BWise integrated GRCyour business in control

Annual Central Risk Management Conference 2012

April 30th, 2012

Rob van Straten, SVP EMEA & Apac

BWise Company Facts

2

Mission:“To help companies worldwide track, measure and manage key organizational

risks, including the risk of non-compliance, by offering best-of-industry Governance, Risk and Compliance software and services"

Company founded in 1994

400+ customers worldwide

Offices in US, France, Sweden,

UK, Germany, Netherlands

GRC focus and commitment

40% annual growth, R&D

consistently 16% of revenue

Leading in customer

satisfaction

Key points to take away

3

• Best-in-class integrated GRC platform for Internal Control,

Risk Management, Internal Audit, Compliance and

Sustainability

• Fully configurable software platform ensures performance, scalability and easy upgrades

• World class implementation teams, Academy for knowledge transfer and effective services for maintenance and support

Mission:“To help companies worldwide track, measure and manage key organizational

risks, including the risk of non-compliance, by offering best-of-classGovernance, Risk and Compliance software and services"

Analyst Recognition: Gartner and Forrester

4

Source: Forrester Research, Inc.

BWise has been a leader in the Forrester Wave since 2006

BWise has the highest ‘Ability to Execute’ andis in the Leaders Quadrant for the 3rd time in a row

400+ BWise customer worldwide

Banking Insurance Other

Energy Production Processes

Sales Marketing Processes

Distribution Processes

Product Development Processes

1st Level of Defense: Business Responsibility

Implement

Policies

Provide

Evidence

Report

Incidents

Monitor

Risks

2nd Level of Defense: Risk & Compliance

Define Risk

Language

Define

Policies

Track

regulations

Help assess

Risks

4th Level of Defense: External Audit

Assess

Risks

Audit

Organization

Track Audit

Findings

Certify

Organization

3rd Level of Defense: Internal Audit

Assess

Risks

Audit

Organization

Track Audit

Findings

Review

Policies

GRC in the Enterprise

6

AW20

שקופית 6

AW20 Slide Luc usesAnna-Lena Westra, 07/02/2012

4 Levels in Risk Management

7

Integration – Single Risk Language

8

Internal Control

Internal Audit

Compliance

Risk Management

One single framework with many dimensionsused by multiple departments

GRC Journey

9

Level o

f au

tom

atio

n

Au

tom

ate

dM

an

ua

l

Tim

elin

e: m

ed

ium

-term

(1 –

3 y

ears

)

Business Transformation

Balanced Risk & Performance Management

Continuous Monitoring

Risk Convergence & Controls Rationalization

Silo-Based Automation

Manual Processes

AW18

שקופית 9

AW18 Adjusted based on comments LBAnna-Lena Westra, 07/02/2012

Where to start?

Define Success Reduce (external)

Audit Costs

Satisfy Major Stakeholders

Issues and Interests

Reduce Burden

on the Organization

Reduce

Risk Exposure

Compliance

Cost Reduction

Quick wins or biggest pain points

SOxICFRSOxICFR

SOxICFRSOxICFR

ERMERM

ORMORM

SOxICFRSOxICFR

ERMERM

AuditAudit

LegalCompliance

LegalCompliance

ORMORM

SOxICFRSOxICFR

ORMORM

SOxICFRSOxICFR

AuditAudit

IT GRCIT GRC

SOxICFRSOxICFR

IT GRCIT GRC

ERMERM

AuditAudit

SOxICFRSOxICFR

Issue Tracking

Issue Tracking

IT GRCIT GRC

PCICompliance

PCICompliance

Client A Client B Client EClient DClient C Client GClient F

GRC Journey; Think big - Start small

12

Audit

AW19

שקופית 12

AW19 Issue Management has been added to the right columnAnna-Lena Westra, 07/02/2012

Gerard ParkerRisk Management (RM)

Michael BauerInternal Control (IC)

Jackie McLarenCompliance &

Policy Mngt (CPM)

Damian ThomsonIT GRC

Kim LeeSustainabilityPerformance

Management (SPM)

13

BWise® GRC Platform

Ann GreenInternal Audit (IA)

Management Control Dashboard

14

QUESTIONS?

Contact:

• BWise: Rob van Straten, rob.vanstraten@bwise.com

• LiBi: Max Tropp, maxt@libi.co.il

15