Likelihood to Recommend Well suited for general compliance, multiple initiatives, and integration with TeamMate. SAP GRC Process control may be better suited for an SAP environment. Oracle GRC may be better suited for an Oracle environment. Overall, BWise is a very cost effective, and flexible solution.
Read full review In my opinion, SAP Process Control is well suited for bigger companies with an already mature Internal Control System as well as for bigger companies who want to completely new/redesign the internal control system. The size of the company, as well as the budget, is quite important when thinking about the implementation of SAP Process Control. A smaller company with e.g., 150 people should think more about implementing SAP FCM.
Read full review Pros Great reporting tool (uses SAP Business Objects). It is quite flexible on types of reports that can be created and supported. Also the reporting consultants are very competent and nice. Highly customizable solution: almost everything can be tailored to an organization's needs, assessments, audits, issues, recommendations, tasks, etc. However, there's a trade-off between customization and the integration of different areas of the organization. Increases visibility and efficiency in the organization. BWise offers centralized repositories (catalogs) that can be easily accessed and used by everyone in the organization (e.g. Process catalog, Policies and Procedures catalog, Risks, Controls, Laws catalogs, etc.). Also, the application allows findings on controls tested by Audit to be automatically reflected in controls monitored by SOX for example, without the need for SOX to retest them. So one area can leverage on the work of other areas increasing operational efficiency. Increases integration and avoids silos. By choosing the correct design (e.g. Risk Workshops instead of Open Assessments), one area can see and benefit from another areas' work. An example was mentioned above; another would be Operational Risk area considering the results of Business Continuity, Vendor Management, Info Security, etc. assessments when carrying out theirs. Additionally, processes can be integrated: when contracting a new vendor for instance, one can include questions about data confidentiality and usage of models in the Vendor risk assessment. Answers to these could then trigger Info Sec / Model Risk assessments. Increases accountability. Application provides full audit/change log with the type of change, name of executor, and date of change. Easier follow-up. BWise sends automatic emails with reminders to the people required to take action on an issue, assessment, etc. Read full review Native connection to SAP applications Automated monitoring process of SAP applications Workflow capabilities for control testing Read full review Cons Integration with SAP for continuous control monitoring. Control mapping to standards: ISO; COSO; COBIT; HIPAA; SP800_53 (NIST); FedRAMP; PCI_DSS; BITS; GAAP; AICPA; BSI; CCM; COPPA; CSA Surveys. Read full review Default delivery of controls could be done by SAP on some basic controls like client openings, password controls, etc The messaging or customization of messages in different workflows is limited, which could be introduced to enhance the product SAP Process control does not have the capability for cloud product monitoring which is required with more SAP cloud products available right now Read full review Likelihood to Renew BWIse is very flexible, and an affordable GRC tool.
Read full review Usability I found BWise to be very intuitive and user friendly.
Read full review Support Rating BWise support is knowledgeable and responsive. Bug fixes and development are also timely and ongoing.
Read full review Implementation Rating The main issues were managing the internal conflicts and competing objectives, rather than the capability and implementation of BWise itself.
Read full review Alternatives Considered Wasn't personally involved in the vendor selection process. I am aware that one of the main drivers for selecting BWise was cost (I believe BWise total project cost was several times lower than
MetricStream 's).
Read full review The connectivity with other SAP products out of the SAP GRC suite, like Access Control and so on, was key for the decision. Also we had an already mature SAP System landscape as well as having internal processes that were similar to the SAP Process Control standard processes helped us with the decision to implement SAP Process Control.
Read full review Return on Investment Increased employee efficiency especially considering incident management and follow up. Increased visibility and senior management information/awareness. Increased employee accountability. Reduction of silos. Read full review Automated alerts for controls issues Workflow capabilities; however, there's natively only 2 levels of review. More layers would be beneficial. Read full review ScreenShots