Embed Size (px)
Citation preview
Paisley Enterprise GRC™
Audit Profile
Linda Bergs
Successful Implementation
Champion
Buy-in
Budget
Technology
Who We Are
Paisley is an independent software vendor providing innovative solutions for governance, risk and compliance (GRC)
The Paisley GRC software solution supports:
– Financial controls management
– Internal audit management
– Operational risk management
– General compliance
– IT governance
– Enterprise risk management
Governance, Risk and Compliance
Implement A SINGLE SOLUTION with seamless navigation and information, and context transfer between internal components and external applications.
Paisley
Paisley GRC Solutions: Delivery Options
Paisley Enterprise GRC™– Complete GRC solution for large enterprise clients– Scalable, proven– Easy to implement
GRC on Demand™– Complete GRC solution delivered via Software as a Service– Lowest total cost of ownership– Get started in days– Start small and grow into enterprise adoption
Silo Approach to GRC
Remediation
Define scope
Identify Business Units
Assess Risks
Establish objectives
Test Controls
Define scope Define scope
Define scope Define scope Define scope
Establish objectives Establish objectives
Establish objectives Establish objectives Establish objectives
Identify Business Units Identify Business Units
Identify Business Units Identify Business Units Identify Business Units
Assess Risks Assess Risks
Assess RisksAssess Risks
Assess Risks
Test Controls
Test ControlsTest ComplianceTest Controls
Remediation
Remediation Remediation
Remediation Remediation
Report Report Report
Report Report Report
Silo Approach to GRC
Access Security
Risk Risk Risk
Non-compliant password
usage
Unauthorized Access
Paisley Enterprise GRC: The Cube Paradigm
Access Security
Access Security
Access Security
Enterprise Risk Management
Define ERM scope and context
Identify strategic organizational objectives
Understand the risks to meeting those objectives
Link strategic risks to business processes
Link strategic risks to operational risks
Provide executive management with a top-down view of strategic risks
IT Governance
Align IT operations with corporate goals and business objectives
Identify shared risks and controls
Identify and test controls that prevent and reduce IT incidents and losses
Track IT loss incidents and monitor areas of risk
Understand how IT risks impact operational units and ERM objectives
Financial Controls Management
Use top-down risk assessment to narrow scope and reduce costs
Aggregate deficiencies to identify systematic weaknesses
Identify shared risks and controls
Dynamic, real-time reporting on control effectiveness across the organization
Flexible workflows support Section 302 and 404 certifications
Compliance
Reduce the cost and complexity of monitoring and managing corporate compliance programs
Document and manage the complex relationships between internal policies and external regulations
Consolidate compliance information into a single library
Balance compliance investment with top-down risk assessment
Operational Risk Management
Use process-based risk assessment to identify residual risk in operations
Identify organizational strengths, weaknesses and opportunities
Reduce impact of loss events
Improve business process performance
Encourage management to own their risks and understand their controls
Internal Audit
Streamline audit processes while maintaining flexibility to support all types of audits
Gain efficiencies by leveraging existing documentation
Collaborate with auditeesthrough workflow and shared reporting
Improve audit’s visibility throughout the organization
Leverage work done by other GRC groups to complete more audits faster
Internal Audit Process Flow
Workpaper
Audit ChecklistAudit Program
Audit
Control
ProcessProcessProcessOrganization
Process
Risk
Copy Process, Risk & Control
Information
Audit Top-Down Risk Assessment
Annual PlanningWorkforce Scheduling
Surveys
Knowledge Repository
Documents
Std. Templates
Standard LibraryAudit Report
Audit Issue
Audit Action Plan
Issues
Action Plans
Workpapers
