How Onspring Helped ATC Consolidate GRC Data into a Unified Platform, Resulting in Savings of Hundreds of Thousands of Dollars

A GRC Case Study

OVERVIEW

Behind the scenes, a handful of companies ensure that when you flip a light switch or turn on an appliance, the electricity you need is right there. Their ability to protect the power grid doesn’t just rely on technical know-how, but also software that effectively manages the content and workflows for internal audits, compliance, and incidents.

More than five million electrical consumers in four states rely on ATC, a Wisconsin-based organization that owns, operates and maintains the regional electric grid that brings power to communities across the Upper Midwest. The company realized that upgrading their tool to manage governance, risk, and compliance (GRC) activities and documentation, including policies for such a large operation, would increase efficiencies. ATC sought a solution that could provide a centralized hub for the internal audit team and other staff across the organization to make more informed risk-based decisions, and they ultimately selected Onspring to accomplish this task.

Profile

Company:
ATC

Location:
Wisconsin

Industry:
Utilities

Reach:
More than five million electric consumers in Wisconsin, Michigan, Minnesota, and Illinois

Solutions:
Governance, Risk & Compliance Suite
Incident Response Management

For privacy reasons Vimeo needs your permission to be loaded.

Challenge

Maintaining a power grid that supplies millions of customers across four states presents a complex GRC challenge for ATC staff. From complying with federal and state mandates to reporting different incident types to performing various audits, dispersed information can potentially create an obstacle to taking timely and effective action. The most challenging aspect of ATC’s process was the first phase: finding the pertinent data and giving it to everyone who needed to see it.

“Prior to Onspring, there were times when we needed information quickly and came to find that the data we were looking for was dispersed across multiple softwares, formats and locations,” said Benny Akowuah CISA, CRISC, CGEIT, CDPSE, ATC’s Manager, Technology Audit and GRC program. “Over a period of time, we realized that we needed to find a way to be more efficient.”

Part of the problem was just how widely GRC information was distributed across various formats, including:

Spreadsheets
Word documents
PowerPoint presentations

“Prior to having Onspring, nearly everything that we did within my department and across most of the organization was manual and paper driven,” Akowuah said. “There was not a central location for all our content, so it took quite a bit of time to find the information required to make risk-based decisions. Our senior leadership kept asking for the data and information they needed but it was a challenge to give them the key metrics and reports they needed, and that information kept changing.”

Solution

Over three years, we evaluated more than 13 different GRC systems. Unfortunately, they were either too expensive, would take too long to implement, lacked essential functionality, or had a combination of these issues. However, after completing a successful proof of concept with Onspring, ATC quickly recognized that the solution had the potential for expansion beyond the initial use case. “We initially started using Onspring solely for activities related to internal audits. However, within a month, we recognized its potential to integrate various content across different functional areas, leading us to expand its use,” Akowuah explained. “Currently, 82% of ATC’s departments are utilizing Onspring. We have grown from approximately 150 licenses to an enterprise license organization-wide, and it has evolved into a nearly essential ERP system.”

Today, ATC is using Onspring to manage a wide range of processes and activities, including:

Internal audits activities
Third- and fourth-party risk management
Corrective action management
Internal controls
Compliance activities
Documentation management
ERM (i.e. enterprise risk, functional risk, operational risk, and risk register)
Onspring ticketing and change management
Supplier onboarding
Legal contracts management
Incident management

Going Enterprise-Wide with Business Automation

The versatility of Onspring and its no-code development has enabled ATC staff to quickly create apps, dashboards, workflows and reports using simple drag-and-drop elements. This has accelerated the system’s expansion across the company.

“One of the foundational elements of Onspring is that it’s a business automation platform. We’ll continue to increase our use cases because if you can get it down on paper, you can develop Onspring to be that solution and start scaling it to support all your business needs.”

Benny Akowuah, CISA, CRISC, CGEIT, CDPSE
Program Manager, IT Governance, Risk and Compliance

ATC

Result

When GRC data was divided into separate silos at ATC, it limited the ability of staff members to access and act upon it. There were also barriers at times between the internal audit group and other departments. Now, people and processes are uniting around a single source of information.

“One result of nearly everybody using Onspring is collaboration that historically we’ve oftentimes not had,” Akowuah said. “This allows us to have conversations with other functional areas and make quick risk-based decisions that advance the culture of good security practices and governance across the organization.”

Streamlining Business Processes and Making Better Risk-Based Decisions

Now that they’re being more efficient and no longer looking through disparate data sources or relying on Akowuah to provide GRC information, staff members at ATC can concentrate on value-add tasks. Onspring expedites the time it takes to complete various workflows and facilitates more informed, data-driven choices.

“From day one of implementing Onspring, we further streamlined how we execute our business processes,” Akowuah said. “We have more time now to focus on high-risk areas across the organization, and we’re making decisions in real time because more people now have access to the same information from one source.”

Consolidating the Software Portfolio

By extending the use of Onspring, ATC is consolidating and rationalizing its software portfolio, rather than spending time evaluating, purchasing and implementing additional systems. “One of our teams was going to use another tool, but once they got wind of Onspring’s capabilities, they decided to use Onspring instead, resulting in saving hundreds of thousands of dollars,” Akowuah said. “We’re also saving a lot of time and money by not bringing in other solutions.”

Explore more insights

How to Make the Move in Your GRC Program On-Demand Webinar

Megan Guerra2025-02-03T09:46:19-06:00February 3, 2025|

Thinking about a new GRC platform? This webinar will give you guidance on planning, acquiring and managing a new GRC platform.

DORA, The Explainer

Andria Mitra2025-01-29T15:26:12-06:00January 29, 2025|

With stringent requirements for ICT risk management and third-party oversight, the Digital Operational Resilience Act (DORA) ensures that financial entities are fortified against digital threats. Get up to speed on before the next deadline.

How to Conduct an Effective Supply Chain Cybersecurity Risk Assessment

Megan Thome2025-01-15T15:22:38-06:00January 15, 2025|

Your supply chain's cybersecurity is only as strong as its weakest link. Conducting a cyber supply chain risk assessment helps you identify vulnerabilities. Learn how to map critical assets, assess threats and prioritize risks to ensure seamless operations and robust security.

Project Description