, 10 tweets, 4 min read
My Authors
Read all threads
I recently conducted a business case analysis presentation around implementing a GRC tool in our org over the current use of Excel and a few other tools to get things done. While I can't share the entire slides, I decided to share some to help those of you also trying. 1/10
Here is the overall agenda. I can show you the example use case scenarios, but I can't share the current workflows/future workflows. So make sure you show them the current way you perform actions and explain what is coming and the problem that GRC software will solve. 2/10
Ensure to define what GRC software is and isn't. Emphasis put on the auditing actions. An Excel sheet is great, but if someone goes in and changes a control that says "partially-compliant" to "compliant", will you actually catch that? Probably not as easily as GRC software. 3/10
Going to let these slides mostly stand on their own when it comes to use cases. We know them well, but this is still maybe helping your creativity flow so you don't forget something that can be put down in your efforts. 4/10
Workflow mgmt is huge and this is something most exec's will gravitate the most to. This is where manhours are massively spent. It is not feasible at all to track compliant audits in a spreadsheet. (EX: Conducting a GPO audit annually). Spend a lot of time here. Quantify. 5/10
Third-Party Risk Management. Most GRC software has some way to just handle, at minimum, the sending/receiving/tracking/scoring of questionnaires to them. Imagine doing that manually. No way. Quantify. My company has potentially 85k+ vendors. That can't be done manually. 6/10
This is the one that can most easily be kept in Excel and a GRC software will have minimal value add, but it still matters. And the mapping is the biggest value add, as previously shown. 7/10
Remember we talked about auditing earlier. Multi-user means spreadsheets aren't going to cut it. If someone improperly changes a field to compliant and you don't catch it, you'll probably ignore it. Audit time comes and you get nailed. You'll be on the hook to explain. 8/10
This one is self-explanatory. Reporting is almost always better from some software application over building your own pivot charts. From a time standpoint alone. That's more quantifiable manhours. 9/10
This is another thing that could be easily tracked outside of GRC software, but is still a value add and has its benefits of being in it. 10/10.
Missing some Tweet in this thread? You can try to force a refresh.

Enjoying this thread?

Keep Current with Frank McGovern

Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!