Posted by Fiona Martinez-Mancz on Thu, Apr 19, 2012 @ 09:05 AM
From 26th May 2012 it will become illegal for companies within the UK to install cookies that pass on browsing information to third parties without first gaining users’ consent. With this deadline now little over a month away accountancy company KPMG have released worrying research that shows 95% of 55 major UK-based organisations surveyed are not compliant with current cookie regulations. Regulation 6 of the Privacy and Electronic Communications Regulations 2003 states that a person ‘shall not store or gain access to information stored’ unless a user has been ‘provided with clear and comprehensive information’ and ‘has given his or her consent’. KPMG’s survey outcome confirms that many companies are far from ready for the emerging change in law, which could see non-compliant companies fined up to £500,000.
With the deadline fast approaching companies are being encouraged to ask fast in order to avoid severe financial penalties. The regulator ICO stated, "At present evidence demonstrates that general awareness of the functions and uses of cookies is simply not high enough for websites to look to rely entirely in the first instance on implied consent". Despite various debates regarding the effectiveness of the new law time is running out for sites to meet the terms of the new regulation, with companies now having a fixed date for when compliance must start taking place.
Ensure your company is compliant ahead of the deadline with Xactium’s Policy Manager. By managing your policies and procedures you can track your compliance with these vital requirements. Talk to us now and arrange a bespoke demo.
Posted by Lizzie Rayner on Tue, Apr 10, 2012 @ 05:45 AM
The FSA has recently amended their Anti-Bribery and Corruption guidance. This follows a review of how investment banks and firms carrying on investment banking or similar activities in the UK mitigate bribery and corruption risk.
Some key areas of additional guidance from the FSA include:
Policy Management
Ensuring that anti-bribery and corruption policies adequately address all areas of bribery and corruption risk to which a firm is exposed. Examples of areas to consider include: expected standards of behaviour; escalation processes; conflicts of interest; expenses, gifts and hospitality; the use of third parties to win business; whistleblowing; monitoring and review mechanisms; and disciplinary sanctions for breaches.
Risk Management
A strengthening of guidance when undertaking Risk Assessments related to Bribery and Corruption, including: taking adequate steps to identify the bribery and corruption risk, for example by using a range of expertise from both within and outside the business. Furthermore, these risk assessments should inform the development of monitoring programmes; policies and procedures; training; and operational processes that help mitigate the risk.
Role Management
A key part of role management is understanding which roles and functions within the organization are at higher risk from a bribery and corruption perspective, and ensuring that they have clear training and guidance. A review of remuneration practices is also important to ensure that they do not encourage risk taking.
Incident Management
Where there is no whistle-blowing procedure, firms should consider measures to allow staff to raise concerns anonymously, with adequate levels of protection and this should be communicated clearly to staff.
While it was noted that many banks and financial institutions had put in place significant work to address bribery and corruption, there were still a number of weaknesses. These related in particular to:
-
limited understanding of the applicable legal and regulatory regimes
-
incomplete or inadequate bribery and corruption risk assessments
-
lack of senior management oversight
-
failure to monitor the effective implementation of, and compliance with, anti-bribery and corruption policies and procedures.
Looking to strengthen your organisation's management of anti-bribery and corruption risk? Talk to us at Xactium to see how you can get complete visibility of your governance, risk and compliance activities.
Image credit: FSA
Posted by Andy Evans on Wed, Jan 04, 2012 @ 07:33 AM
Recently, Xactium and salesforce.com held an event at the Lloyd's Building on "Risk & Compliance Management in the Cloud - Anytime, anywhere, any device".The event was hosted in the famous Old Lloyd's Library.
From the outward appearance of this iconic building, you'd expect the interior to reflect its slick, futuristic feel. However, the marvel of the building's design is the preservation of many of the more traditional spaces, including the Old Library. Dating from 1928, its intricately-carved oak panels showing 17th & 18th-century merchant vessels, and the paintings of past Lloyd's Chairmen really speak to the rich history of this well known institution.
See more pictures from the event on Flickr
While the surroundings were suitably steeped in history, the topic of the presentation was very much focused on now and the future. Karl Lawless of Salesforce.com started proceedings with an introduction to salesforce.com's cloud platform, Force.com, and the key partners who are using it to deliver innovative web-based applications to major banking and financial services companies around the world.
Following this, John Shelton, Group Operational Risk Manager of JLT Group, expounded on his experiences of successfully rolling out one such application - Risk Manager from Xactium - across JLT's global business. John explained that not only was this achieved in extremely short timescales, but that the flexibility provided by the Force.com platform and the usability of Xactium's application meant that the solution had been adopted enthusiastically by users. John finished by giving his personal views on cloud computing. He believed it was unshackling businesses from traditionally inflexible and complex IT software and that companies that did not adopt this technology would rapidly become uncompetitive.
Finally, Andy Evans, CEO of Xactium, demonstrated some of the key features of the Risk Manager application. His focus was on showing exactly how a cloud platform like Force.com could provide a unified and flexible application foundation for managing risk and compliance activities. A key feature he noted was the ability to better engage users in the risk and compliance process - both by enabling them to access their information through many different devices, but also by allowing them to collaboratively communicate via some of the powerful social tools built into Salesforce.com.
Feedback from attendees of the event was positive, with many finding the potential for different users to engage with risk and compliance in a more social and flexible manner of great interest.
Posted by Lizzie Rayner on Thu, Dec 01, 2011 @ 05:09 AM
Communicating HR information across large businesses is often a struggle, both from an operational and a strategic perspective. With high numbers of employees spread over multiple offices or countries, HR is expected to not only have a good handle on all employees, but to actively manage a huge amount of disparate data including:
- Job profiles
- Recruitment
- Performance Management
- Training and Development
- Career planning
People make up the culture of a company - they are your most valuable asset and HR is a vital interface with this asset – get it wrong and you may lose your best people. At a time when efficiency and productivity is being put to the test and with unemployment at a record high, there has never been a more critical time for HR to have clear and effective channels of communication across the business.
With all this additional pressure combined with over-reliance on spreadsheets and documents of all shapes and sizes to pull together vast quantities of business sensitive data, it is hardly surprising that many companies are struggling to manage HR, with these common complaints:
- Disparate HR data with no common language
- Limited oversight of job roles within the company
- Poor staff retention
- Recruitment efforts don’t attract the right candidates
- Limited access to up-to-date careers information
- Poor employee satisfaction
- Inefficient career development processes
In the last few months Xactium has been developing the latest addition to its GRC Suite, Role Manager - a Role Management system fully native to the Force.com platform, offering a 360 degree view of your data. And we’re proud to say that not only is it ready and available but has already been implemented and is being used by two global banks.Resulting from a collaboration with our partner, Aquarius Management Consultants the solution brings the best of both worlds: all the flexibility and collaboration tools in-built on the Force.com platform teamed with specialist HR knowledge based on many years experience of what really works.Learn more about Role Manager and how it can be used to combat these issues in a case study from Aquarius.
Posted by Lizzie Rayner on Tue, Nov 15, 2011 @ 05:10 AM
In an article last week Gerry Pennell, CIO of the London 2012 Olympics and Paralympics dismissed cloud computing as a “far from ready for mission critical applications”.
While these were later qualified as applications for measuring athletic performance, it got us thinking. Why so soon to dismiss the capabilities of the cloud? Far from being unfit for the job, Force.com – the development platform from salesforce.com offers its customers so much more.
Here are 8 reasons why actually, the cloud is perfectly suited for the Olympics:
-
Less development time saves time and money. Developing on the Force.com platform is 5 times faster than traditional software development. According to Gerry, “CIOs cannot afford to discard the investment to build an entirely new infrastructure using the cloud.” However, the joy of the cloud is that this simply isn’t necessary – the infrastructure comes as part of the Force.com package.
-
Pay As You Go. The multi-tenant model of the cloud could offer the Olympics an amazingly good deal. What other model is better suited to cope with the sudden swell of user numbers during the month the Olypmics and Paralympics take place? What other model lets you pay as you go – on a per user basis?
-
Trust is based on performance. Gerry uses “real-time” as a byword for unreliability, he says "clearly it is all in real time, which is why cloud computing cannot yet be trusted. Yet the figures suggest otherwise. Why else would 3m users of Salesforce continue to renew their licenses time and time again? With 3m users, you can also bet that salesforce.com doesn’t hang around if there are any issues relating to performance – they offer 24x7 customer support.
-
Cloud loves integration, which is an area Gerry highlights that is of importance: "we need to take data from different sources”. Force.com states that its enterprise API can integrate with pretty much anything from on-premises applications to third-party solutions – in our experience to date, this is true. In fact more than half of all traffic on the Force.com platform is from system-to-system integration.
-
Avoiding the big freeze. Gerry reveals that the IT preparation began two years ago, which involved a technology freeze to ensure systems like PCs and servers remained identical for the duration of the project. With an online web-based application, this effort could have been significantly reduced. All you need is an internet browser. No hardware. No servers. Salesforce.com do all the legwork in regards to keeping your servers safe, with an impressive security résumé.
-
Cloud can adapt very quickly to new requirements, even as it is being used. So if the need for a last minute change emerges it can be accommodated quickly and safely. So while getting the core deliverables done early is best practice, should something crop up at the last minute, there is an extra buffer in place.
-
What isn’t mission critical these days? As providers of governance, risk and compliance solutions, we’re proud to offer cloud solutions to support business-critical processes such as risk management and incident management. It’s not hard to find examples of risk management gone wrong. With such a tough economic climate, there’s an awful lot of pressure on businesses to deliver and for those who don’t the penalties can be incredibly harsh. Higher stakes mean that there is all the more reason to choose a solution at the forefront of technology, rather than overlooking its capabilities.
-
As Gerry says, there’s nothing like a hard deadline to make you put your money where your mouth is. The business case for cloud is striking - we don’t just expect to see a “gradual evolution to cloud computing”. We are part of the innovation. Perhaps Gerry could tell us what risk platform he’s using for the Olympics?
Join the debate - leave a comment below.
Posted by Lizzie Rayner on Tue, Nov 01, 2011 @ 04:58 AM
Thursday 20th October marked the third annual Great California ShakeOut, as 8.6 million participants joined the earthquake preparation drill across California and beyond. This unique event was originally a scenario exercise organised as part of the United States Geological Survey's Multi-Hazards Demonstration Project, aimed at preparing the Californian public on the earthquake-prone San Andreas fault line.
Since then the event has evolved into a yearly rehearsal of the “Drop, Cover and Hold On” technique, teaching Californians what to do during and after an earthquake. Participants are instructed to stop whatever they are doing at the appointed time to practise the technique, simulating what they should do in a real earthquake.
Reading this, I was struck by the parallels between risk management. Picture millions of people consciously striving for the same goal: minimising the risk of injury or death from a natural disaster. What a striking image for risk management professionals all seeking to protect their businesses from financial risk. What is the ShakeOut but an brilliantly executed enactment of a particular risk scenario?
So, what can we learn from this feat of organisation in an increasingly bumpy and risk-conscious economic environment? What can over 8 million people crouching under tables, beds, and assorted furniture teach us?
Leverage uncertainty and unpredictability to plan your risk management strategy. Capitalise on proactivity now.
- A focussed, organised approach leads to the most effective form of risk assessment. “Practice now to protect yourself in a real emergency” is the mantra of the ShakeOut drill. Your risk register may not be setting off any alarm bells at the moment, but a proactive approach is essential to be able to respond to future risk. And it works both ways, as a geophysicist said of the drill: "People that are not prepared for disaster are inviting disaster”. Without a truly proactive approach, risk management can easily escalate into a damage-limitation exercise.
- Maintain a consistent approach – “Drop, Cover and Hold On” remains the key message throughout the drill, despite the drill scenarios changing. Participants are advised to "drop, cover and hold on", whether they are in a school, an office, a bed, or a theatre. Similarly, always keep your risk priorities in sight as a fundamental best-practice. Crucially, having all of your risk data available in a centralised risk database with real-time visibility helps to prevent risk oversight.
- The collaborative power of people – in just 3 years the event has ballooned to 8.4 million participants. The success of the ShakeOut is its effectiveness and popularity to educate the masses. Such is the reach of the drill that other states and countries have adopted the practice including: British Columbia, Guam, Idaho, Nevada and Oregon. Chile, China, Japan and Mexico are also considering adopting their own drills. Be inclusive: harness the collaborative power of your organisation. Anything other than an organisation-wide risk management solution will greatly increase your potential risk exposure.
Lastly, a disclaimer: “Drop, Cover, and Hold on” is not a recommended approach to risk management!
Posted by Andy Evans on Tue, Oct 25, 2011 @ 05:07 AM
Salesforce.com is currently rolling out its latest platform release - Winter '12. This is a big release, with 150 new features, and a lot of hefty ones at that. Here are some of the highlights that Xactium's customers may find useful as a part of our GRC solutions:
Analytics Enhancements - Starting with this release, there is a terrific roadmap of new features for reports and dashboards, which is going to be a big win for customers. Just to name a few of the new ones in Winter '12:
Dashboard Filters - Dashboard filters allow you to add a filter to the dashboard, that when changed, applies the filter to all the dashboard components. A small, but really useful feature. For now, it can only be a picklist, lookup or text field. (let's hope date fields are close behind)
New Reports Tab - A slick re-design of the Reports tab. The image shows it nicely, but essentially it combines Reports and Dashboards into one place to find and run them. An enhanced search has also been added for those customers with lots of reports or dashboards. A few other additions helps admins manage the folders and creation a bit better, although an obvious missing feature is the ability to sort folders - given the uproar this is causing on the discussion boards, we're hopeful it will be fixed soon!
Visualforce Charting - This is a pilot, but salesforce.com showed it at Dreamforce and it looked very slick. Essentially, visualforce reports will make it much easier to build more sophisticated reports. We're already testing these out at Xactium to see how they look!
Finally, reports are also shown in the recent items list, which will make them easier to re-run.
Chatter Enhancements - As expected, there are a quite few new Chatter enhancements. Chatter is now no longer just a feed, but also provides a messaging sevice.
Chatter Messages - Messaging and Presence now built directly into the platform. This is a big collaboration enhancement, as now users can see if someone is logged in, and send them a private message. So, if a private discussion needs to be had around a particular risk or control for example, users can have the conversation within the application, rather than using email with all its weaknesses as an audit trail.
Customers in Private Chatter Groups - Customers (or Partners) can now be invited into private and secure Chatter groups so they can collaborate with users. Share files, posts, messages, etc. just like you would with a normal user. Best of all, it's free. At Xactium we're looking forward to using this feature over the coming months to communicate with our customers and partners.
Chatter Approvals - Approvals can now be managed through the Chatter feed.
Salesforce for Outlook now supports Outlook 2010, including 64 bit.
Force.com Flow - this is now generally available within the platform. It provides a rapidly maturing tool for creating business process workflows and then executing them in the platform. We see this as being a very powerful solution in the future for driving critical business processes as part of a well-controlled business environment.
Admin Enhancements
For all you admins, this enhancement is a great time saver. When viewing records on the right hand side, you can find a button for showing (and hiding) a quick access menu for editing the properties of a record. For example, editing and adding new fields, or workflows and approvals take one click instead of 5-6 clicks you normally take to navigate all the way through the setup menus!
Summary
Winter '12 looks like a well rounded release with a few big enhancements and a lot of smaller enhancements to really fill it out. After the somewhat light Summer '11 release, Winter '12 provides some nice features that can be leveraged without Apps.
To sum up in a single sentence: Winter '12 offers a combination of functionality and efficiency for greater usability, with a real emphasis on collaboration as part of salesforce.com's vision of the social enterprise.
Keep your eyes peeled, we'll be reporting back on the Chatter updates in the coming weeks.
Posted by Andy Evans on Wed, Oct 05, 2011 @ 04:54 PM
In this article, veteran JLT CIO Ian Cohen provides some great insight into the value of Cloud and the experiences that JLT has had in implementing Salesforce and Xactium's Force.com Risk Management solution across the business.
What's particularly interesting is his insight that utilizing cloud IT solutions won't necessarily reduce costs because the value and flexibility of cloud solutions results in people using the systems to do more.
In the case of Salesforce CRM, this has resulted in JLT staff gaining a better understanding of the complete client relationship, thus enabling them to determine what went right (and wrong) with each interaction.
In contrast, Xactium's Force.com Risk Management solution has resulted in greater consistency in the risk assessment information that is collated across the entire group.
The value of both solutions is the use of a common underlying cloud platform to capture key business frameworks, while remaining flexible and open.
Posted by Lizzie Rayner on Mon, Jul 18, 2011 @ 03:43 PM
A brand new Risk Management survey conducted across multiple industries has highlighted a heightened awareness of risk across nearly all participants. In one of the largest surveys of its kind, the report targeted c-level executives, including in-depth interviews with some of the industries top-performing “Risk Masters”.
Key Risk Finds:
- The types of risk to which companies are exposed and the severity of these risks are increasing
- Critical risk exposures exist despite investments to improve risk capability
- Risk management needs to go further to support business growth, beyond serving as protection from negative occurrences
- Too few companies are achieving their expected risk management targets
- Size does matter - the bigger the company the more likely it considers risk a higher priority than 2 years ago
- Almost all participants regard their risk management capabilities as providing some level of competitive advantage
Best practices from the Risk Masters:
- Create shareholder value from risk management by linking risk to business performance
- Involve the risk organisation in key decision-making processes
- Invest in continuous improvement
- Integrate risk management across the organisation and business units for a more consistent approach
- Engage a higher level of commitment to analytics and risk modelling in an increasingly complex risk environment
- Go beyond compliance - Risk Masters were identified as better at developing relationships with regulatory agencies
- Statistically, high performing risk organisations are more likely to have an Enterprise Risk Management program - 90% of Risk Masters have an ERM program in place, compared to just 64% of non-Risk Masters
Top 5 Risk Management challenges for businesses over the next 2 years:
- 47% cited reducing costs as a priority
- 43% were concerned with aligning risk management with overall business strategy
- 41% aimed to improve risk management and modelling
- 41% of risk organisations identified implementing regulatory demands as one of their main challenges
- 40% pinpointed availability, consistency and organisation of data management as a key area
Posted by Lizzie Rayner on Mon, Jul 18, 2011 @ 10:27 AM
Visibility. Data quality. Operational efficiency. IT and Infrastructure costs. Data Security. High data costs.
Sound familiar?
These are 6 of the key areas affecting the increasingly indispensable area of Governance, Risk and Compliance (GRC), highlighted last week in a thought-provoking article.
In an increasingly regulation-driven society, the costs of inefficiency can make or break companies. The Financial Services Authority’s (FSA) naming-and-shaming of those whose incur fines through inadequate and irresponsible GRC practices attests to the stringent attitude of regulators.
It would appear that the question now to be considered is not whether you can afford a consistent and robust approach to risk and compliance, but rather - can you afford to continue to struggle with your business’s challenges? The bottom-line is ultimately financial and poor risk management can cost a business millions, as the credit crunch has only too clearly shown.
Likewise, IT costs and data costs need to be addressed as companies’ purse strings tighten. Cost alone can be a powerful motivator, but it does not reflect the complete picture - data quality, visibility, operational efficiency and security - these are the real players in driving the success of your GRC program and deliver your return on investment.
Xactium’s cloud-based approach to managing Governance, Risk and Compliance offers significant business advantages, which are presenting a more and more persuasive value proposition for regulated sectors, particularly for Financial Services.
Find out more about Xactium’s integrated Solutions.
Read the full article.