3. OCEG GRC Technology Strategy & Maturity Survey
Results from 273 respondents to the OCEG 2014 GRC Technology Strategy Survey shows:
4. Governance Risk Compliance Simplified
The CMLgroup GRCaaS solution provides all the tools to
build an efficient, collaborative enterprise GRC program
within your organization.
GRCaaS allows you to:
•Manage Risk
•Demonstrate compliance
•Automate business processes
•Gain visibility into corporate risk and security controls
•Access real time, intuitive, interactive, customizable, role-based
GRC Dashboards
5. CMLgroup GRCaaS Framework
Risk
Set up Risk
Management Program.
Identify Assets,
Threats, Vulnerabilities
and Controls
Policy
Map and track your
Policies, Procedures,
Guidelines and
Standards
Vulnerability
Scan and document
your organization’s
technical compliance
controls
Vendor
Track third-party
vendors, and OSP
Identify and mitigate
risk
Process
Track and manage
business processes,
automatically feed to
risk , audit and
compliance programs
Audit
Automatically
populate audit field
and eliminate manual
internal & external
controls verification
Reporting
Real time, intuitive
and interactive
customizable, role
based Dashboards
Training
Integrate
courseware with
controls, and
streamline course
completion
Incident
Management
Track and report
information security
incidents
Compliance
Fully automated
compliance.
Automatic updates
to regulatory
Requirements
13. Identify Regulatory Compliance at a glance
Left Pie chart: assessment in progress, review and approved
Right Pie chart: assessment controls status, Passed, Failed, Not Responded, Not Applicable
Bar chart – Assessment Level, Inherent Risks and Inherent Compliance levels
Bar chart – Assessment by Regulatory Compliance progress status
14. Who is responsible?
Select Assessment Status In Progress (Pie Chart blue section)
The information window shows Finance and United States having the most failed controls
15. Who is accountable ?
Filter by division Finance, see Details. Compliance Manager, most assessments in
progress, majority overdue more than 30 days. Followed by Dario Acosta all assessments
overdue.
Outliers shown in Days Past Due (red column) clearly maps priorities. Who has to do What
16. Inherent Risk Analysis
Healthy High/Low risk ratio, where low is about three times the High level. However, there
are 19 assessments in progress listed as Not Assessed. It presents a large potential risk.
Assessment Risk becomes priority along with completing overdue assessments.
17. Organization’s Assessment Status
Assessment status by division. Compliance Rating shows status based on org thresholds.
The four-quadrant chart below show Completion/Passed ratio. Bubble size driven by
number of controls per division
18. Risk Sources and Types
Risk sources by Asset Type, further analyzed by status New, Open and Close.
Tap on Asset Type to see Risks Types such as Audit Findings, Failed Control, Incident, Risk
and Vulnerability
19. Assessments Common Controls
Controls by Sources and Parents - Banking and Finance Guidance, network map on the
right shows common controls between Regulations, FEIC Audit and Bank Secrecy Act.
Therefore, passing these controls increases inherent compliance for both Regulations
20. Assessment Regulatory Compliance/Impact Zone
Assessment by Regulatory Compliance shows organization’s regulations status
Assessment by Impact Zone shows status by organization’s GRC groups
21. Affordable GRC
• Automate manually intensive tasks
• User generated reports
• Simplified data collection
• Automate business processes
• Easy to train new personnel
• User customizable dashboards
• Designed to enhance your existing process
• Does not force you to implement large-scale process
changes
22. GRC Simplified
• A cloud-based service with no software to buy,
install, and maintain
• IT support not needed
• Runs on the highly scalable Salesforce.com platform
so it’s always available and accessible
• 2-day installation
• Free no-obligation trial so you can try before you buy
23. • Customizable, interactive reports
• Real-time Mobile Dashboard
• An intuitive setup process
• Easy Ongoing Management
User Interface
• Thousands of Citations
• Regulations from hundreds of
Authorities
• Guaranteed currency with all
global standards and
regulatory mandates
Unified Compliance
Framework (UCF)
• Risk Compliance
• Policy, Training
• Audit
• Vendor
• Incident Response
• Vulnerability Management
• Process
A complete, integrated
suite of IT GRC
management
• Configuration and deployment
• Product support
• Baseline consulting
Built-in integration
and support
services
• Risk assessments,
vulnerability assessments
• IT audit and much more
Optional Services and
strategic consulting
• Enterprise-class solution
without the need for capital
investment or additional
personnel.
Cloud-based
delivery
3
2
1
6
4
5
GRCaaS by CMLgroup
GRCaaS
24. GRCaaS Solution enables:
Complete Risk
Posture insight
• Real time reporting
and Executive
Dashboards
• Actionable items
generated by
analytics and KRI
• Streamlined
information security &
compliance
operations
• Enhanced access and
end-to-end
integration
• Intuitive initial setup
provides built-in and
step-by-step guides
• Subject matter
expertise is
embedded into
GRCaaS’s robust
wizards
• Supports over 700
authorities & over
25,000 citations and
regulations
• Maps the
organization’s
industry-specific
requirements to
standard GRCaaS
Controls
• Scalability, Reliability
and Performance with
a Cloud Performance
• Standardized security
Customizable
Real-Time upgrades
Automation and
Streamlining
Simplified User
Interface
Automate
Compliance
Cloud Based
Strategic
25. CMLgroup GRCaaS
Contact us today to discuss your
IT-GRC requirements
+ 1 646 827-2291
www.cmlgroup.com
Info@cmlgroup.com
