So, what exactly is ITSM, you ask? The strict definition is something along the lines of this: “All the activities involved in designing, creating, delivering, supporting and managing the lifecycle of IT services.” A huge part of ITSM is Incident Management, or IM for short (yay, acronyms!).
The GRC software market has several different sections, ranging from full-fledged integrated GRC platforms to specific point solutions, and each of these can help a company deal with many different problems or tasks. The joining point of all of these different products is that they help answer the questions that the caveman asked eons ago: “How best to manage risk?” and “How best to integrate these risk management solutions into a productive business model while maintaining corporate integrity at the highest regulatory levels (direct translations from cavemen are rarely this coherent)?”
When it comes to putting together a GRC platform—or using any of Onspring’s other solutions—It doesn’t matter what kind of cooking personality you have. If you use our professional services team to lean on or you do it yourself, the results will be good. Anyone can do it—it’s just like when you’re cooking; you need the confidence to go into your kitchen and say, “I might burn this cake or destroy this pie, but I also might make something really good. If I fail, it won’t be for long.”
I am what you might call a late bloomer. It took a while, but I finally feel like I’m coming into my own with this whole “being a professional” thing. I share this because in my early days as an internal auditor I didn’t really grasp the concept of why we were doing what we did, let alone how we were helping drive a risk-focused culture in our organization.
Onspring recently conducted a survey, reaching out to audit professionals to find out about future trends in the internal audit field. Putting together tangible questions that deliver concrete results on current practices in internal audit and risks that may impact the field in the future was our target, and that was accomplished.
A lot of times when we start showing a client our out-of-the-box audit solution, we’ll be told, “Oh, that’s pretty close to what we already do.” We’ll have to tweak a couple of fields, but what Onspring starts with initially is usually all that a lot of clients will need. We take a lot of pride in the fact that we’ve added and shaped our audit solution to meet most of the needs presented to us by customers.
Much like my fishing trip, you should begin defining your requirements and planning early on, maybe even wade around in research materials for a few months before beginning the purchasing process itself. It is of paramount importance to ask yourself the tough questions that will help shape and define your scope—questions around your budget, specific needs, timeline and workflow requirements tend to work best.
One of the prerequisites to acquiring a GRC platform should be like a lot of other major items that are bought; when you are looking to make a major purchase or acquisition, consult many people in a lot of different areas. Ask your friends or colleagues, read reviews, do extra research, and as strange as this seems, even see what the trolls of the internet have to offer.
The Onspring Sales team knows you probably don’t want us to sit on the couch with you and watch Onspring videos after just having spoken for the first time, but we do our best to make you feel at ease with the resources available to help with education and awareness of where you’re at with your processes and where you can be in the future.
Onspring’s leadership, product, solution engineering, professional services and sales teams have hundreds (yes, hundreds!) of years of combined experience in business process automation with a focus on GRC. Nearly all of us here have had experience working for other GRC software providers or have helped to deliver consulting and implementation services across nearly every GRC product listed in a review, quadrant, report or software list.
When GRC platforms started becoming a “thing” in the mid-2000s, there were only a few major players in the market. They focused primarily on IT: whether it be controls, policies or risk management. Additionally, with the Enron and Worldcom scandals, SOX and its myriad of financial reporting controls quickly became platform offerings as well. As the market started expanding quickly at the turn of the decade, the concept of “eGRC”, with the “e” standing for enterprise, swept the landscape. Why settle for managing IT processes when many of the tools were capable of managing an entire organizations’ Governance, Risk and Compliance frameworks? The natural progression had begun.
If in your current state, your audit team has to spend time creating work papers manually and then saving them and going back and looking at them, that’s a manual step that is something that could be easily repeated in Onspring that ends up saving a lot of time. Looking at how much time were we spending on admin work in the past and now how much time are we pivoting that toward audit work—time, saving time is a big ROI with Onspring.