OXIAL IT GRC
OXIAL IT GRC has been designed to provide your organisation a real-time and integrated view of all risks, including IT risks.
The context
Over the past twenty years, Information Technology (IT) has become more and more central to business. IT organisations operate in a complex, vulnerable, and rapidly changing environment. Their mandate spans from managing business critical processes, a multitude of technologies, to operating in a virtual ‘Cloud’ environment. This complexity, together with cost reduction imperatives, has driven many organisations to outsource part of their services, where data, processing, or even the services themselves are managed by a third party.
This distribution of roles, those inter-connections, and the exposure to growing cyber-attacks adds tremendous levels of risk. What used to be manageable by a single person in charge of “security”, may now require 10 different experts. A bottom-up approach whereby individuals manage risks at their level, has unfortunately reached its limits. Whilst the most natural and easy approach, it actually does not guarantee an integrated view and governance of all IT risks. The collection of information is painful and tedious.
Collaboration tools are also often inefficient in identifying new risks or assessing a risk increase and its impact.
Michael Rasmussen, the GRC Pundit, pointed out that “A reactive approach leads to more exposure and vulnerability ”. This results in a negative impact to the business, which in turn can mean higher costs or even public disclosure from the failure. Many organisations have called for IT Consulting firms to help them understand the nature and magnitude of their risks. The outcome is often that IT organisations need to implement a real “IT governance” framework, sustainable, integrated, agile.
IT Risk Management starts with effective governance:
Because IT risks are now business risks, with business consequences, organisations must adapt the way they manage those risks. This is not an “IT Department” contained matter. This requires an effective risk management capability, a common language, a common framework for decisions and controls. Thus, reducing fires to fight, reducing costs, re-focusing on more productive activities such as creating business value.
Specifically, businesses need to take a business risk management centric approach, one that incorporates IT GRC into an integrated, responsive, companywide, GRC system. This puts IT risks alongside other GRC risk factors, allowing decision makers to implement solutions that can tackle any vulnerabilities stemming from the interaction of IT and other GRC risks.
The Solution
That is why OXIAL developed a new version of its “IT GRC” solution, based on years of experience managing IT systems, and collaborating with Information Security Experts, including Cyber Security experts. The OXIAL solution proposes an innovative approach covering the best practices of the industry, and exclusively focused on IT risks & needs, to help Executives and Management make better more informed risk-adjusted decisions. Conscious of the imperatives of costs and Return-on-Investment, our solution can be implemented progressively and constraint-free. It is based on COBIT IT Framework, and it is also COSO compliant.
Specially designed with IT departments and IT services companies in mind, OXIAL IT GRC offers “Risk”, “Audit” and “Control” modules, or “Information Security” modules focused on a IT Governance approach, for either the Financial Services or Insurance Industry. It allows quantitative and qualitative measurement of the risks and their financial impact, thus reducing human errors, fraud, or quality issues.
Key Benefits
OXIAL IT GRC has been designed to provide the following benefits:
• Gives your organisation a real-time and integrated view of all risks, including IT risks.
• Establishes a common taxonomy across the company via the shared libraries of definitions.
• Harmonises IT controls reducing duplication of effort and overheads.
• Measures and quantifies IT risks, informing decisions regarding risk transfer and insurance.
• Provides guidance from end-to-end on how to manage IT-related risks.
• Integrates with the overall risk and compliance structures within the enterprise.
• Realises up to 70% saving in time and effort when using existing tools to address business risks.
• Reduces the control workload by 25% and also the control incidents by up to 70%.
Functional Coverage
• Access registration
• Firewall intrusions
• Capacity planning
• IT production
• Resources Supervision and management
• Control of Suppliers and Service providers
• IT Project Management risks
• Complaints
• Information Security Module (Requires additional module).
• Organisational management (workflows).
• Resources management
• Risk register management
• Risk measurement (qualitative and quantitative)
• Action plan management and follow ups
• Audit Follow up
• Internal and external Audit
• Follow up of Audit recommendations
