with the proliferation of collaboration and document sharing software such as Microsoft SharePoint. These solutions to their credit as well as downfall enable anyone to post a policy. Organizations end up with policies scattered on dozens of different internal Web sites and file shares, with no defined audit trails or accountability…

Organizations face a complex environment of risk, internally and externally. Geopolitical, financial/treasury, economic, operational, legal, and regulatory environments produce compound risks for organizations to manage. Many organizations are learning that these risks often interrelate to create a much larger risk environment than each independent silo is aware of. What may seem an insignificant IT risk in one area of the…

Organizations today face unimaginable challenges as they do business in an increasingly complex global marketplace. They need to step back, get a good look at the challenges and develop an integrated approach to ensuring effective governance, managing risks, and optimizing performance while addressing compliance requirements throughout the enterprise. The result: what OCEG calls Principled Performance®. A number of key business…

Effective governance, risk management, and compliance (GRC) delivers the ability to meet requirements, achieve human and financial efficiency, and meet the demands of a dynamic business environment that requires agility. It eliminates silos of risk and compliance that emerge from parts of the organization that have historically worked independently of each other. The goal is to provide a process, technology,…

The most economical GRC approach focuses on automation and efficiency. The goal is to connect policies and procedures to control objectives and automate monitoring and enforcement of controls. Automated controls can span business processes, applications, and information to reduce inefficiencies in current methods of internal control monitoring and validation. The importance of automated monitoring increases as the velocity of change…

While GRC is ultimately about collaboration and communication between business roles and processes, technology provides the backbone that enables GRC. To describe this technology, Corproate Integrity has defined the GRC Reference Architecture2 (this is closely aligned to the second version of the Open Compliance & Ethics Group (OCEG) GRC Technology Blueprint). This model is meant to be a practical and…

In today’s environment, ignoring an integrated view of GRC results in processes, partners, employees, and systems that behave like leaves blowing in the wind. Risk and compliance issues and corresponding processes are constantly coming to bear on the business. Organizations can’t afford to focus on single risk and compliance issues within unrelated technologies, projects, and assessments: Nor can they allow…

Business is complex, and requires agility to stay competitive. Risk and compliance measures can work against business agility, when managed manually and/or across numerous siloed initiatives. Success in today’s business environment requires the organization to integrate, build, and support business process with an enterprise view of risk and compliance. The bottom line: Organizations spend more money on risk and compliance…