Going Beyond FinancialsBy Michael Higgins | Posted 2010-10-15 Email Print
A governance, risk and compliance solution is helping RadiSys manage financial, operational and IT processes more cost-effectively.
Going Beyond Financials
The benefits of GRC extend beyond financials. Since 2004, our IT department has used the Governance Portal to support requirements related to the COBIT (Control Objectives for Information and Related Technology) framework and easily map out IT control processes.
The growth of our international operations required us to scale up our efforts to communicate with and educate our employees about proper foreign practices and our code of conduct. The Governance Portal allows us to store documentation related to foreign practices and our code of conduct online so that our entire organization has a single, up-to-date version to draw on for reference, training and review. Furthermore, with the addition of the Assessment Management module, I can distribute periodic surveys to key stakeholders across the globe to assess their adherence to corporate policies.
I also plan to present the Assessment Management module to our human resources and marketing departments for survey deployment.
For most of the past year, I have used the workflow feature to assign and mass-distribute tasks to a population of users who serve as peer testers. In most cases, they are control owners in other areas of the business. These tasks automatically appear on a dashboard, making them easy to track and complete.
For the 302 certification, I eliminated the need for time-consuming (sometimes daily) manual follow-ups to ensure that surveys are completed. I also save vast amounts of time each quarter because I don’t have to manually set up all the subcertification surveys for five different processes.
Others in our company can benefit as well. Our process owners appreciate the fact that they don’t have to be experts in all layers of the application. The dashboard is very user-friendly and makes it easy for workers to see their action items, access the tests they need to complete, see what controls need permission and identify what processes they need to update.
Employees can go into the Governance Portal, easily respond to action items, work on a task for a while, save what they have done and then go back to it later. They can also upload attachments to the system, such as process narratives and flow charts. This provides a single repository for process documentation and policies.
Our outside auditor also benefits from our surveys and the reporting capabilities that provide access to the needed data. In fact, our outside auditor recently underwent an internal review of our processes. When the reviewers examined the RadiSys audit documents, they noted that we had one of the best subcertification programs they had seen.
But what they saw was actually based on many manual processes. With the Protiviti 302 solution in place, we believe they will be even more impressed with the quality of our subcertification reports, as well as with the reports and summaries we will be able to provide based on the results of our quarterly control self-assessment.
The entire organization will benefit from the strong profile security built into the Governance Portal. It allows us to limit users’ access to their areas of responsibility, whether that is a location, process or individual control.
Restricted access was also vital when we added our statutory documentation to the Governance Portal, which lets us limit access to the appropriate regional controller and global tax director. A vital component of the security implementation is that it is easy to update profiles as our people and organizational structure change.