New Microsoft Dynamics Event Dives Deep on Governance, Risk, and Compliance Issues
As Convergence has evolved into a worldwide event, its size has developed a gravitational pull of sorts. The convention-friendly location becomes an opportunity to extend attendees' weeks with other activities like user group events, partner meetings, and now an event dedicated to those who focus on security, risk, audit, compliance and governance.
Led by a collection of Microsoft Dynamics partners and ISVs, Dynamics GRC Day will launch in New Orleans on the day after Convergence, March 22nd at the Hilton New Orleans Riverside. Dedicated to a topic that gets only a limited amount of attention at Convergence, organizers hope to engage Dynamics users and professionals on a range of governance, risk and compliance (GRC) issues.
We talked to one of the organizers, Fastpath president Andy Snook to find out more about the event.
What are the common challenges in GRC that you and other experts wanted to address with a dedicated event?
One of the most frequently asked questions we get is: "How do I pass my audit?" While that is a very straightforward question, the answer is complex.
Most people are hoping to find a checklist of steps to complete in order to get the auditors to leave quickly and give their stamp of approval. In reality, the audit process is just not that simple. By nature, audits are unpredictable. Auditors want to test an environment in its "real world" state, not just when someone is watching, to make sure the proper processes, policies and controls are in place and enforced at all times.
Auditors want to ensure that companies have recognized their risks and employed mitigations or additional safeguards to manage those risks. Companies that understand risk management build processes, policies and controls to manage risk on a continuous basis which simplifies audit preparation and helps them pass their audits.
So the key question becomes "How can I improve risk management at my organization?" not "How do I pass my audit?" We're bringing together a team of audit experts at Dynamics GRC Day to provide companies with a roadmap to help improve risk management and therefore, the overall audit experience.
Why organize a dedicated event on the day after Convergence?
Dynamics GRC Day was designed for individuals responsible for security, compliance and audit who want to learn best practices around risk management in Microsoft Dynamics. Security and audit compliance continue to present a significant challenge for an increasing number of companies using Microsoft Dynamics. Through other conferences like AXUG, GPUG and NAVUG, we recognized that a lot of these companies wanted more in depth training and techniques for governance, risk and compliance.
What can attendees expect at the event?
During this one day conference attendees will learn:
- What is risk management?
- Risk management features available out of the box in Microsoft Dynamics
- Best practices for setting up and maintaining Dynamics security in a compliance environment
- Techniques for automating controls and audit preparation
- Real world success stories of putting these techniques into practice
What are some of the hot topics in terms of using the latest Dynamics ERP product releases to address GRC needs? In terms of specific regulations, risks?
There are the regulations most people think of: SOX, HIPAA, Dodd Frank, ISO9000 and now with the cloud SSAE 16. In general, public sector and non-profit organizations are heavily scrutinized during audit season.
That said, every type of business should understand, assess and mitigate their risks because, let's face it, all businesses have risk. Companies that are not subject to compliance requirements tend to think they do not need to perform risk management but their risks are just as real as those organizations that employ full time compliance professionals. A prime example is an employee embezzlement of $250,000. Does this have a bigger impact on a Fortune 50 company with numerous regulatory requirements or the 25 person local company that experiences very little regulation?
There are some exciting things happening in the new releases of Dynamics applications that help companies keep up with these regulations. The new security model, the audit workbench and the ever improving workflow functionality in AX 2012 are real steps forward for the platform. In CRM 2011 there is more of an understanding that CRM is used for key business process and not just as a rolodex. The audit trail feature is a prime example of that.
For Dynamics customers with specific GRC needs, how important is it for them to have a partner with expertise in their field?
Having a partner that understands both security and risk is critical for any implementation. Partners need to understand how to design processes and controls that meet business requirements as well as manage risk to safeguard their clients.
An example that we see quite frequently is a partner builds a complex and expensive customization without considering security and risk. The customization gets rejected by the audit team and that results in an expensive rework or shelfware. Having a partner that understands risk, security requirements and how they impact processes and software can save a company a lot of time and headaches.
Dynamics GRC Day is a great way for partners and users alike to learn about how they can manage risk in Microsoft Dynamics.