- French Caldwell, MetricStream
- Mike Rost, MetricStream
- Vasant Balasubramanian, MetricStream
- Andre Da Silva, NBN Co Ltd.
- Christ Desjardins, Ecom Trading
- Louis Lerman, International Monetary Fund
- BG Naran, MDC
- Frank Santora, Hudson City Savings Bank
- Teri L. Toth, U.S. Pharmacopeial Convention
- +1 Anonymous Contributor
- Significant resources are required for an organization to leverage solutions to manage governance, risk, and compliance information. However, these efforts to manage the GRC solution are still often less than the efforts required for ad hoc and retroactive management.
- GRC solutions can seem overwhelming, and for good reason, as they enable the management of a broad range of operations from risk management to financial controls management.
- Depending on your organization size, compliance requirements, and budget, GRC will be an investment. Ensuring your team understands roles and responsibilities prior to implementation will help ease the transition into using this new tool.
- A complete GRC solution is not always required: Everyone needs a firewall, but not a GRC solution. GRC can be a costly investment (i.e. in terms of money, time, and resources). If necessary, affordable alternatives are available.
- A GRC solution is one part of the bigger picture: A GRC solution today is for managing GRC, and will not work without proper controls and processes already in place.
- Be strategic when deploying modules: Initiate a phased roll-out of modules rather than all of them at once. Focus on your highest priority needs, then gradually introduce new components to prevent boiling the ocean.
Impact and Result
- Short-term: Evaluate the players in the GRC marketspace to select the right solution based on your requirements. Avoid common implementation pitfalls and plan for effective system operations and management once your contract has been negotiated and finalized.
- Long-term: Increase operational efficiency by providing visibility to improve your GRC controls. Leverage these management solutions to reduce manual data manipulation, thus increasing automation, allowing users to focus on primary jobs.
Start here – read the Executive Brief
Read our concise Executive Brief to find out why you should implement a GRC solution, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.
1. Launch the GRC selection project
Assess the value and identify the organization’s fit for a GRC solution, and structure the GRC selection project.
2. Select a GRC solution
Investigate the vendor landscape, produce a vendor shortlist, draft and evaluate RFPs, and conduct vendor demonstrations to select the right GRC solution.
3. Plan the GRC implementation
Plan the GRC implementation and measure the value of the GRC solution.
This guided implementation is a seven call advisory process.
Guided Implementation #1 - Launch the GRC selection project
Call #1 - Identify organizational fit for the GRC solution and create the project plan.
Call #2 - Identify the most appropriate use case.
Guided Implementation #2 - Select a GRC solution
Call #1 - Understand the GRC vendor landscape.
Call #2 - Shortlist the vendors and create an RFP.
Call #3 - Score RFP responses and review contracts.
Guided Implementation #3 - Plan the GRC Implementation
Call #1 - Plan the implementation.
Call #2 - Finalize success metrics.
Book Your Workshop
Onsite workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost onsite delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Module 1: Launch the GRC Project
- Understand the GRC marketspace.
- Plan the GRC procurement process.
- Identify the use case scenarios that align with your GRC requirements.
- Determine baseline metrics to evaluate the solution’s effectiveness.
Key Benefits Achieved
- Be aware of the options existing and where the market is going with respect to GRC solutions.
- A formally documented procurement process will keep the process on track as individuals are aware of roles, responsibilities, deadlines, etc.
- Focus on the use case scenario that applies to your organization.
- Assess your GRC solution based on concrete metrics that matter.
Discuss the current GRC market.
- Realistic perspective of the GRC marketspace.
Determine if a GRC solution is right for you.
- Aspects that require a fully implemented GRC module.
Develop the GRC Procurement Charter.
- Formalized procurement process.
Identify your best-fit use-case scenario.
- The most appropriate use-case scenario to structure your evaluation around.
Brainstorm baseline metrics and target goals to gauge the solution’s effectiveness.
- Set of metrics to track the effectiveness of the solution.
Module 2: Plan Your Procurement and Implementation Process
- Review the vendor profiles to understand strengths, weaknesses, and challenges.
- Customize the RFP to submit to vendors.
- Ensure vendor demos focus on the features you care about, rather than simply highlighting their strengths.
- Learn from best practices to streamline the implementation process and leverage all available resources to get started.
Key Benefits Achieved
- Select a solution that meets your requirements and fulfills your specific needs. What’s best for one organization isn’t necessarily best for everyone.
- Save time developing the RFP to share the statement of work, scope of work, requirements, budget & estimated pricing, etc.
- Realistic view of the products performing relevant tasks.
- Simplified and efficient implementation plans.
Analyze the vendor landscape.
- Detailed understanding of the vendor landscape.
Create a custom vendor shortlist.
- Narrowed down list of suitable solutions.
Develop Request for Proposal (RFP).
- Completed and reviewed RFP document.
Standardize a Vendor Demo Script.
- Fairly evaluated vendor demos.
Plan the implementation, including building, testing, and rolling it out.
- Best practices regarding GRC implementation.