Company

Polivec Launches Industry's First Policy-Driven Governance, Risk and Compliance (GRC) Platform

Tuesday, May 15, 2007

Mountain View, Calif. – May 15, 2007 - Polivec Inc., today announced the release of Polivec Enterprise Governance Solution 5.0, industry’s first policy-driven Governance, Risk and Compliance (GRC) platform. The Polivec solution drives the alignment of policies, processes, people, and technology to enable companies to actively manage compliance efficiently throughout their enterprises.

Polivec Enterprise Governance Solution (EGS) 5.0 allows organizations to:

  • Continually assess and report on progress in adhering to external regulatory and legal requirements as well as to internal corporate policies and directives
  • Tightly integrate the creation and control of all business policies, making governance and compliance documents actionable and subject to efficient review and management
  • Communicate policies and requirements to employees, partners, outsourcers and other third parties, making them aware and accountable for their roles in compliance
  • Track and manage manual activities that affect compliance
  • Incorporate information from IT systems into the regulatory compliance context

Polivec clients save time and money as they reassert control of the process of complying with the vast, ever-increasing body of government regulations and industry standards. Such regulations can be an extraordinary burden for companies that take an uncoordinated, narrowly focused approach to risk and compliance management. 

Insatiable Demand for Compliance Requires Centralized Policy Formulation and Review Combined with Business-Unit Execution

Many external factors, in addition to heightened regulatory scrutiny and the increased speed and complexity of business today, have spurred the search for a new approach to GRC. They include cross-border political and economic differences; aggressive prosecution of white-collar criminals; increased scrutiny by stock exchanges and rating agencies; and the difficulties and frustrations experienced by organizations that attempt to deal with risk and compliance in a fragmented, reactive manner.

In its August 7, 2006 report Overcoming Risk and Compliance Myopia, Forrester Research pointed out the federal government has introduced more than 113,000 rules and regulations since the Office of Management and Budget (OMB) began tracking them in 1981. The firm estimates that the U.S. market for GRC software, up from $85 million in 2002 to $590 million today, will more than double again to $1.3 billion by 2011.

Companies can take a gradual, measured approach to building their compliance functions. Forrester advises:

“First get your feet wet. Organizations need a road map for implementing a broad GRC vision. Don’t take on too much by trying to swallow the ocean. Start with one or two risk and compliance areas and expand the solution to encompass others over time. For many facing the current pressures of SOX, this will mean implementing a GRC software platform for this purpose today and expanding it to others tomorrow.”

How It Works

Polivec EGS 5.0 centers on the user’s policy set and consists of four modules, each of which addresses a specific aspect of governance. The modules may be implemented individually or together as a total governance, risk, and compliance solution.

The Policy Center, repository for all regulatory documents, policies, best practices, and procedures, features a unique mapping engine that connects policies with regulations. This enables users to quickly identify areas of non-compliance as well as areas where regulatory requirements overlap. All four modules utilize the repository, which provides a unified view of all activities.

  • The Awareness Manager automates the distribution of policies, records employee acceptance and attestation, and measures comprehension through regular testing.
  • The Technology Manager connects EGS to existing information technology systems, enabling users to make decisions and take action quickly.
  • The Activity Manager creates, monitors, and audits individual employee tasks required to achieve and maintain compliance.

Early Client Successes Demonstrate Version 5.0 Versatility

  • A major credit card brand needed to understand whether its existing controls complied with applicable laws and standards, and if there were any gaps or redundancies.  Policy Center mapped the controls to industry and government regulations and delivered the company’s first comprehensive risk assessment of policy coverage.  They went on to build a sustainable model for management and control of their regulation and policy environment.
  • A national financial institution built a new compliance model and drastically reduced the expenses and time required for quarterly Sarbanes-Oxley employee certification audits after deploying Policy Center and Awareness Manager with survey analysis features.
  • A Global Top 10 bank was having difficulty understanding its responsibilities and required tasks for FFIEC compliance and measurement, and was spending too much time and money in efforts to assess and comply. Polivec mapped FFIEC regulations to the bank’s polices and task lists and tracked employee acceptance and attestation to their assigned tasks.  Assured that all FFIEC-related tasks were being performed and reported, the bank was able to reduce the hours spent on audits and compliance, freeing up staff for more productive activities.

Polivec CEO Kim Nelson remarked, “We believe that companies that take compliance seriously and incorporate it into their business processes will gain a distinct and measurable competitive advantage in the coming years.  Compliance leads to better business decisions.

“Polivec EGS 5.0 allows you to comply with speed and efficiency, so your people can focus more on the business activities that will bring increased growth and profitability,” he concluded.