Risk, Compliance and Fraud Management
Software Warning
Posted: 5th April 2008
“Danger of procuring incomplete governance, risk and compliance software because it seems easy exists.”, Stephen Hall, CEO of GRC&F company InfoGov said today.
This usually occurs because the human interface appears simple and acceptable. Then, months later it becomes clear that the software cannot actually do all that is required to help minimise risks, and attain and evidence compliance. Major enterprises should be able to apply governance, risk and compliance software across the key through-life-processes of concept evolution, R&D, simulation and modelling, ‘main gate’ funding acquisition, design, programme management, introduction to service, operations, maintenance and logistics, and of course disposal. That single software application should be able to encompass all of these processes, link them from a governance, risk and compliance perspective - and integrate with any other data source including today’s leading management information solutions.
“It is really good that markets are looking in depth at governance, risk and compliance software. But it is vital that a complete approach is taken. Firstly, this should include all staff who, after all have the knowledge and wherewithall to act to reduce risk. Secondly, the evolving state of the main processes and how they are linked to people and other assets should be considered. And thirdly, multi-functional software that has the capability to involve all is vital. If the outcome of all of this does not provide reports at the press of a button then you have the wrong software!”, says Stephen.
“All of this requires analysis, planning, action, continuous knowledge, information, performance and compliance audits - instant reporting, evidencing of compliance – and the shared risk environment to embrace all. Also, in Defence markets in particular, risk software, compliance software, governance software, fraud software and audit software should be applied from one box to CADMID. All of this capability exists within Proteus EnterpriseTM. It is not about simplicity. It is about single-suite risk and compliance software applied through life to enable enterprises to achieve their aims. ”, he added
Proteus EnterpriseTM enables electronic compliance, risk, information and knowledge audits, remediation, action planning, incident management, business impact analysis, business continuity and asset management. It also enables risk assessment, policy management, and risk and compliance management reporting in one total solution - web based. Compliance with data management policy - and any other generic or bespoke standards such as COBIT, '27002, '25999, COSO, DPA, NIST PCI, SOX, SOGP, FFIEC, BSA, HIPAA FEMA 426, C-TPAT, SB 1386 and GLBA is evidenced through Proteus.
This world-leading GRC&F utility in Proteus Enterprise™, developed by InfoGov, automates governance, risk and compliance, fraud, crisis, identity and data management, and enables defence and protection against data breaches across any type of business line in one web-based tool.
But how do you ensure compliance with a multiplicity of data management regulations, including risk mitigation in one solution? Our unique approach brings together and links controls, compliance, business impact, risk analysis, documentation and incident management into one total solution. Proteus RiskView™ provides a powerful business intelligence ‘dashboard’ and reporting capability allowing real time visibility of risks at Board level via the web.