CSO - Does governance, risk and compliance (GRC) really pay off? It's a valid question for any organization that's looking to formulate a corporate strategy and implement software for managing GRC.
Leaders at financial services company Fiserv say the answer for their organization is an emphatic "yes," citing a number of concrete benefits. Let's dig into the details of their GRC business case.
In this Fiserv GRC case study:
Fiserv was founded in 1984 and currently has about 19,000 employees operating out of some 200 locations worldwide.
Fiserv is a global provider of information management and electronic commerce systems for the financial services industry, and offers integrated technology and services for clients. It provides technology solutions in five areas: payments, processing services, risk and compliance, customer and channel management, and transforming data into actionable business insights.
The company has more than 16,000 clients worldwide, including banks, credit unions, mortgage lenders and leasing companies, brokerage and investment firms, and other businesses. Fiserv helps these clients address challenges such as attracting and retaining customers, preventing fraud and meeting regulatory requirements.
[Also read 12 tips for implementing GRC]
In 2008, Fiserv decided to embrace a formal GRC strategy "because it was the best way to manage through a thicket of simultaneously occurring changes in our business and regulatory environment," says Murray Walton, senior vice president and chief risk officer.
The company's business strategy has evolved in recent years from a holding company to an integrated operating model, creating greater complexity in the organization and the solutions it provides to clients, Walton says.
"The external environment has also changed, and today we face more government regulation and non-government standards, such as [PCI DSS]," Walton says.
"Navigating all these challenges at the same time required a much more structured approach to governance, risk and compliance than our previous spreadsheet-driven methods."
Before deploying Agiliance's GRC software, called RiskVision, "I would have characterized our environment as diversity on steroids," Walton says. "We had diversity of understanding about what risk assessment and monitoring means. We had diversity of understanding about what was required or expected, and diversity of methods and practices. As a result, we had an absolutely enormous challenge to try to develop a picture of our enterprise risk and enterprise compliance."
There was no common understanding or vocabulary or process related to risk, Walton says. "The good news is that, with enough effort, we were able to manage risk, but there was a challenge of being able to document that to our board of directors or regulators, and to look beyond the horizon. All of a sudden, our diversity had become a risk itself."
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts