digital risk managing risk in the digital age...portfolio management demand management ←integrated...

DIGITAL RISKMANAGING RISK IN THE DIGITAL AGE

Michiel JornaMarch 2017

© 2017 Software AG. All rights reserved. For internal use only

2 |

DIGITAL AGE

© 2017 Software AG. All rights reserved. For internal use only

REAL-TIME & CUSTOMER-CENTRIC

Age of manufacturing

Mass manufacturing makes industrial

powerhouses successful.

Age of distribution

Global connections and transportation systems make distribution key

Age of information

Connected PCs and supply chains. Dominate by

controlling the information flow

Age of the customer

Empowered buyers demand a new level of

customer obsession

1900 1960 1990 2010

3 | © 2017 Software AG. All rights reserved. For internal use only

“Digitization is creating New andHigher levels of Risk.

In fact, the Digital World is creating New types of Risk.”

Source: Gartner

©2017 Software AG. All rights reserved. For internal use only4 |

Opportunities Risks?+ -

Digital Age: Real-Time & Customer-centric

5 |

INDUSTRY TRENDS

© 2015 Software AG. All rights reserved. For internal use only

BUSINESS & TECHNOLOGY

Digital Risk1

Big data / Real-time analytics

3 Growing investments in GRC Technology

4

Shift Compliance toBusiness Performance

2DIGITAL RISK IS EMERGING THAT UNDOUBTEDLY WILL DISRUPT THE CURRENT MARKETPLACE.

GRC WILL CONTINUE TO BE LESS ABOUT COMPLIANCE AND MORE ABOUT BUSINESS PERFORMANCE

IF EFFECTIVELY HARNESSED, THIS TREASURE TROVE OF GRC INTELLIGENCE CAN ENABLE ORGANIZATIONS TO ANTICIPATE AND MITIGATE EMERGING RISKS BEFORE THEY OCCUR.

RISK MANAGEMENT INVESTMENTS ARE PRIORITIZED OVER OTHER TECHNOLOGY INITIATIVES — SUCH AS BUSINESS INTELLIGENCE, ANALYTICS, MOBILE AND CLOUD COMPUTING

6 |

DIGITALIZATION OF RISK

Manual Automated

Reactive Proactive

Retrospective Predictive

Financial Control Integrated business control

© 2016 Software AG. All rights reserved.

7 | © 2015 Software AG. All rights reserved. For internal use only

8 |

Monitor business performance

Analyze bottlenecks

Approve change requests

Maintain Regulatorychanges

GOVERNANCE

Collaborate

Design& Analyze Dashboarding

MaintainRisk repository

Consume

Assessments

DIGITAL RISK

© 2016 Software AG. All rights reserved.

BREAKTHROUGH SILO-BASED WORKING & NICHE TOOLS

Mobile devices in the Digital decade

Internal Audit

External Audit

Internal Control

Other roles:

DesignAnalyzeImproveShareProcess &

EA Worker

Detect regular changes UpdateDiscuss changes with LoBLegal Risk

Detect risksEvaluateAdvise LoBMonitor

LoB

9 |

WE NEED TO SHIFT THE RISK PARADIGM

Impa

ct

Val

ue

Likelihood Appetite

Low Risk

High Risk

Bad Risk

Good Risk

From High or Low Risk To Good or Bad Risk

© 2016 Software AG. All rights reserved.

10 |

Run the business

CustomerSatisfaction

OBJECTIVES VS RISKSBALANCING PERFORMANCE & RISK MANAGEMENT

Protect the business

Business Processes asthe Common

Ground

VISION, BUSINESS STRATEGY, CRITICAL SUCCESS FACTORS,

OBJECTIVES, KPIs

ImproveBusiness Performance

Real-TimeRisk Visibility

Costs

Times

Quality

Quantity

Risks

Business Continuity

Reliability

Sustainability

Corporate SocialResponsibility

© 2015 Software AG. All rights reserved.

11 |

WHAT GOOD LOOKS LIKE

© 2015 Software AG. All rights reserved.

12 |

DIGITAL RISK PLATFORM

© 2017 Software AG. All rights reserved. For internal use only

Business Model / Strategies Analysis & Simulation

Business Capabilities Regulatory Requirements

control tests / audits

risk assessments

regulatory change reviews

action tracking

Business Process Design Risk & Control Framework

GovernancePublication & CollaborationDocument Management

←integrated

→

←integrated

→

IT Risk Management

Survey Management

Policy Management

Regulatory Change Management

(Enterprise) Risk Management

Loss Management

Compliance ManagementInternal Audit Management

Issue Management

Incident Management

IT Compliance Management

Threat & Vulnerability Management

Project Risk Management

Business Continuity Management

Process PerformanceManagement

Portfolio Management

Demand Management

←integrated→

Visual Analysis

Continuous Monitoring

GRC

BPA

Total surveillance

Real-time analytics

Fraud / pattern detectionAPAMA ARISPPM←integrated→

←integrated

→ARIS

ARIS

ALFABET

←integrated

→

ARISAWARE

13 |

STEP BY STEP APPROACH

© 2015 Software AG. All rights reserved.

GET THE FOUNDATION. GET IT MANAGED. GET IT OPTIMIZED

Ad hocbusiness control

Business control with improvement areas

Design effective business control(Best Practices)

Operating effective business control (compliancy based)

Continuous monitoring integrated in performance management and continuous stakeholder dialog

Effe

ctiv

enes

s of

‘in

cont

rol’

Proactive (Strategyexecution)

M1

M2

M3

M4

M5

Initial Informal Standardized

Reactive

Managed Optimised

Foundation Managed Optimised

BPA

ARISGRC

ARIS ARISAWARE

ARISPPM

APAMA

16 | © 2017 Software AG. All rights reserved. For internal use only

RECENT PLATFORM WINS WITH PARTNERS Towards Continuous

Assurance powered by

17 | © 2015 Software AG. All rights reserved. For internal use only

Michiel JornaGlobal Industry Director –

BPA & GRC Solutions

@mc_jorna

michiel.jorna@softwareag.com