Evangelizing Data Analytics being part of GRC
Often I am on stage promoting the BWise vision and BWise® GRC Platform and services that support this vision. Sometimes I am asked to not include any "commercial" information and limit myself to use cases. Apparently presenters from other vendors didn't do a great job in the past, because event managers are afraid that vendors present an advertisement of their product rather than sharing visions and translating technology into tangible business benefits that inspire people to evaluate innovative technologies if and when they become available.
The moments I can speak about our technological capabilities I always use the occasion to explain the BWise vision on integrated continuous monitoring and continuous auditing (CM/CA). Of course we believe we are providing a leading GRC platform to gather information from the business for internal control, risk assessment and compliance and audit processes and enable a comfortable way of working for the professionals as well as the contributing users. And, on top of that, we believe we create the environment for sophisticated reporting and issue/findings follow up. However, that is not the entire story...
At BWise we believe we should automate the "GRC processes" to reduce the burden of compliance and put a halt to the ever-growing need for additional resources for risk management, audit and compliance. We believe that control testing should be automated by tapping into data systems that manage the IT infrastructure as well as the ERP systems. We also believe that we should apply rules to the data streams and report on deficiencies and findings and follow up on them. In this way concepts such as continuous control monitoring, audit analytics, continuous risk assessments and data driven compliance can easily be implemented. Any issue or deficiency found automatically gets reported, moved to workpapers for audit or kicks off workflows for follow up and remediation.
Often the audience seems to think that using CM/CA technologies is very complex, which isn't the case if the CM/CA technology is fully integrated in the eGRC platform and is just another way of gathering information through GRC processes. At BWise we recently implemented this combined technology for large enterprises that have already shown pay back times of months and/or allowed processes to be put in place that allow managing (compliance) risks before they can evolve. I am wondering when the industry as a whole will start to embrace integrated CM/CA as a must have to any eGRC technology deployment.
Learn more about Continuous Monitoring and Continuous Auditing.