Risk is changing. Headlines are littered with high profile risk-related issues that plague organizations. Boards, executives, regulators, auditors and shareholders demand more visibility into and assurance that the risk and compliance programs are operating effectively. This scrutiny is moving downstream to smaller enterprises, making risk management a pervasive issue for organizations of all sizes, in all industries. Risk is a multi-dimensional problem and it continues to become more and more complex.
The future of risk and compliance requires everyone to own risk. Everyone within your organization must act as “risk managers” within their own role.
According to the 2014 Gartner CEO and Senior Executive Survey, research found that when executive management ‘perceive(s) that risk is lower…they are prepared to invest in longer-term growth.” In other words, for organizations to take advantage of opportunities and drive growth, CEOs must be confident in the organization’s ability to address emerging and known risks to achieve positive outcomes. While the appetite is currently much more inclined to focus energy on taking good risks for their business, organizations still can struggle in building that required assurance to exploit opportunities.
Vendor management is a critical factor for successful outsourcing, yet many organizations do not currently have adequate tools and processes to manage their vendor portfolios. It is this issue specifically that leads to mistrust amongst third party relationships. As seen with many recent cyber-attacks, third parties are increasingly a vector of attack organizations must address.
What if you could eliminate the risk of surprises cropping up in your third party relationships? What if you could more effectively prioritize resources to manage third parties, recapturing time and resources to devote to more important things? This is exactly what the RSA Archer Third Party Risk and Performance Management solution is all about.
Internal auditors have an essential need for independence – it is a requirement for the profession. Alongside this independence, there is a growing and sometimes competing priority for Internal Audit to partner with management. This strategic direction has forced a discussion with audit, risk and compliance teams around the world to evaluate how Internal Audit can work together toward common goals, leverage resources and better influence and impact business performance. To address these challenges, we’ve designed RSA Archer Audit Management to help better align audit approaches within the organization.
What we’ve been hearing from many internal auditors is that existing processes don’t allow for a holistic approach to auditing. Today’s tools fail to capture analysis by other risk and control groups, and using multiple systems often makes it difficult to distill information into meaningful data for audit teams. Additionally, the lack of visibility into findings generated by other governance teams makes it difficult and time-consuming for Internal Audit to track the status of those findings and assure that remediation efforts are underway.
RSA Archer Audit Management helps address those needs by putting the audit team in control of the complete audit lifecycle, enabling improved governance of audit-related activities, while also providing integration with risk and control functions.
Some of the features I am most excited about include:
Audit Entity Risk Assessment – Designed to help to define a universe of auditable entities, perform audit entity risk assessments and compare results to assessments conducted by other operational risk management groups within the organization. The Audit team can dynamically capture and incorporate these changing risks into its audit engagement planning.
Enhanced Resource Scheduling and Staffing — Drag and drop capabilities allow quick assignment and management of audit teams. With new Gantt team schedules, managers can quickly find qualified and available audit staff for your engagements.
Offline Audit Access — Multiple audit team members can work simultaneously on the same engagements and workpapers while offline and in different locations. They can plan, test, generate findings and remediation plans, review work and create audit reports just as if they were online.
The latest RSA Archer Audit Management solution is engineered to allow organizations to quickly adjust audit plans and engagements based on a dynamic view of risk. Very simply, it helps auditors do more with less by streamlining the process and allowing teams focus on the most pressing issues and business challenges.
By doing all of this, we truly believe RSA Archer Audit Management can help make strong partnerships with business managers a reality, while still maintaining the independence and integrity that internal auditors require.
This week, Gartner, Inc. released the 2013 Gartner Enterprise Governance, Risk and Compliance Magic Quadrant (MQ) and positioned EMC–RSA, as a Leader in Risk and Compliance Management for the second year in a row. EMC-RSA has also received a Strong Positive, the highest rating possible, in the Gartner 2013 MarketScope for IT Governance, Risk and Compliance Management (1) and was positioned in the Leaders quadrant of the 2013 Magic Quadrant for Business Continuity Management Platforms. (2)
The opinions and interests expressed on EMC employee blogs are the employees' own and do not necessarily represent EMC's positions, strategies or views. EMC makes no representation or warranties about employee blogs or the accuracy or reliability of such blogs. When you access employee blogs, even though they may contain the EMC logo and content regarding EMC products and services, employee blogs are independent of EMC and EMC does not control their content or operation. In addition, a link to a blog does not mean that EMC endorses that blog or has responsibility for its content or use.