Great turnout for the @RSAgrc Toronto User Group. pic.twitter.com/XlsjIWJYqF
— Steve Schlarman (@steveschlarman) December 2, 2014
Over 50 Canadian Archer users joined RSA and Iceberg for a user group session in Toronto earlier this week. Two themes stood out for me over the course of the afternoon, both centred around the idea of change.
The first theme was about evolution in the GRC industry. Steve Schlarman, RSA’s lead GRC strategist, spoke about how the industry is evolving from a reactive to a proactive approach when it comes to risk. The industry is maturing and it’s being driven by the need for risk intelligence, which he defines as “transforming compliance, harnessing risk, and exploiting opportunity”.
That word “harnessing” is important. Traditionally risk has been something to be avoided, but Schlarman says we need to be ready to hitch it up and take advantage of the opportunity that risk presents.
He said that organizations are having more business-oriented conversations around risk and compliance. Today’s CISOs need to be able to come to the conversation and say “I have a great idea on how to give customers access to their information that’s more secure and better than what our competitors can do” – rather than just provide an update on how many patches the IT team has installed or whether or not they’ve passed the PCI audit.
Another part of this evolution is a move away from a siloed, compliance-focused approach that’s disconnected from risk, to what Schlarman calls an “advantaged” approach. Advantaged organizations are fully risk-aware, and ready to exploit business opportunities quickly and predictably.
The second theme that came out a several times during the afternoon was cultural change. So many of today’s large organizations operate in silos, and Archer presents an opportunity to break down barriers and allow for sharing of information and improving the conservation around risk. The challenge is getting buy-in from all the different stakeholders.
Vas Alexiou from TD and Robert Sheridan from Desjardins both talked about their successes and lessons learned from Archer implementations. They both emphasized that effective cultural change takes time. They’ve found success by leveraging existing culture and practices that align to their goals, and getting all levels of users involved in the conversation as early as possible.
A few other comments and notes from the presenters that stood out for me:
- Alexiou said the value proposition for Archer at the board level is a tool that will provide “timely, relevant data”. She talked about the bank’s use of dashboards to present executives with a daily view of risk and where exposures may lie.
- Iceberg’s Kirk Hogan elaborated on Schlarman’s theme of risk intelligence: “Data and conversations – join the two together to create a powerful story about risk.”
- Sheridan stressed the importance of quality documentation for a successful Archer deployment. He said his group had success because of teamwork, clear goals, and strong communication.
All in all, the afternoon was a great opportunity to meet some of our customers and hear about the different ways that Archer is being used in their organizations.