Q&A: Managing Risk With Quantivate
- October 24, 2018
- Quantivate
Quantivateâs Vice President of Enterprise Risk Management Services, William âBillâ Hord, was recently interviewed at DRJ Fall 2018, Disaster Recovery Journalâs annual conference. He spoke with Alex Fullick, host of the podcast Preparing for the Unexpected, about how organizations can integrate their risk management activities.
Read some highlights from his interview below.
Alex: So what does Quantivate do, and what do you do as the VP of Enterprise Risk Management Services?
Bill: Well, in a nutshell, Quantivate provides a comprehensive, integrated solution for governance, risk, and compliance. Itâs a software suite that provides a systematic approach to defining and managing GRC initiatives.
Our solution really allows organizations to align their risk management, their business continuity, their vendor management, IT, and so on, with corporate strategy. We have seven modules that integrate together and share various data points across risk management as a whole.
As for me, I oversee the enterprise risk management services, and we work with all of our clients to assist them in either building out risk management programs or maturing their existing risk management programs, regardless of whether thatâs from an enterprise perspective, business continuity, vendor management, or another area.
Alex: So letâs say Iâm the BCP/DR [business continuity plan / disaster recovery] guy. How do I use this tool?
Bill: The way you use this tool is it allows you to do your BIAs, your business impact analysis, and then create your plans across the various processes. Youâre able to leverage all of your dependencies and document those dependencies and then be able to create your plans from that and develop your RTOs [recovery time objectives], RPOs [recovery point objectives], things of that nature.
The notifications that are built inside of the system are probably one of the bigger features. When you talk about managing business continuity across an enterprise, a lot of times people say, âI donât have time to babysit.â So the system allows you to set up broadcasts and notifications that not only allow you to see whatâs going on and what needs to be done, but also provides that gentle reminder to your subject matter experts that we need some data.
Alex: Before we came on air, you mentioned that other areas can use this tool. Letâs say Iâm an IT professional working in information security. How do they leverage that? How do [different departments or business units] end up walking towards the same end goal and not just using everything in a silo?
Bill: Thatâs a great question, because we see that quite a bit. When we go in and do some analysis [for customers], we look at: âWhat is your GRC solution today?â Because itâs not that folks donât have it; the issue becomes that [their solutions] are very siloed in nature in a lot of cases.
So Quantivate has whatâs called shared attributes â think of it as a data element, whether that is a vendorâs information, or information thatâs coming from a dependency related to business continuity, or a control inside of IT. Any place that that information is applicable in terms of those other disciplines â vendor management, business continuity, enterprise risk â any place that those are utilized, itâs updated in real time.
So say, for example, youâve got your vendor management folks, and theyâre constantly doing due diligence on the vendors: theyâre adding new vendors; theyâre removing vendors; theyâre even changing technical contact information around those vendors. Well, that information also is (or should be) leveraged inside of business continuity in some instances, because vendors are dependencies inside of business continuity.
Sometimes it happens in that siloed environment that the vendor management team adds a vendor or changes some technical contact information, and they donât necessarily remember to tell the folks in business continuityâŚ
Alex: Itâs not sometimes, let me tell you!
Bill: Exactly, so by having a relational database across all of our modules, if youâre utilizing vendor management and business continuity and you make that update, whatâs going to happen in real time is where a shared attribute is being utilized in business continuity, it is then instantly going to be updated [in vendor management] and notifications sent out.
Therefore, you donât have to worry about duplication of data; you donât have errors from people typing in the phone number or name wrong or whatever the case may be â that data stays in sync, and it happens in a real time environment.
Want to hear more insider information about Quantivateâs GRC solutions? Listen to the full interview.
Or get valuable tips on evaluating enterprise risk management software products and vendors in Quantivateâs new ERM Software Buyerâs Guide.