BWise GRC Implementation Review
February 11, 2016
BWise GRC Implementation Review
Score 9 out of 10
Vetted Review
Verified User
Overall Satisfaction with BWise
BWise is used as a GRC platform to manage multiple compliance initiatives for SOX, IT compliance, PCI compliance, Procurement compliance, Internal Audit, and Management Self-testing.
BWise is integrated with TeamMate audit tracking, for internal audit testing and annual compliance testing.
BWise is used for testing across the enterprise, giving management a view into the control effectiveness, across the company, and across compliance initiatives.
BWise is integrated with TeamMate audit tracking, for internal audit testing and annual compliance testing.
BWise is used for testing across the enterprise, giving management a view into the control effectiveness, across the company, and across compliance initiatives.
- Bwise is very customizable to accommodate multiple compliance initiatives, across the enterprise.
- Integration with TeamMate, made tracking audit testing and results easy to stay on top of.
- Being able to map controls, and test once, and report control effectiveness for multiple initiatives was important.
- Integration with SAP for continuous control monitoring.
- Control mapping to standards: ISO; COSO; COBIT; HIPAA; SP800_53 (NIST); FedRAMP; PCI_DSS; BITS; GAAP; AICPA; BSI; CCM; COPPA; CSA
- Surveys.
- BWise was the most cost effective, and flexible solution evaluated, and eventually implemented.
- BWise is a great repository for controls, and for managing GRC compliance.
- BWise handled mapping multiple compliance initiatives to the master controls very well.
- BWise integrated with TeamMate for testing controls very well.
Also evaluated, and implemented SAP GRC Process control for Continuous Control Monitoring in SAP. Initially selected BWise for cost and flexibility.
BWise Feature Ratings
Using BWise
50 - SOX Compliance; IT Compliance; PCI Compliance; Procurement; Internal Audit; External Audit; Management Self-testing; Finance and Accounting; HR; Surveys.
5 - IT Admin; BWise Admin; Business Compliance Managers; Management; Steering Committee.
- Control compliance.
- Control testing.
- Control remediation tracking.
- Management awareness.
- Integrating with TeamMate for control testing, tracking, remediation.
- Management awareness.
- Management Self-testing.
- Continuous control monitoring.
- Managing additional compliance initiatives.
- HR Employee surveys.
Evaluating BWise and Competitors
Yes - We replaced RCTS, Sharepoint, Excel, SQL, and other home grown tools.
- Price
- Product Features
- Product Usability
- Product Reputation
- Positive Sales Experience with the Vendor
- Third-party Reviews
BWise affordability and flexibility to manage multiple compliance initiatives was the biggest factors. Next was the integration with TeamMate for audit tracking, and control testing.
Evaluating short term objectives verses strategic long term objectives.
BWise Implementation
- Vendor implemented
- Implemented in-house
- Professional services company
We implemented in-house, with the help of the vendor, to customise for our environment and implementation.
We used Deloitte as a consultant, to provide project management, and implementation expertise for our custom, and complex environment.
We implemented multiple compliance initiatives (SOX; PCI; IT General controls; Procurement; Audit; Management Self-testing, HR Employee Surveys; Questionnaires; and other Surveys.
Multiple companies, and multiple locations across the enterprise.
We used Deloitte as a consultant, to provide project management, and implementation expertise for our custom, and complex environment.
We implemented multiple compliance initiatives (SOX; PCI; IT General controls; Procurement; Audit; Management Self-testing, HR Employee Surveys; Questionnaires; and other Surveys.
Multiple companies, and multiple locations across the enterprise.
Yes - The project was broken into Definition phase; Development phase; Documentation; Implementation phase; Go live; Ongoing support.
The project was very complex, with defining the master data, and mapping controls to multiple compliance initiatives, for multiple companies, in multiple locations. We also performed a custom integration with TeamMate, for Audit integration, testing, tracking, reporting, and remediation.
The project was very complex, with defining the master data, and mapping controls to multiple compliance initiatives, for multiple companies, in multiple locations. We also performed a custom integration with TeamMate, for Audit integration, testing, tracking, reporting, and remediation.
Change management was a big part of the implementation and was well-handled - The biggest issue was organizational conflict and competing objectives between Finance (SOX); IT compliance; Internal Audit; and Procurement.
We brought together a Steering committee, with the project sponsors, and the Business and Process owners represented.
Having a consultant act as the PMO helped objectivity, and communicating clearly how competing objectives, requirements, and concerns were being addressed.
We brought together a Steering committee, with the project sponsors, and the Business and Process owners represented.
Having a consultant act as the PMO helped objectivity, and communicating clearly how competing objectives, requirements, and concerns were being addressed.
- Competing business objectives was the most significant issue encountered.
- Project management, and managing the timeline was the next significant issue.
- Customization of the complex environment, and implementation was an issue.
- Implementing multiple compliance initiatives at once was a challenge, but considered necessary to move to one tool set.
BWise Support
| Pros | Cons |
|---|---|
Quick Resolution Good followup Knowledgeable team Problems get solved Kept well informed No escalation required Immediate help available Support understands my problem Support cares about my success Quick Initial Response | None |
Yes - We have a complex environment, and support multiple compliance initiatives. We have custom integration with TeamMate for audit testing, tracking, and remediation. Our control framework and control mapping is complex, with Master controls mapped to multiple initiatives, locations and companies. We have also integrated Management Self-testing, HR Employee evaluations, and other questionnaires and surveys.
Yes - Bwise manages bug reports and fixes in a timely and responsive manner.
BWise worked very closely with us, and helped us through a very complex implementation. Sales, and product support were very knowledgeable, and capable, with a very in-depth understanding of the product, and how to customise and adapt the framework for our environment, and complex requirements.
We implemented multiple compliance initiatives, across multiple companies, across a multinational enterprise.
We also performed a custom integration with TeamMate, for audit control testing, tracking, and reporting.
We implemented multiple compliance initiatives, across multiple companies, across a multinational enterprise.
We also performed a custom integration with TeamMate, for audit control testing, tracking, and reporting.
Using BWise
| Pros | Cons |
|---|---|
Like to use Relatively simple Easy to use Technical support not required Well integrated Consistent Quick to learn Convenient Feel confident using Familiar | None |
- Managing the Master control list.
- Managing multiple compliance initiatives.
- Mapping controls to the multiple compliance initiatives, multiple companies, and many locations.
- Dashboards, and reporting results.
- Managing and restricting views across lines of business, companies, locations, and compliance initiatives.
- Custom integration with audit tools like TeamMate, but we completed an effective integration.
- Mapping controls to standards, COSO, COBIT, ISO, HIPAA, PCI, NIST.
- Most standard GRC requirements were managed pretty well.