What is in your 2014 Budget? It is that time of year when organizations are putting together plans for next year. Undoubtedly, what ever you wish for will be too much and in some cases you will be asked to do more with less. These seem to be the major factors everyone faces. I would like to take this opportunity to remind you some of the ways we can make you get more productivity for less money. Advisory Services This is a unique service, which allows clients to leverage our knowledge and experience in order to augment their internal resources. The first situation is a major project that is new to you and your staff. In Many cases the best first step is education and planning. The best source to avoid pitfalls is to engage an expert and allow them to help you plan what the right next steps or projects. The insight from professionals who have already performed many successful projects will make sure you don’t waste valuable time learning as you go. The second situation is having a project in place but just doesn’t seem to be getting to the finish line. Many projects involving consultants find the time just seems to go by but the desired results are short of what your expectations were. Or another scenario is the project was to resolve an issue but it reappears again and again regardless of the time and resources applied to resolve the issue. I place role redesigns often in this category. The sliver bullet approach promised by the consultant seemed right on but a short time after the completion the same symptoms reappear. For this situation, many times our advisory can enable you to perform the work and sustain the solution by addressing the process and design aspects of the solution rather than the technical symptoms. The following are services we suggest you consider to conserve your budget dollars and maximize the utilization of your internal staff so you can sustain the process without continuous consultant fees. Audit Assistance - Many Governance Risk and Compliance programs have been in place for many years. Most were in response to reported audit deficiencies. However, how well are these programs being maintained? In many cases, after their initial implementations were completed, only cursory inspections have been done, if any. Audit departments should make this a part of their audit universe. With expert assistance, key configurations and inspections can be identified without technical training to ensure the program is sustaining the organization’s promises for effective compliance assurance. Training and assistance in building audit steps for key areas can be done using blocks of hours. The background and knowledge of the products as well as the technical areas can be supplied new staff members and assisting them will help establish some worthwhile audit programs which benefit the organization. C0- Sourcing Projects– If there is a major project in your Governance Risk and Compliance area, we offer the alternative of supplying the project support to provide expert guidance in planning and answering technical or logistic issues as they might occur throughout the project. We believe this is a more cost effective way to complete the project as well as make sure the internal staff has the knowledge to maintain the processes after completion. Fast Track Implementations – Many organizations are either upgrading or installing new GRC systems. We believe the traditional consultant approach is much too long and expensive. We accelerate the process by completing the steps on a pilot and then documenting the necessary processes and methods so internal staff can accomplish the rollout to other locations or systems. If necessary, advisory time for answering intermittent issues and questions can be used to support the rollout process as well. In summary, we believe the traditional approach by big name consulting firms can be big budget eaters and make you consultant dependent instead of self-sustaining. Please consider the following for your 2014 budget needs. Contact us if you have any questions: •Advisory Services == Get insight from the people who use the products not the people that sell the products, •Implementations == Get your SAP GRC upgraded with Fast-Track Implementation, •Training – Valuable SAP training you can apply and get CPE credits at the same time. •Project Services – Professional IT infrastructure and project management outsourcing. Halloween Analyst Magic Well it’s Halloween and time for Analyst Magic. Gartner has published the Magic Quadrant for GRC, and all the other analysts seeking engagements of course are tweeting and blogging about what is right and wrong with the results. Just like Mike and Mike in the morning giving their analysis of the sporting teams, there is usually one person in the conversation that has at least played in the sport. The difference with our GRC analysts is very few of them have even helped or touched the applications they analyze. And most base their results on vendors who had to pay to get them to visit and customers who have asked for their wisdom and paid dearly. Unfortunately, the most they learn is by listening to the customers and to the vendors. Having been in both places, and hands on with many of the products, I would like to point out some of the many flaws: Much of the criteria are highly subjective. Market penetration for example is usually based on the acquisition of customers, and not by who is getting a return on their software investment. Opinions are cheap, just like the sports analysts; they vary by the biases they have developed over the years. In addition, all of the product evaluations are done based on demos by the vendors. And you can bet these are well orchestrated and planned to impress. Often they are geared to what the analysts ask about. Usually this is guided by customer inquiries. These are collected from primarily paying customers, or references that have been carefully selected by the vendor for the analyst to contact. I have been a customer and the only discussion I found worthwhile with any of the analysts was to get their idea of the price ranges I should expect before entering the negotiation process of the hardware of software acquisition process. In the case of GRC, these can vary widely. And there is a wide range of product capabilities. In most cases the “enterprise” tag given by the analysts is only indicative of the breadth of the product. The depth of the product is often overlooked, but a lot of attention to “look and feel” and user “friendly” criteria. One evaluation I saw presented during my days with SAP by an analyst was a demo, which got great accolades for an improvement in the user interface. And it was the same interface they had seen in the previous year, but the Demo Witch made it appear much better…. more smoke and mirrors. Before you enter the haunted house of the GRC market, my advice is to ignore the analysis paralysis on useless features and concentrate on the road to Return on Investment. This will allow you to seek out not only the software that is the best fit but also the best practices that help you gain the best utilization from the product. The combination of the two is what makes the GRC ghost and goblins go away and reality to appear! Gary |
AuthorsAssorted Members of the CAG Team providing insightful information on current topics related to GRC, Security, and Audit. Archives
July 2016
Categories |