TrustRadius
BWise, from Nasdaq company BWise headquartered in the Netherlands, is an Governance, Risk Management, and Compliance (GRC) platform.https://dudodiprj2sv7.cloudfront.net/product-logos/2K/KJ/KHXRPLU0QHTM.jpegBWise GRC Implementation ReviewBWise is used as a GRC platform to manage multiple compliance initiatives for SOX, IT compliance, PCI compliance, Procurement compliance, Internal Audit, and Management Self-testing. BWise is integrated with TeamMate audit tracking, for internal audit testing and annual compliance testing. BWise is used for testing across the enterprise, giving management a view into the control effectiveness, across the company, and across compliance initiatives.,Bwise is very customizable to accommodate multiple compliance initiatives, across the enterprise. Integration with TeamMate, made tracking audit testing and results easy to stay on top of. Being able to map controls, and test once, and report control effectiveness for multiple initiatives was important.,Integration with SAP for continuous control monitoring. Control mapping to standards: ISO; COSO; COBIT; HIPAA; SP800_53 (NIST); FedRAMP; PCI_DSS; BITS; GAAP; AICPA; BSI; CCM; COPPA; CSA Surveys.,9,BWise was the most cost effective, and flexible solution evaluated, and eventually implemented. BWise is a great repository for controls, and for managing GRC compliance. BWise handled mapping multiple compliance initiatives to the master controls very well. BWise integrated with TeamMate for testing controls very well.,,SAP Business Warehouse, Oracle BPM Suite, Microsoft SQL Server,50,5,Control compliance. Control testing. Control remediation tracking. Management awareness.,Integrating with TeamMate for control testing, tracking, remediation. Management awareness. Management Self-testing.,Continuous control monitoring. Managing additional compliance initiatives. HR Employee surveys.,9,Yes,Price Product Features Product Usability Product Reputation Positive Sales Experience with the Vendor Third-party Reviews,Evaluating short term objectives verses strategic long term objectives.,Vendor implemented Implemented in-house Professional services company,Yes,Change management was a big part of the implementation and was well-handled,Competing business objectives was the most significant issue encountered. Project management, and managing the timeline was the next significant issue. Customization of the complex environment, and implementation was an issue. Implementing multiple compliance initiatives at once was a challenge, but considered necessary to move to one tool set.,8,Yes,9,Yes,BWise worked very closely with us, and helped us through a very complex implementation. Sales, and product support were very knowledgeable, and capable, with a very in-depth understanding of the product, and how to customise and adapt the framework for our environment, and complex requirements. We implemented multiple compliance initiatives, across multiple companies, across a multinational enterprise. We also performed a custom integration with TeamMate, for audit control testing, tracking, and reporting.,Managing the Master control list. Managing multiple compliance initiatives. Mapping controls to the multiple compliance initiatives, multiple companies, and many locations. Dashboards, and reporting results. Managing and restricting views across lines of business, companies, locations, and compliance initiatives.,Custom integration with audit tools like TeamMate, but we completed an effective integration. Mapping controls to standards, COSO, COBIT, ISO, HIPAA, PCI, NIST. Most standard GRC requirements were managed pretty well.,9BWise - The peaks and valleys of our GRC journeyThe BWise application is the tool we're using to support and implement our governance, risk, and compliance project. It is an ERM (Enterprise Risk Management) corporate-wide initiative sponsored by our executive officers. It encompasses our financial, compliance, audit and risk divisions. This project objective is to increase integration among the aforementioned divisions, minimize silos, and improve efficiency and reporting to senior management.,Great reporting tool (uses SAP Business Objects). It is quite flexible on types of reports that can be created and supported. Also the reporting consultants are very competent and nice. Highly customizable solution: almost everything can be tailored to an organization's needs, assessments, audits, issues, recommendations, tasks, etc. However, there's a trade-off between customization and the integration of different areas of the organization. Increases visibility and efficiency in the organization. BWise offers centralized repositories (catalogs) that can be easily accessed and used by everyone in the organization (e.g. Process catalog, Policies and Procedures catalog, Risks, Controls, Laws catalogs, etc.). Also, the application allows findings on controls tested by Audit to be automatically reflected in controls monitored by SOX for example, without the need for SOX to retest them. So one area can leverage on the work of other areas increasing operational efficiency. Increases integration and avoids silos. By choosing the correct design (e.g. Risk Workshops instead of Open Assessments), one area can see and benefit from another areas' work. An example was mentioned above; another would be Operational Risk area considering the results of Business Continuity, Vendor Management, Info Security, etc. assessments when carrying out theirs. Additionally, processes can be integrated: when contracting a new vendor for instance, one can include questions about data confidentiality and usage of models in the Vendor risk assessment. Answers to these could then trigger Info Sec / Model Risk assessments. Increases accountability. Application provides full audit/change log with the type of change, name of executor, and date of change. Easier follow-up. BWise sends automatic emails with reminders to the people required to take action on an issue, assessment, etc.,Internal Quality Check. I think this is the most prominent area BWise should improve on. Currently they lack internal Quality Check/Review. Internal dialogue among employees. When various consultants are involved in the same project, their communication and updating each-other could be a bit stronger. Inclusion of content. The application could benefit considerably from including some out-of-the-box content (e.g. COSO principles, Risk catalogs, etc.). Risk Workshop functionality. This is one of the main functionalities that allows integration among different areas of an organization. However, it comes pretty much "take it or leave it"; it's almost not customizable. Consultants' transparency. When an organization requests a particular design of the application or solicits changes to such design, it would be great if BWise consultants could always and more thoroughly advise on the implications of these changes, design to the organization's strategic objectives and ultimate target. Product features. Application has room for improving its programming, e.g. providing internal checks when creating/answering an issue/finding (for instance, remedy implementation date cannot be before the recommendation response date or the recommendation creation date). Another example would be the possibility of automatic periodic followup (e.g. every 1 month until completion).,6,Increased employee efficiency especially considering incident management and follow up. Increased visibility and senior management information/awareness. Increased employee accountability. Reduction of silos.,MetricStream,SAP Business Objects
Unspecified
BWise
6 Ratings
Score 7.9 out of 101
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow'>trScore algorithm: Learn more.</a>TRScore

BWise Reviews

BWise
6 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow'>trScore algorithm: Learn more.</a>
Score 7.9 out of 101
Show Filters 
Hide Filters 
Filter 6 vetted BWise reviews and ratings
Clear all filters
Overall Rating
Reviewer's Company Size
Last Updated
By Topic
Industry
Department
Experience
Job Type
Role
Reviews (1-2 of 2)
  Vendors can't alter or remove reviews. Here's why.
No photo available
February 11, 2016

"BWise GRC Implementation Review"

Score 9 out of 10
Vetted Review
Verified User
Review Source
BWise is used as a GRC platform to manage multiple compliance initiatives for SOX, IT compliance, PCI compliance, Procurement compliance, Internal Audit, and Management Self-testing.
BWise is integrated with TeamMate audit tracking, for internal audit testing and annual compliance testing.
BWise is used for testing across the enterprise, giving management a view into the control effectiveness, across the company, and across compliance initiatives.
  • Bwise is very customizable to accommodate multiple compliance initiatives, across the enterprise.
  • Integration with TeamMate, made tracking audit testing and results easy to stay on top of.
  • Being able to map controls, and test once, and report control effectiveness for multiple initiatives was important.
  • Integration with SAP for continuous control monitoring.
  • Control mapping to standards: ISO; COSO; COBIT; HIPAA; SP800_53 (NIST); FedRAMP; PCI_DSS; BITS; GAAP; AICPA; BSI; CCM; COPPA; CSA
  • Surveys.
Well suited for general compliance, multiple initiatives, and integration with TeamMate.
SAP GRC Process control may be better suited for an SAP environment.
Oracle GRC may be better suited for an Oracle environment.
Overall, BWise is a very cost effective, and flexible solution.
Read this authenticated review
No photo available
November 20, 2015

Review: "BWise - The peaks and valleys of our GRC journey"

Score 6 out of 10
Vetted Review
Verified User
Review Source
The BWise application is the tool we're using to support and implement our governance, risk, and compliance project. It is an ERM (Enterprise Risk Management) corporate-wide initiative sponsored by our executive officers. It encompasses our financial, compliance, audit and risk divisions. This project objective is to increase integration among the aforementioned divisions, minimize silos, and improve efficiency and reporting to senior management.
  • Great reporting tool (uses SAP Business Objects). It is quite flexible on types of reports that can be created and supported. Also the reporting consultants are very competent and nice.
  • Highly customizable solution: almost everything can be tailored to an organization's needs, assessments, audits, issues, recommendations, tasks, etc. However, there's a trade-off between customization and the integration of different areas of the organization.
  • Increases visibility and efficiency in the organization. BWise offers centralized repositories (catalogs) that can be easily accessed and used by everyone in the organization (e.g. Process catalog, Policies and Procedures catalog, Risks, Controls, Laws catalogs, etc.). Also, the application allows findings on controls tested by Audit to be automatically reflected in controls monitored by SOX for example, without the need for SOX to retest them. So one area can leverage on the work of other areas increasing operational efficiency.
  • Increases integration and avoids silos. By choosing the correct design (e.g. Risk Workshops instead of Open Assessments), one area can see and benefit from another areas' work. An example was mentioned above; another would be Operational Risk area considering the results of Business Continuity, Vendor Management, Info Security, etc. assessments when carrying out theirs. Additionally, processes can be integrated: when contracting a new vendor for instance, one can include questions about data confidentiality and usage of models in the Vendor risk assessment. Answers to these could then trigger Info Sec / Model Risk assessments.
  • Increases accountability. Application provides full audit/change log with the type of change, name of executor, and date of change.
  • Easier follow-up. BWise sends automatic emails with reminders to the people required to take action on an issue, assessment, etc.
  • Internal Quality Check. I think this is the most prominent area BWise should improve on. Currently they lack internal Quality Check/Review.
  • Internal dialogue among employees. When various consultants are involved in the same project, their communication and updating each-other could be a bit stronger.
  • Inclusion of content. The application could benefit considerably from including some out-of-the-box content (e.g. COSO principles, Risk catalogs, etc.).
  • Risk Workshop functionality. This is one of the main functionalities that allows integration among different areas of an organization. However, it comes pretty much "take it or leave it"; it's almost not customizable.
  • Consultants' transparency. When an organization requests a particular design of the application or solicits changes to such design, it would be great if BWise consultants could always and more thoroughly advise on the implications of these changes, design to the organization's strategic objectives and ultimate target.
  • Product features. Application has room for improving its programming, e.g. providing internal checks when creating/answering an issue/finding (for instance, remedy implementation date cannot be before the recommendation response date or the recommendation creation date). Another example would be the possibility of automatic periodic followup (e.g. every 1 month until completion).
- What does our organization aim to achieve with the application?
- Who will be using the tool?
- How mature is our organization in the areas/processes that will fall in scope?
- Are our areas averse to change?
- How flexible and prone are our areas to modify their way of doing business and processes/procedures to accommodate BWise?
- After implementation, who and how will perform application maintenance and change management (e.g. how easy will it be to update user privileges, central catalogs, assessment configurations, etc).
Read this authenticated review

Feature Scorecard Summary

Common repository of GRC items (2)
8.7
Risk management (2)
8.1
Integration with Corporate Performance Management (CPM) systems (1)
7
GRC policy management (2)
8.7
Incident management (2)
9.0

About BWise

BWise, from Nasdaq company BWise headquartered in the Netherlands, is an Governance, Risk Management, and Compliance (GRC) platform.

BWise Technical Details

Operating Systems: Unspecified
Mobile Application:No