Contenu connexe Similaire à ProcessGene GRC Software Suite (20) ProcessGene GRC Software Suite1. Business Process Realization
The ProcessGene™ GRC Suite
Business Process Realization Solutions
for Multi-Subsidiary Enterprises
Process-Driven
Risk Management, Governance
and Compliance Solution
Design Processes • Supervise Realization • Control Changes • Enforce Compliance
Copyright © 2007
2. About ProcessGene Ltd.
• ProcessGene™ develops GRC solutions for
global enterprises
• Serving tier 1, global, multi-subsidiary
customers from various industrial branches
• Over 40 global integrators deploy and use the
GRC Suite, with over 1000 installations
Copyright © 2011 Business Process Realization Copyright 2 of 85
Slide © 2007
3. ProcessGene’s Offering
An end to end GRC software suite,
designed for multi-subsidiary enterprises
• The first integrated BPM/GRC suite in SaaS
• The only “Multi-Org” BPM/GRC solution-
designed for multi-subsidiary enterprises
Copyright © 2011 Business Process Realization Copyright 4 of 85
Slide © 2007
4. ProcessGene GRC Solutions
End-to-end GRC enablers
Search and GRC Diagnostics
Reports Module and Dashboards
Risk Regulatory
Management Compliance
Multi-Org Collaboration
Mechanism Mechanism
Corporate
Governance IT GRC
Graphics
Connectivity to Internal engine for
ERP systems Audit
End-to-end GRC enablers Diagrams
Business Process Task and Workflow
Management Engine Platform
SaaS Platform
Copyright © 2011 Business Process Realization Copyright 5 of 85
Slide © 2007
5. Risk Management
• Identify, evaluate and prioritize organizational risks
• Relate risks to relevant business processes, systems
and organizations
• Mitigate and control the risks
• Track and diagnose progress of the risk management
program
• Link KRIs to processes or risks
• Record and categorize loss events
• Manage opportunities vs. risks
• Global and optimized risk vs. return management
• Business processes that involve high risks are easily
monitored and diagnosed
Copyright © 2011 Business Process Realization Copyright 7 of 85
Slide © 2007
6. Benefits and Differentiation of the
ProcessGene™ GRC Solution
• Designed for multi-subsidiary, global
organizations
• Very fast implementation
• Full automation
• Direct connectivity to ERP systems
• Leaders in cloud provisioning
• Multiple frameworks:
• Unlimited amount of free “view” users
Copyright © 2011 Business Process Realization Copyright 8 of 85
Slide © 2007
7. Regulatory Compliance
• Support a wide array of compliance programs covering
USA and EMEA regulations
• Specialized functionality & repositories for specific
compliance programs
• Sample regulations: SOx, FDA, FERC, NERC, FAA,
OMB A-123, EH&S, HACCP, ISO 22000, PCI, BSA,
Patriot Act, GLBA, KYC, AML, Basel II, MaRisk, ISOx-
Goshen, SAS70, eTOM, PCI-DSS, ISO 27002, NIST
• End to end solution, covering the entire regulatory
compliance cycle
• A common framework to comply with the on-growing
regulatory scope enables to reduce compliance costs
Copyright © 2011 Business Process Realization Copyright 9 of 85
Slide © 2007
8. IT GRC
• Measure and mitigate IT risks by implementing controls that
ensure the security and integrity of data, systems, networks
and IT facilities
• Ensure compliance with a set of IT regulations governing data
retention, privacy, confidential information, change
management, vendor information and disaster recovery
• Based on leading control frameworks such as Cobit, ISO
27002, NIST, ITIL
• Automation effectively reduces the cost of enforcement, while
providing improved and quantifiable compliance results
• Direct connectivity to enterprise software systems automates
and improves the effectiveness of IT compliance enforcement
• Easy access to objective evidence for compliance
enforcement
Copyright © 2011 Business Process Realization Copyright10 of 85
Slide © 2007
9. Internal Controls
• Document, test, sign-off and monitor the organizational
controls
• Automated workflows simplify follow up on testing, sign-
off and deficiency remediation
• Collected evidence is documented electronically, with full
audit trail
• Automation reduces costs and prevents errors that are
caused by manual, non validated activities
• A control is tested once and then re-used for several
compliance purposes and goes through several types of
audits
Copyright © 2011 Business Process Realization Copyright11 of 85
Slide © 2007
10. Corporate Governance
• Manage a dynamic set of processes, policies and
procedures related to reliability, integrity and compliance
with laws and regulations
• Deploy a workflow of automated approvals to ensure that
governance is communicated and enforced
• Verify, through surveys and enterprise wide
acknowledgment processes, that governance is
disseminated and enacted
• Enable a clear and traceable accountability mechanism
to ensure adoption of corporate governance principles
• Comply with required legal regulations
Copyright © 2011 Business Process Realization Copyright12 of 85
Slide © 2007
11. ProcessGene™ GRC: Five Roles,
Seven Responsibilities
Role Responsibility
GRC Manager Document Business Processes
Risks, Controls, Test Plans
Control Owners Execute Controls and document
execution evidence
Internal Testers Conduct tests over Controls. Manage deficiency
Report test results remediation
External Auditor Review efficiency of Controls Verify deficiency
based on test results remediation
Approvers Sign-Off Business
Processes
Copyright © 2011 Business Process Realization Copyright16 of 85
Slide © 2007
12. Login to the USA
environment
Copyright © 2011 Business Process Realization Copyright17 of 85
Slide © 2007
13. Copyright © 2011 Business Process Realization Copyright18 of 85
Slide © 2007
14. Copyright © 2011 Business Process Realization Copyright19 of 85
Slide © 2007
15. Copyright © 2011 Business Process Realization Copyright20 of 85
Slide © 2007
16. Copyright © 2011 Business Process Realization Copyright21 of 85
Slide © 2007
17. Easily define and edit the process description and its properties
Copyright © 2011 Business Process Realization Copyright22 of 85
Slide © 2007
18. Easily edit the
process Diagram
Copyright © 2011 Business Process Realization Copyright23 of 85
Slide © 2007
19. ERP Screens
ERP transaction/ Description
Automatic GRC test
Execute the automatic test or
“jump” directly to an exact location
at the ERP system
Copyright © 2011 Business Process Realization Copyright24 of 85
Slide © 2007
20. Any SAP Screen
The SAP transaction is Direct connectivity to
automatically opened the ProcessGene
application
Copyright © 2011 Business Process Realization Copyright25 of 85
Slide © 2007
21. The Oracle screen is Direct connectivity to the
automatically opened ProcessGene application
Copyright © 2011 Business Process Realization Copyright26 of 85
Slide © 2007
22. Relate Risks and Controls
to the Process
Define the list of
related Risks
Jump to Controls management
Copyright © 2011 Business Process Realization Copyright27 of 85
Slide © 2007
23. A selected Risk’s
properties
The Risk’s description
Raw and residual levels
Related opportunities
Copyright © 2011 Business Process Realization Copyright28 of 85
Slide © 2007
24. A selected Risk’s
diagnostics
Copyright © 2011 Business Process Realization Copyright29 of 85
Slide © 2007
26. The Risk’s audit plan and audit execution data
The Risk’s audit plan, audit schedule
and audit results, including the documentation
of historical results and the management of
deficiency remediation
Copyright © 2011 Business Process Realization Copyright31 of 85
Slide © 2007
27. Tasks related to the modeling and
management of the Risk
Copyright © 2011 Business Process Realization Copyright32 of 85
Slide © 2007
28. Documents related to the modeling
and management of the Risk
Copyright © 2011 Business Process Realization Copyright33 of 85
Slide © 2007
29. Relate Risks and Controls
to the Process
Define the list of
related Controls
Copyright © 2011 Business Process Realization Copyright34 of 85
Slide © 2007
30. A selected Control’s
properties
Press to edit the
selected Control’s
properties
Assign a
Control owner
Determine execution
frequency
Copyright © 2011 Business Process Realization Copyright35 of 85
Slide © 2007
31. All fields are editable
in the Control’s edit form
Copyright © 2011 Business Process Realization Copyright36 of 85
Slide © 2007
32. Copyright © 2011 Business Process Realization Copyright37 of 85
Slide © 2007
33. Copyright © 2011 Business Process Realization Copyright38 of 85
Slide © 2007
34. The Control’s test plan and
test execution data
Define the Test and the criteria for
the Test’s success/failure
The Control’s test plan
Copyright © 2011 Business Process Realization Copyright39 of 85
Slide © 2007
35. Assigned tester(s) Scheduling data
The Control’s test schedule
Copyright © 2011 Business Process Realization Copyright40 of 85
Slide © 2007
36. Edit the Control’s
Test schedule
Assign testers for
the Control
Copyright © 2011 Business Process Realization Copyright41 of 85
Slide © 2007
37. Save
Select a tester
Copyright © 2011 Business Process Realization Copyright42 of 85
Slide © 2007
38. A tester was Assigned
Define the test’s
schedule
Copyright © 2011 Business Process Realization Copyright43 of 85
Slide © 2007
40. A tester was assigned A schedule was defined
Copyright © 2011 Business Process Realization Copyright45 of 85
Slide © 2007
41. ProcessGene™ GRC: Five Roles,
Seven Responsibilities
Role Responsibility
GRC Manager Document Business Processes
Risks, Controls, Test Plans
Control Owners Execute Controls and document
execution evidence
Internal Testers Conduct tests over Controls. Manage deficiency
Report test results remediation
External Auditor Review efficiency of Controls Verify deficiency
based on test results remediation
Approvers Sign-Off Business
Processes
Copyright © 2011 Business Process Realization Copyright46 of 85
Slide © 2007
42. Copyright © 2011 Business Process Realization Copyright47 of 85
Slide © 2007
43. Copyright © 2011 Business Process Realization Copyright48 of 85
Slide © 2007
44. Copyright © 2011 Business Process Realization Copyright49 of 85
Slide © 2007
45. Copyright © 2011 Business Process Realization Copyright50 of 85
Slide © 2007
46. Copyright © 2011 Business Process Realization Copyright51 of 85
Slide © 2007
47. Copyright © 2011 Business Process Realization Copyright52 of 85
Slide © 2007
48. ProcessGene™ GRC: Five Roles,
Seven Responsibilities
Role Responsibility
GRC Manager Document Business Processes
Risks, Controls, Test Plans
Control Owners Execute Controls and document
execution evidence
Internal Testers Conduct tests over Controls. Manage deficiency
Report test results remediation
External Auditor Review efficiency of Controls Verify deficiency
based on test results remediation
Approvers Sign-Off Business
Processes
Copyright © 2011 Business Process Realization Copyright53 of 85
Slide © 2007
49. An automatic email from the control’s testing reminder
Email notifications are optional
Copyright © 2011 Business Process Realization Copyright54 of 85
Slide © 2007
50. Elizabeth Martin’s
Personal task list
Open the Control’s
test task to execute it
Copyright © 2011 Business Process Realization Copyright55 of 85
Slide © 2007
51. Read the Control’s
test plan and execute it accordingly
Copyright © 2011 Business Process Realization Copyright56 of 85
Slide © 2007
52. Report test results.
All results are documented in the system
and history is saved.
Copyright © 2011 Business Process Realization Copyright57 of 85
Slide © 2007
53. The Control’s test results
are documented in the system
Copyright © 2011 Business Process Realization Copyright58 of 85
Slide © 2007
54. The Control’s test result history
Copyright © 2011 Business Process Realization Copyright59 of 85
Slide © 2007
55. Defining, assigning and scheduling the
required deficiency remediation tasks
Copyright © 2011 Business Process Realization Copyright60 of 85
Slide © 2007
56. ProcessGene™ GRC: Five Roles,
Seven Responsibilities
Role Responsibility
GRC Manager Document Business Processes
Risks, Controls, Test Plans
Control Owners Execute Controls and document
execution evidence
Internal Testers Conduct tests over Controls. Manage deficiency
Report test results remediation
External Auditor Review efficiency of Controls Verify deficiency
based on test results remediation
Approvers Sign-Off Business
Processes
Copyright © 2011 Business Process Realization Copyright62 of 85
Slide © 2007
57. View the status of Controls
in the entire organization
Copyright © 2011 Business Process Realization Copyright63 of 85
Slide © 2007
58. A distribution of the
Controls’ test results
Copyright © 2011 Business Process Realization Copyright64 of 85
Slide © 2007
59. A distribution of the
key Controls’
test results
Direct access to grouped
Controls (e.g to the
ineffective group)
Copyright © 2011 Business Process Realization Copyright65 of 85
Slide © 2007
60. A distribution of the
Raw Risk weight
in the organization
The average Raw Risk level
and Residual Risk level vs.
the average Risk tolerance
in the organization
Copyright © 2011 Business Process Realization Copyright66 of 85
Slide © 2007
61. The average controlled
vs. residual risk levels
in the organization
Copyright © 2011 Business Process Realization Copyright67 of 85
Slide © 2007
62. The average controlled
vs. residual risk levels
in the organization –
distributed per category
Copyright © 2011 Business Process Realization Copyright68 of 85
Slide © 2007
63. All tasks in the organization
can be viewed, monitored and
managed from this area
Jump to the end
Copyright © 2011 Business Process Realization Copyright69 of 85
Slide © 2007
64. Sign-off Processes
Define Sign-off tasks per process
Copyright © 2011 Business Process Realization Copyright70 of 85
Slide © 2007
65. View a Sign-off
task details
Copyright © 2011 Business Process Realization Copyright71 of 85
Slide © 2007
66. Edit a Sign-off
task details
Select the required
signing statement
Assign user(s)
Copyright © 2011 Business Process Realization Copyright72 of 85
Slide © 2007
67. Save
Select a tester
Copyright © 2011 Business Process Realization Copyright73 of 85
Slide © 2007
68. Edit a Sign-off
task details
A user was Assigned
Define the task’s
schedule
Copyright © 2011 Business Process Realization Copyright74 of 85
Slide © 2007
70. The Sign-off task is defined
Copyright © 2011 Business Process Realization Copyright76 of 85
Slide © 2007
71. ProcessGene™ GRC: Five Roles,
Seven Responsibilities
Role Responsibility
GRC Manager Document Business Processes
Risks, Controls, Test Plans
Control Owners Execute Controls and document
execution evidence
Internal Testers Conduct tests over Controls. Manage deficiency
Report test results remediation
External Auditor Review efficiency of Controls Verify deficiency
based on test results remediation
Approvers Sign-Off Business
Processes
Copyright © 2011 Business Process Realization Copyright78 of 85
Slide © 2007
72. An automatic email from the Process’s Sign-off reminder
Copyright © 2011 Business Process Realization Copyright79 of 85
Slide © 2007
73. Michael Chang’s
Personal tasks area
Michael Chang’s
Sign-off task
Copyright © 2011 Business Process Realization Copyright80 of 85
Slide © 2007
74. Sign-off task
details
Approval declaration
Required action:
Approve now
Copyright © 2011 Business Process Realization Copyright81 of 85
Slide © 2007
75. Confirm the Sign-off declaration
Copyright © 2011 Business Process Realization Copyright82 of 85
Slide © 2007
76. The Sign-off declaration is
documented in the system
Copyright © 2011 Business Process Realization Copyright83 of 85
Slide © 2007
77. All historical Sign-offs
for this process
Copyright © 2011 Business Process Realization Copyright84 of 85
Slide © 2007
78. A gauge indicating
the current organizational
Sign-off status
Copyright © 2011 Business Process Realization Copyright85 of 85
Slide © 2007
79. Thank You!
ProcessGene Ltd.
For additional information:
www.processgene.com
Copyright © 2011 Business Process Realization Copyright87 of 85
Slide © 2007