ZenGRC

Simply Powerful GRC

ZenGRC Team

What is GRC – an Excerpt from ZenGRC’s GRC Software Buyer’s Guide

· ·

Over the next few weeks we will be bringing you excerpts from our new Governance, Risk Management and Compliance Software Buyer’s Guide – A CISO & Compliance Team’s Guide to Purchasing GRC Software. Please enjoy the excerpt from Chapter 1:

What is Governance, Risk Management and Compliance (GRC)?

Governance, Risk Management, and Compliance, or GRC, is a broad term that covers a company’s approach to and strategy for managing its internal governance, risk, and compliance activities. Governance comprises the rules, structures, and accountability within the company, whether to internal requirements or those imposed from outside.

Compliance includes the processes for implementing and reporting the company’s adherence to external requirements, including industry, governmental, and voluntary standards. Risk management ties the entire practice area together by helping a company identify its risk tolerance, and then take appropriate measures to mitigate those risks.

GRC software tools streamline and automate the documentation and reporting of corporate governance, risk management, and compliance tasks, and align them with business objectives.

A GRC software tool typically offers:

  • System of record (your “single source of truth”)
  • Policy management
  • Audit management
  • Risk management
  • Automated notifications to stakeholders to perform specific GRC-related tasks
  • Real-time notifications of workflow and audit activity
  • Closed-loop reporting for easy calculation of compliance and risk postures
  • Easy creation and editing of GRC components (controls, objectives, assets, risks, people and more) by non-technical users

When used effectively, GRC software can help Chief Information Security Officers, Chief Security Officers, and Directors of Compliance move past spreadsheets to mature their risk management and compliance programs. This guide will walk you through the steps required to purchase a GRC software tool — from establishing goals, to identifying and comparing vendors, to getting ready for the implementation phase and future success.

To get more information on the GRC purchasing process including, assessment worksheets, vendor evaluation questions and implementation tips, download the full GRC Software Buyer’s Guide now.

ZenGRC v2.4 Release Features New Audit and Evidence Request Dashboards, and More

· ·

Our latest ZenGRC product release continues to deliver improvements designed to simplify the management of your compliance program. New capabilities now available in v2.4 include:

Audit Dashboard

Running audits requires a lot of work. Due to a large amount of evidence and correspondence, audits are difficult to project manage and even more difficult to report on.

We are pleased to announce our new Audit Dashboard that addresses these hardships. Our goal with this dashboard is to enable a compliance team the ability to project manage and report on an audit. It fulfills 3 main functions:

  1. Visibility into Audit Posture: How effective are my controls testing?
  2. Visibility into Audit Progress: How close am I to completing assigned objects?
  3. Project Management capability, based on #2 – Audit Progress

audit dashboard

The new Audit Dashboard allows you to view and manage just a single Audit, or all of your Audits at once. Status graphs are also included to illustrate the percentage of your controls that have been tested to be Effective vs. Ineffective, or Open (not yet tested), as well as help you view and project manage the 3 assignable Audit objects: Requests, Assessments, and Issues.

Requests

The Request object is used to collect evidence. You can easily import a DRL (Document Request List) and use the Request object to collect evidence. The Request object status bars allow you to click and quickly see which evidence requests are in-progress vs. finished (and waiting for verification) vs. overdue.

Assessments

The Assessment object is used to test and conclude upon the effectiveness of controls. You can use the assessment object in lieu of bulky workpaper spreadsheets. Just like Requests, Assessments can be assigned and project managed using the status bars corresponding to their state.

Issues

Issues are also known as gaps or findings within an audit. We’ve added new states to the Issue object to help you better track remediation, as well as added a reminder button on the assessments tab to help you keep track when there is an ineffective assessment without a mapped issue.

Issues

Issues2

Controls Tab

The new Audit dashboard also includes a table of objects for Controls. In the controls tab, you can quickly toggle through to filter the list of controls for Effective vs. Ineffective vs. Open. This allows you to deep dive into the things affecting the effectiveness of a control. If control is overall ineffective, you can quickly click on the issue that was created as a result of the control failing and take action to either delegate the issue or project manage its remediation.

controls tab

Shareable Permalinks

To make the Audit dashboard as useful and collaborative as possible, all filters are saved in the URL (link), which means that you can filter for an audit, and filter for an assignee, and copy/paste that link to your colleague so that they can see what you see.

Evidence Request Dashboard

Evidence Request assignees represent the largest portion of occasional ZenGRC users. Accordingly, we’ve created an Evidence Request dashboard that allows evidence owners to easily sort their assigned requests, without the complexity of audit objects that are irrelevant to their scope of work.

The functionality within the Evidence Request Dashboard mirrors the Audit Dashboard, but is designed specifically for evidence request assignees. Any filters also create permalinks that can be shared and favorited in your browser.

evidence dashboard

Weekly Summary Email

You can now see everything that is on your plate, summarized in 1 weekly email. Your new weekly summary is sent every Monday morning 9AM EST, assuming that there is work assigned to you. You can click the “Complete” button to be sent to your Audit dashboard filtered for requests or assessments assigned to you, or your “My Tasks” page. If there are any overdue items, clicking on the red text will send you to a filtered list of just overdue work.

weekly email

Agile Workflow setup

We’ve made setting up and delegating tasks much easier with an updated workflow to support agile setup. Task groups are now optional. Additionally, objects can now be mapped directly to tasks and tasks can be stored as template tasks for later use if the chosen workflow is a recurring one.

agile workflow

Recurring Evidence Requests

Evidence requests sometimes recur on a frequency. We’ve added new functionality that automatically re-generates a request based on the following frequencies:

  • Never
  • Monthly
  • Quarterly
  • Semi-annually
  • Annually

ZenGRC now works in Safari

ZenGRC now supports the latest release of Safari browser for Mac platforms. This compatibility will apply to future releases of ZenGRC.

For more details around the new features available in ZenGRC v2.4 you can view the release notes or please feel free to contact us with questions.

Get A Demo of ZenGRC

“Competent Compliance” Webinar Recording Now Available, Learn How to Move Beyond Spreadsheets

· ·

Audit Requirements for public companies

Last week, ZenGRC’s resident GRC expert, Aaron Kraus hosted a webinar along with Tim Schmutzler, who heads up the GRC practice at OneGlobe. Titled “Competent Compliance: 3 Ways to Move Beyond Spreadsheets,” Aaron and Tim talked about how to overcome the early hazards of running a compliance program, the pitfalls of Microsoft Excel as a compliance tool, and when and how to move to a cloud-based GRC tool.

Some key highlights from the discussion:

  • Every compliance program will eventually outgrow Excel. While Excel has many strengths, it wasn’t meant to manage compliance initiatives. As your program grows in scope and complexity, your manual, spreadsheet-based system will become unmanageable.
  • You CAN manage your compliance program more efficiently with these three easy steps. Consolidate your compliance controls. Track and communal your compliance ROI. And use a SaaS-based GRC tool.
  • If you’re ready to move from spreadsheets to a GRC tool, start small, get some traction and success and then grow your implementation in stages. And don’t forget to communicate openly and often with everyone involved in your compliance program–management, internal audit, risk owners, control owners, and external auditors.

If you weren’t able to join us for the live webinar, be sure to check out the on-demand recording and download the executive summary.

Join Our Live Webinar – Competent Compliance: 3 Ways to Move Beyond Spreadsheets

· ·

Register for the Competent Compliance webinar

Some companies can get away with using an Excel spreadsheet to track simple compliance requirements. While Microsoft Excel is flexible and powerful, it’s not designed to track compliance initiatives. As organizations mature, companies move away from Excel and towards a compliance software solution. And knowing when you need to make the leap to a more sophisticated compliance management process and comprehensive GRC tools can make a huge difference in terms of audit costs and a pass or fail outcome.

What are the signs that using spreadsheets to track your compliance program has become totally impractical? And how do you know when you’ve outgrown Excel?

Join Aaron Kraus, Head of GRC Services for Reciprocity, and Timothy Schmutzler, Global Practice Director at OneGlobe, as they discuss how to overcome the early hazards of running a compliance program. During the webinar you’ll learn:

  • The pitfalls of Microsoft Excel as a compliance tool
  • When and how companies can move away from managing compliance on Microsoft Excel to a cloud-based software tool
  • 3 best practices to manage compliance

The live webinar will take place on July 28, 2016 at 10am PT/ 1pm ET.

You won’t want to miss the lively discussion chock full of compliance tips and best practices. Register today!

Get your Quick Guide to ZenGRC

· ·

Guide to ZenGRC

Many companies don’t have the time or the budget to properly handle their compliance needs. Traditional compliance software is complex and expensive, but trying to manage compliance with spreadsheets, emails, documents and manual processes is frustrating and inefficient.

Enter ZenGRC, a user-friendly GRC tool designed to help you build a scalable, cost-efficient compliance program with minimal setup time and no hassle. If you’re ready to solve your biggest compliance headaches with an easy-to-use, affordable GRC solution, check out our Quick Guide to ZenGRC and learn how we can help you turn corporate compliance from a cost center into a strategic asset.
Get your Quick Guide to ZenGRC now!