By Rob Starr, Content Manager, Big4.com
Innovation is one of the keys for successful enterprises and solving real-world governance, risk and compliance (GRC) challenges are just one of the issues modern business faces daily. Helping today’s enterprise cope with the ever-changing GRC landscape was the topic of conversation when Big4.com spoke with Scott Wisniewski, Managing Director of Risk Technology Solutions for Protiviti about his company’s latest solution, the Protiviti Governance Portal 4.0.
Wisniewski started the discussion by talking about one of the major focuses this latest version of the portal is moving in.
“One of the key values that the GRC packages have to promote is enterprise accountability,” he said referring to simplified functionality, which is one of the goals the Protiviti Governance Portal 4.0. strives for. “The thing is if it’s not useable, the thing never really achieves its promise because no one can interact with it and get into it.”
Central GRC Efforts
He added that one of the key focuses has been making the portal more graphically usable with, among other benefits, the ability to centralize GRC efforts across multiple domains. Wisniewski also mentioned there were several different ways to implement the necessary features.
“There’s usability for the project team that has to do a lot of stuff in the system and then there’s usability for real end users (business users) who might be coming in periodically to provide some inputs into it.”
He went on to say that what Protiviti had done from a “power user” perspective was install some of the latest navigational tools that will help business users to get to any point without multiple clicks. Wisniewski also mentioned that much of the drill down was eliminated and that information was readily available from single, simple to use areas. Icons that made the entire system more user friendly were also added that complemented Protiviti’s overall goal.
Wizard Driven Interfaces
“If you can give the business user a series of wizard driven interfaces that lead them through a series of things they have to provide, without having to understand all of the underlying complexity, then you start getting really good feedback while empowering your business people to provide that feedback in intuitive an format,” he said.
He also stresses the new Protiviti Governance Portal 4.0 takes into account that GRC needs to look at several different functions.
“There are multiple different types of projects that teams need to execute within a GRC context. The most common project is execution of audits against risks and controls documented in the GRC register. You might also need to execute different types of project such as an investigation related to a fraud, or a regulatory project related to regulatory change, or an IT project related to an IT directive” he said noting there were a variety of other projects and assessments as well as work flow capabilities. He added one of the benefits to be derived comes from the fact that GRC is broken down into capabilities that span whatever business needs to do.
“What we do is mash those capabilities together into solutions,” he said. He finished up by talking a bit about the overall philosophy behind the Protiviti Governance Portal 4.0. and what Protiviti was trying to accomplish in the market.
“I think the key to what we’re trying to do really two-fold. Number one we feel that different ways of communicating with business are critical to GRC, and we follow the motto of ‘What gets tracked gets done,’ he said adding that the second important point was about taking divergent input to form a central hub and consolidation to promote convergent GRC.