For employees, risk management is often experienced as a series of unrelated and cumbersome tasks where the focus becomes the reporting of risks rather than the management of them. Yet effective risk management is the key to ensuring the delivery of any business objectives and with a little investment and some focus, organizations can put together a sound process that communicates the value of risk management and delivers a Return on Investment that is hard to match.
According to Michael Bond—Technical Director at IRIS Intelligence—the keys to deploying a GRC (Governance Risk & Compliance) or RMIS (Risk Management Information System) are “Flexibility, Security and Ease of Use.” In an interview with CIO Applications, he elaborates on those three key themes in ensuring value to clients.
“Flexibility, Security, Ease of Use” – what does that mean in practice?
Flexibility: We think it is important that software comes working out of the box on Day 1 so there is no elongated implementation period, but we tailor the system to specific customer needs in a few minutes. Custom data fields can be added, new report templates created and irrelevant data fields hidden from view—all ensuring the software matches the needs of the organization, not the other way around.
Security: Our system can be delivered on-premise, in the cloud or on a third party hosting site like AWS or Azure. We have used the highest security and encryption techniques available and been approved for use in the most secure environments and on some of the highest profile projects in the world.
Ease of Use: We ensure the system is as simple as possible for each team member, based on their roles and responsibilities. For example, whilst our (actual) rocket scientist customers may want Monte Carlo statistical analysis, these fields are all hidden for “entry level” customers. We only expose the areas of the system that are beneficial for a particular client team. If more sophisticated analysis is required in the future, those additional fields can be exposed and historic data is instantly compatible with the expanded parameters.
What are some of the pain points that IRIS addresses in the GRC landscape?
GRC is too often seen as a chore—something that people want to get out of the way so they can get on with the day job. However, we see the opportunity these initiatives provide. Identifying and mitigating a single risk can pay enormous dividends and almost always covers the cost of an entire initiative.
But not all risks can be eliminated, so how do you decide which ones to focus on and how do you prioritise your activity? IRIS provides simple Return on Investment Calculations to highlight the most impactful mitigation steps.
We also ensure risks can be reported on-screen or exported to PowerPoint, Excel or a reporting suite like PowerBI or Tableau in a single click—reports are generated in seconds so managers spend time managing risks not reporting them.
Primarily the business focuses on the delivery of software to embed best practice processes in an organisation. We are often engaged to help with training and consultancy to ensure that companies “live and breathe” GRC and may be called upon to conduct independent Risk Maturity Assessments. These provide an analysis of the current state of an organisation against a set of industry benchmarks and can be used to quickly develop a remediation program to deliver the required level of maturity. We provide classroom based or e-learning training solutions and recently deployed this to thousands in Latin America.
Please elaborate on your implementation process.
We are able to deploy the system within minutes. The implementation starts with understanding the exact requirement and the extent to which the customer wishes to simply automate an existing process or embed best practice techniques to improve their risk management maturity.
Manage the Future Before it Manages You
How else does the system help?
Automation brings benefits in a wide variety of ways. Audit trails are automatically generated, logging who made changes and when. Change Control can be a nightmare when using Excel. System access can be restricted—users in one team cannot see the items associated with another unless shared access is explicitly provided, for example. Security is always a concern, of course, so we use top of the range encryption techniques and can even restrict access to certain IP addresses if required (to prevent overseas access).
We also make sure that users stay on top of their data—each has a personalised home screen giving them a view of the items and actions they need to deliver and when. Email reminders can be sent out when these actions are due and red flags sent to management if the data is not reviewed regularly.
Over time, the tool becomes even more powerful as a library is built up of the best way to address each risk, an extensive compliance log and knowledge sharing database is built up automatically as the system is used.
How is IRIS Installed?
Our system can be delivered on-premise, in the cloud or on a third-party hosting site like AWS or Azure. We have used the highest level of security and encryption techniques that enables our solution to be used in the most secure environments.
We make sure that the licensing options are as flexible as the system itself – named user or concurrent licenses, On- Premise or SaaS, outright purchase or monthly lease. Our aim is to make sure we fit our customer requirements, rather than them feeling they need to fit in with us.
How does the roadmap for IRIS look like?
We shall soon expand into new markets. The software is easily configurable to be deployed in a new language in a few hours. We have already rolled out our systems for clients who work in Spanish and Brazilian Portuguese and will be adding more languages shortly. Our partner network is expanding, helping us refine the translations and develop localised marketing materials.
Our roadmap also includes expansion of the product line. An exciting system based on systematic innovation has just been released, which will help companies leverage the power of ideas within their organization. The compliance environment will continue to evolve as GDPR beds in, Brexit takes shape and so on.
IRIS will continue to develop more features for products based on customers’ feedback. We also want to ensure that the systems are easy-to-use. Providing complex capabilities whilst ensuring simplicity is the goal. Alongside these capabilities, we also intend to leverage Machine Learning and AI to capture data from IoT and enable our clients to truly “Manage Tomorrow Today.”