BWise GRC Implementation Review
February 11, 2016

BWise GRC Implementation Review

Anonymous | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User

Overall Satisfaction with BWise

BWise is used as a GRC platform to manage multiple compliance initiatives for SOX, IT compliance, PCI compliance, Procurement compliance, Internal Audit, and Management Self-testing.
BWise is integrated with TeamMate audit tracking, for internal audit testing and annual compliance testing.
BWise is used for testing across the enterprise, giving management a view into the control effectiveness, across the company, and across compliance initiatives.

Pros

  • Bwise is very customizable to accommodate multiple compliance initiatives, across the enterprise.
  • Integration with TeamMate, made tracking audit testing and results easy to stay on top of.
  • Being able to map controls, and test once, and report control effectiveness for multiple initiatives was important.

Cons

  • Integration with SAP for continuous control monitoring.
  • Control mapping to standards: ISO; COSO; COBIT; HIPAA; SP800_53 (NIST); FedRAMP; PCI_DSS; BITS; GAAP; AICPA; BSI; CCM; COPPA; CSA
  • Surveys.
  • BWise was the most cost effective, and flexible solution evaluated, and eventually implemented.
  • BWise is a great repository for controls, and for managing GRC compliance.
  • BWise handled mapping multiple compliance initiatives to the master controls very well.
  • BWise integrated with TeamMate for testing controls very well.
Also evaluated, and implemented SAP GRC Process control for Continuous Control Monitoring in SAP. Initially selected BWise for cost and flexibility.
Well suited for general compliance, multiple initiatives, and integration with TeamMate.
SAP GRC Process control may be better suited for an SAP environment.
Oracle GRC may be better suited for an Oracle environment.
Overall, BWise is a very cost effective, and flexible solution.

BWise Feature Ratings

Common repository of GRC items
9
Risk management
9
Integration with Corporate Performance Management (CPM) systems
7
GRC policy management
9
Incident management
9

Using BWise

50 - SOX Compliance; IT Compliance; PCI Compliance; Procurement; Internal Audit; External Audit; Management Self-testing; Finance and Accounting; HR; Surveys.
5 - IT Admin; BWise Admin; Business Compliance Managers; Management; Steering Committee.
  • Control compliance.
  • Control testing.
  • Control remediation tracking.
  • Management awareness.
  • Integrating with TeamMate for control testing, tracking, remediation.
  • Management awareness.
  • Management Self-testing.
  • Continuous control monitoring.
  • Managing additional compliance initiatives.
  • HR Employee surveys.
BWIse is very flexible, and an affordable GRC tool.

Evaluating BWise and Competitors

Yes - We replaced RCTS, Sharepoint, Excel, SQL, and other home grown tools.
  • Price
  • Product Features
  • Product Usability
  • Product Reputation
  • Positive Sales Experience with the Vendor
  • Third-party Reviews
BWise affordability and flexibility to manage multiple compliance initiatives was the biggest factors. Next was the integration with TeamMate for audit tracking, and control testing.
Evaluating short term objectives verses strategic long term objectives.

BWise Implementation

The main issues were managing the internal conflicts and competing objectives, rather than the capability and implementation of BWise itself.
  • Vendor implemented
  • Implemented in-house
  • Professional services company
We implemented in-house, with the help of the vendor, to customise for our environment and implementation.
We used Deloitte as a consultant, to provide project management, and implementation expertise for our custom, and complex environment.
We implemented multiple compliance initiatives (SOX; PCI; IT General controls; Procurement; Audit; Management Self-testing, HR Employee Surveys; Questionnaires; and other Surveys.
Multiple companies, and multiple locations across the enterprise.
Yes - The project was broken into Definition phase; Development phase; Documentation; Implementation phase; Go live; Ongoing support.
The project was very complex, with defining the master data, and mapping controls to multiple compliance initiatives, for multiple companies, in multiple locations. We also performed a custom integration with TeamMate, for Audit integration, testing, tracking, reporting, and remediation.
Change management was a big part of the implementation and was well-handled - The biggest issue was organizational conflict and competing objectives between Finance (SOX); IT compliance; Internal Audit; and Procurement.
We brought together a Steering committee, with the project sponsors, and the Business and Process owners represented.
Having a consultant act as the PMO helped objectivity, and communicating clearly how competing objectives, requirements, and concerns were being addressed.
  • Competing business objectives was the most significant issue encountered.
  • Project management, and managing the timeline was the next significant issue.
  • Customization of the complex environment, and implementation was an issue.
  • Implementing multiple compliance initiatives at once was a challenge, but considered necessary to move to one tool set.

BWise Support

BWise support is knowledgeable and responsive. Bug fixes and development are also timely and ongoing.
ProsCons
Quick Resolution
Good followup
Knowledgeable team
Problems get solved
Kept well informed
No escalation required
Immediate help available
Support understands my problem
Support cares about my success
Quick Initial Response
None
Yes - We have a complex environment, and support multiple compliance initiatives. We have custom integration with TeamMate for audit testing, tracking, and remediation. Our control framework and control mapping is complex, with Master controls mapped to multiple initiatives, locations and companies. We have also integrated Management Self-testing, HR Employee evaluations, and other questionnaires and surveys.
Yes - Bwise manages bug reports and fixes in a timely and responsive manner.
BWise worked very closely with us, and helped us through a very complex implementation. Sales, and product support were very knowledgeable, and capable, with a very in-depth understanding of the product, and how to customise and adapt the framework for our environment, and complex requirements.
We implemented multiple compliance initiatives, across multiple companies, across a multinational enterprise.
We also performed a custom integration with TeamMate, for audit control testing, tracking, and reporting.

Using BWise

I found BWise to be very intuitive and user friendly.
ProsCons
Like to use
Relatively simple
Easy to use
Technical support not required
Well integrated
Consistent
Quick to learn
Convenient
Feel confident using
Familiar
None
  • Managing the Master control list.
  • Managing multiple compliance initiatives.
  • Mapping controls to the multiple compliance initiatives, multiple companies, and many locations.
  • Dashboards, and reporting results.
  • Managing and restricting views across lines of business, companies, locations, and compliance initiatives.
  • Custom integration with audit tools like TeamMate, but we completed an effective integration.
  • Mapping controls to standards, COSO, COBIT, ISO, HIPAA, PCI, NIST.
  • Most standard GRC requirements were managed pretty well.

Comments

More Reviews of BWise