Collaboration is Key for GRC Success

An interesting study on the current state of Governance, Risk Management & Compliance (“GRC”) programs has just been released and the results are quite revealing. Entitled “The Role of Governance, Risk Management & Compliance in Organizations”, the study was conducted independently by the Ponemon Institute for EMC.  The study covered four primary domains – IT GRC, Operations GRC, Finance GRC and Legal GRC – and surveyed 190 GRC practitioners across the United States.

One of the primary findings was the fact that organizations are still limited by their ability to collaborate and communicate risk information across the enterprise. Part of the problem lies in the lack of a comprehensive strategy to improve collaboration. Beyond the lack of a strategy, organizations are also limited by their technological support of GRC programs. Here’s what the Ponemon Institute surmised.

We believe this study reveals the importance of an enterprise-wide strategy and increased collaboration among domains to meeting eGRC objectives. Currently, only 20 percent have an enterprise-wide strategy and collaboration among GRC areas is far from perfect. Only 28 percent of respondents say their organizations enjoy frequent collaboration or cooperation among GRC areas. However, the good news is that only 12 percent say GRC areas operate in silos in their organizations.

In order to address the barriers related to collaboration, it has been recommended that organizations make it a priority to encourage people from the various lines of business to talk together and establish “risk ambassadors”. The need to gain visibility and control through effective cross-enterprise eGRC collaboration is important to reducing gaps in how risk is assessed and managed.

Finally, according to respondents, managing risk is and will continue to be the biggest eGRC focus for their organizations. This is understandable because organizations are finding that the cost of complying with the plethora of regulations can be daunting. Taking a risk-based approach toward compliance requirements enables them to focus their resources on the most at-risk areas of their business and achieve real value from their eGRC activities.

Building the right processes, involving the right people and utilizing the right technology are all key to achieving the sort of value that GRC programs should provide. Wheelhouse Advisors is uniquely qualified to bring these key elements together for your organization. Email us at to learn more.


Wheelhouse Announces New Strategic Alliance

Wheelhouse Advisors and Xactium are pleased to announce their new strategic alliance for the implementation of Xactium’s Governance, Risk and Compliance applications.

Wheelhouse, a professional services firm specializing in Enterprise Risk Management & Control will be Xactium’s first US-based partner, operating in Atlanta, Georgia.

John A Wheeler, founder and Managing Principal of Wheelhouse Advisors brings over twenty years of strategic, operations and risk management professional to the firm. Prior to founding his company, John served as a Senior Vice President within the Corporate Risk Management division at a major U.S financial services company.

Dr. Andy Evans, Managing Director of Xactium, said: “This is a great opportunity for collaboration and signals the widening interest in our GRC Suite. Working with Wheelhouse will enable us to extend our reach to American markets and reinforce our position as a leading cloud risk solution provider. ”

John added: “We recognise the power of Xactium’s cloud-based solutions to provide clients with a complete, robust solution in a time frame they want. We look forward to extending our level of customer support with our new implementation services.”

The partnership follows a period of growth from Xactium, whose customer numbers have more than doubled in the last year. The potential for a future Xactium North America division will also be considered.

About Xactium: Xactium is a leading cloud-computing software company specialising in Governance, Risk and Compliance (GRC) solutions. Xactium helps customers efficiently and effectively access and manage risk and compliance activities without the need for complex, expensive risk software. Recent significant business wins include insurance brokers Jardine Lloyd Thompson; insurance and reinsurance group, RiverStone Europe; and Scottish water retailer, Business Stream.

About Wheelhouse Advisors: Founded in 2007, Wheelhouse Advisors serves corporate clients across the United States with the implementation and continuous improvement of their Enterprise Risk Management (“ERM”) programs. Their service offerings include: Bespoke Enterprise Risk Assessment, Independent Risk & Control Program Analysis, Financial Process Compliance; and Governance, Risk & Compliance Automation.

The Path to ERM Success

The path to success in implementing an Enterprise Risk Management (”ERM”) program can be found in greater integration and better technology – that’s according to a recent survey presented at the 2011 Risk and Insurance Management Society (”RIMS”) Conference in Vancouver, British Columbia. Entitled “Excellence in Risk Management VIII”, this is an annual independent survey of executives conducted for RIMS by Marsh. The most common focus area noted in the survey is a desire to strengthen enterprise or strategic risk management approaches. While more than half of the survey respondents indicated this desire, a majority saw the primary barrier to achieving this goal was a lack of understanding of the risk landscape across numerous silos of information.

As a result, 55% of the respondents expect to integrate risk management deeper into and across operations and 54% of respondents expect to perform day-to-day risk management activities more efficiently. To meet these expectations, organizations will need to improve the way they gather and report risk data through more cost-effective technology. The survey report supports this notion through the following observation. “It’s worth noting to risk managers that their counterparts in the C-suite were the most likely to view technology upgrades as a focus area. This should help pave the way for technology that can ease the time spent on mundane tasks and open the door to developing the deeper integration of risk management with other departments.”

Source: Risk & Insurance Management Society, Excellence in Risk Management VIII

Maximize Your GRC Technology Investment

As we move into a new year, more companies are looking to integrate their risk management initiatives to simplify and streamline how they address risk and compliance activities.  In a recent article by Forrester Research, analyst Chris McClean discusses how Governance, Risk and Compliance (“GRC”) software solutions can help companies in their pursuit of integration.  Here are the three primary benefits that companies have realized from their investment in technology.

1. Greater process efficiency — Compliance requirements continue to swell, and the risk landscape is getting more complex. Above all else, customers cited process automation as the core value of their GRC platform implementations. Workflow management capabilities help keep everyone on task, and centralized content management and reporting reduce the need to jump back and forth between different systems. In addition, ongoing improvements in automated controls and control-testing functionality generate even greater efficiency gains. The manager of corporate compliance for a large pharmaceutical company told Forrester: “Managing all GRC initiatives in one platform saves time, resources and money. The ability to build a solid foundation for our compliance program in a relatively short time frame allows us to focus on the acute compliance issues facing our industry.”

2. Convergence of GRC efforts — As well as increasing efficiency, converging the various efforts relevant to governance, risk and compliance fosters cooperation between business functions and improves overall GRC insight. Comparing exposure across different categories of risk or using risk assessments to generate audit scopes are just two examples of GRC convergence benefits. An operational risk management director for a large financial services company said that one of the biggest benefits of implementing a GRC platform was the ability to “integrate the risk disciplines, including internal audit, ORM [operational risk management], SOX and compliance.”

3. Consistency of processes and methodologies — Getting different functions to work with each other is one thing, but getting them to use the same processes and methodologies is much harder. GRC platforms allow organizations to create standard templates for documenting and assessing risks, controls, incidents and other elements of GRC. Consistency also leads to convergence and efficiency and is often an initial driver for the development of a GRC program. The director of risk and compliance for a top high-tech company succinctly explained to Forrester that one of the most important values of GRC technology was the creation of a “consistent way to manage compliance, operational and ERM [enterprise risk management] projects.” Pay close attention to this aspect of GRC value. As risk and compliance become more complex, consistency will quickly become a necessity.

Wheelhouse Advisors can help your company identify the right technology solution and implement a program that will maximize the benefit of your technology investment.  Visit to learn more.

Enabling Cost-Effective ERM with GRC Software

Governance, Risk & Compliance (“GRC”) software has become a hot topic in the world of risk management over the past several years.  Many business people often ask what is GRC software and what is its purpose?  GRC software is akin to Enterprise Resource Planning (“ERP”) software in that it is intended to provide a single repository for disparate information in order to enable better analysis and decision making.  However, while ERP software is focused on integrating financial and operations management activities, GRC software is focused primarily on integrating risk management activities.  An article in the September 2009 issue of Insurance Networking News provides additional insight into the evolution of GRC software and its usefulness in the aftermath of the recent financial meltdown.

Much as the Greek goddess Athena emerged from the forehead of Zeus, the marketplace for governance, risk and compliance (GRC) software was birthed in an epic headache. The accounting scandals and subsequent bankruptcies of Enron and WorldCom prompted the creation of the Sarbanes-Oxley Act (SOX) and GRC software soon emerged to help companies comply with the regulations.

“If you look at the genesis of the GRC market, it was brought on by the passage of SOX in 2002,” says Tom Eid, VP research, at Stamford, Conn.-based Gartner Inc. “The first GRC solutions emerged in 2004, and at that point the focus was really on the finance and audit function.”

Five years and one credit crisis later, the risk management component of GRC seems poised for a similar boom. While no legislation has yet passed as a direct result of the financial services meltdown, few expect this to persist for too much longer. Bills intended to rewrite the regulation of financial services in general, and insurance in particular, are winding through both houses of Congress. Leaving aside the diverging opinions on the merits of the bills, a broad consensus exists that more regulations-and a larger emphasis on risk management by regulators-are inevitable.

“The administration continues to make the case that they need some sort of consolidated oversight over insurance and financial services at the federal level,” says Gary Bhojwani, president & CEO of Minneapolis-based Allianz Life. “They are talking about true regulatory oversight, whether they get it is a whole other discussion.” While the industry awaits development in Washington, rules propagated by standards bodies such as the Financial Accounting Standards Board are already being enacted, and rating agencies are putting a renewed emphasis on risk.

With so many different regulatory bodies and agencies placing new demands on businesses as well as the ever-increasing complexity of business transactions, the need to integrate risk management activities in a cost-effective manner is very real.  Wheelhouse Advisors is equipped to help companies build enterprise risk management programs and implement GRC software to enable the integration.  To learn more, visit

Cost-effective Solution

Keys to Success

A recent article at highlights the keys to a successful implementation of technology in support of an Enterprise Risk Management or Governance, Risk & Compliance (“GRC”) program.  While the keys to success are fairly straightforward, it is surprising how many companies fail to address them prior to selecting a technology solution.   The keys to success are:

  1. Define what ERM or GRC means to your organization.
  2. Survey your organization’s regulatory and compliance landscape.
  3. Determine the most logical entry point and develop a phased approach.
  4. Establish a clear business case, considering both short-term and long-term value.
  5. Determine how success will be measured. 

Interestingly, the author of the article is a representative of one of the major GRC technology vendors.  While some vendors may want companies to rush to a purchase decision, this author agrees it is critical for companies to gain this perspective prior to evaluating solutions.  He states,

“With these steps complete, you will be in a much stronger position to qualify vendors and solutions and to determine the best fit for your organization, based on a well-defined project scope and equally well-defined business requirements and associated benefits.”

Wheelhouse Advisors can provide an independent viewpoint and work with your company to achieve the keys to success.  Visit to learn more.

GRC Software Swamp

When you think of a swamp, what comes to mind?  Murky, squishy, and difficult to find your way through? Well, the same can be said for today’s Governance, Risk & Compliance (“GRC”) software marketplace.  There are many vendors crowding the market with all sorts of products that address various components of GRC. However, it is extremely difficult for companies to determine what software may be best suited for their processes and environment.  That’s because the software market and the products themselves are evolving continuously.  

Wheelhouse Advisors can help you determine not only your requirements, but also the solutions that are best suited for your company.  It starts with gaining a solid understanding of your GRC process design and overall vision for the desired end state.  With that in hand, Wheelhouse Advisors can then work to help you successfully navigate through the swamp to find a software product that will enable your program to reach its fullest potential.  

Visit to learn more about how we can help your company Navigate Successfully™.