[Music] today's agenda would be we would be talking and uh having an understanding about what exactly is uh GRC Archer then we will be actually going to the tool and taking a look at how exactly Archer tool looks like what are the capabilities of the Tool uh then we will also talk about importance of learning uh G RC tool that why even though you are not from a technical background or do not have a technical expertise but as long as you are transitioning to cyber security GRC or you wish to transition to cyber security GRC how this tool could be useful and what are the capabilities uh which will lead you to a successful career path and lastly we will discuss about the career opportunities okay so let's go ahead and let's begin our uh session to begin with with a very basic and general information about what exactly is GRC Archer so as you all must be aware that governance risk management and compliance is one of the core pillars in cyber security where all three Frameworks are compiled together and a framework of GRC is established and this is one of the most crucial pillars for any business or any organization to achieve positive outcomes and have a positive growth in in their organization and as we know that we are in our technological era and people are moving more and more towards automation people are moving more and more towards making their task making their activities uh automated or to be done by a tool or a software and that's where the uh incorporation of our tools like Archer irm came into existence that all of the GRC practice uh what happens across the business lines in different big scale Enterprises they have started automating their uh GRC processes GRC work their GRC modules and that's where Archer irm can be primarily useful so Archer irm is an automation tool that assists in business in automating their risk compliance governance program and as we just know that looking at the amount of financial corporate frauds data thefts there is very very high demand to achieve corporate governance specifically in the GRC area so risk management again with new technologies like AI coming into picture threats possessing to AI plus all the corporate frauds data protection there are various kinds of risk which is associated in every organization and the trend is increasing so we clearly understand that how important risk management and strong governances and that's where Archer irm as a tool can be very useful because it's a complete GRC automation tool so some more information about Archer irm um Archer irm is a software that basically provides common foundation for handling risk assessments deficiencies uh creating controls handling it risk management handling policies throughout the business lines so we can say that majority of the GRC modules or GRC use cases can be handled through Archer irm Archer irm is capable to handle majority of the use cases with regards to GRC framework let's Mo move on to the next uh activity which is mainly to overview and understand capabilities of Archer as a tool so this is how the homepage of Archer looks like so basically we also term this as uh Archer landing page um where basically all the activities what a user has done in last 24 to 48 hours is visible along with it uh the task which are in their queue is visible to us so basically this is the homepage now let's take a look at couple of theed Administration uh configurations what Archer has and then we can talk about few of them um you know one after the other so to begin with excess control Archer has got the ability to create users uh within it Archer has got ability to Define roles for individual users so what happens is for every use case there is a specific permission or a role Associated right now we can allot create rights we can allot delete rights we can allot update rights we can allot read rights to individual users based on the excess roles what we have so excess role is something which is very crucial and very important for any user in Archer and based on that role each user will have specific permissions in Archer right for example uh people are working in three different domains like audit risk or issue so it is very much possible that few users will have higher privileges in audit who are mainly working as audit managers or audit Consultants few people who are working as risk Consultants would have higher Privileges and excesses on risk modules and likewise for issues so we can completely customize roles in Archer and we will even look at how an excess role is uh created shortly so I'll give an overview U meanwhile I'll just complete this so this is about the excess role which is one of the most important pillars for defining permissions in Archer then we have security parameters so security parameters is solely based on the password protection and authorization in Archer so depending on how your password should be what should be the length of the password uh how should an alpha numeric character or uh digits or numbers appr approximately how much how many of them should be present in a password is all configured and defined here plus we can even Define the log out login limits per user to Archer we can even Define what instance of time a user can log in or log out from Archer what time a system would automatically log off a user from Archer so all the properties Associated to uh authorization uh validation your login password protection is covered up in security p parameters and then we have uh groups where in groups we categorize as a as I was talking about audit risk and issues right we can categorize users in different categories who have more or less the same activity to perform because it is very much possible that in a system there would be bunch of risk Consultants it's not that just one person would be a risk consultant in the whole organization so all those people who have similar kind of priv privileges or similar kind of Duties to perform an Archer we can Club them and we can create a group for each of these uh stakeholders and each of these users and then we can Club exess role and group together that's how their basic or primary excess in Archer would be configured and then lastly we have uh certain excess roles uh in Archer which is sorry Access Control reports in Archer which primarily helps us to get data from a strict compliance perspective meaning how many users are present what are their individual roles and accesses you can completely extract that in form of an Excel file in form of a CSV file um then you can even see a report where we get to know that how many users have tried to attempt in Archer in a wrong way how many users have been added into Archer for which users a group has been granted gred Etc right we can we can customize and check each of these uh activities in Access Control uh reports so let me quickly show you uh one of the excess roles where if we click on the excess Ro uh we have a couple like let's say this this is an example where I have the ability to uh provide crud permissions on different Archer applications like if I were to pick uh any risk application I can simply choose risk assessment right so under risk assessment uh I can give crud permissions and this row access role I can tag it to a user profile so that particular user will get access to risk Assessments in Archer so several other functionalities uh in Archer of creating reports uh doing data input right we'll talk about um each of them as an quick overview gradually so each one of them has got an ability to get the excesses from exess Ro so this is how an excess role in Archer is configured and then moving on to security parameters uh we have a security parameter where all the password protection length uh their changing interval previous password disallows Grace login all of these properties are configured so according to the category of user whether we are talking about a realtime user or we are talking about any system uh system user right who have some services to follow in Archer like maybe Windows uh Windows user or a SQL user may have some purpose to work in the tool for them the parameter differs and accordingly we can have their password protection and authorization properties and policies and then we have exess control report where I can customize and check uh this report by checking Access Control rights per individual user that what Privileges and right an individual user has on which applications could be uh checked up like this so if I click on any of them it gives me a message that system admin has full rights on all the pages then similarly if I choose any any random user who is not a system admin then I get to see what rights an individual user has throughout the platform so this is where my excess control rights would be applicable and I can customize this for every user and I can get the information in this way and similarly there are a bunch of uh other reports available which is individually used for different roles different security events which happen different security parameters and we can completely customize uh customize meaning we can just give different inputs on each of these and extract it according to our needs this is what primarily happens in uh excess control area so let's move on to the reporting area of Archer where I will show you how we can create Global reports and personal reports in Archer which is again one of the very widely used uh functionality in Archer so if I were to pick uh an application named risk assessments I would primarily see reports what is existing so in report what happens is I get the list of fields uh what I have available in Archer So based on risk assessments I have certain Fields like approved date I have criticality okay I have description I have devices I have got overall status I've got submit date I've got the title Etc so all I have to do is I have to add each of these fields here in the reporting segment I have to hit on search and then based on that I'll get the output and this output I can extract this in form of an Excel file I can extract in form of a CSV file PDF word Etc depending on whichever way I want to extract so simply if I click on an Excel file I exclude it I'll be able to Simply download the report directly over here in my normal machine so is it as simple as just adding up the fields and searching for the report then even I can customize and have some filters in a report that if I just want records which are created in you know uh previous day or maybe just before couple of days I don't want the whole list of Records so even I can do that where I just have to do a configuration check based on the date and I can just say created in last 15 days I'll get the extract of the records only the records which were created in last 15 days right so there is only one record which was created in last 15 days so likewise you can have as many criteria as you want in this filters so assuming we have thousands and thousands of Records in the system where we really do not need all of them uh in in the system or we probably not need all of them in the report so likewise you can have this filter in place where I can actually customize and I can only get and I can only uh see the output what I'm looking for so you can have appropriate criterias in a report and likewise you will get the output and if it's a repetitive activity you can always save this and this will lead you to ask whether you want to create a personalized report for yourself or you want to create a global report uh which may be used by the whole organization or the whole any respective Department like a risk department or audit department or so so you can create uh reports like this then I'll also show you how we can have different graphs in Archer so I'll just enable the statistic mode and based on statistics mode I will just show you how a graph can be created so likewise I can uh get the graph as well of the records I have in system which will show me how many of them are submitted how many of them are rejected how many of them are approved Etc I can have vertical bars I can have horizontal bars I can have pie chart bar graph as well so I can completely customize uh you know different kinds of filters uh what I need for a report and have different reports with different criterias different graphs and share it with the business users or any respective teams who is working on risk and similarly other modules as well so this is about reports uh now let's talk about the workspaces and I views so dashboard right so this is the whole workspace within the workspace I have got different I views that if an audit manager opens up Archer probably uh he would like to see couple of pending items on his side so he gets an I view stating that audit plans which are awaiting his review or audit plan status which are in draft mode which need certain action from him so we can as we as we just saw the report right we can customize that report and have it placed in I views and the moment a respective audit manager logs in individually he will see which plans are awaiting his action which plans are in draft mode which plans are completed closed etc etc right you can customize whichever way you may want then I can even get audit engagements by statuses uh I can have some reports based on the expenses uh then I can have different entities uh according to statuses so I can the point here is I can completely customize my particular workspace um okay in in this way and that to for different stakeholders so this is for an audit manager similarly I have for audit executive too that audit executive may see uh something else compared to what an audit manager say what an audit manager sees so you can have it uh this way for an audit executive similarly for an audit team you can have it uh in this way right so depending on different stakeholders different roles you can create uh all of these in Archer all right so this is again one of the very important aspects uh which has to deal with workpace dashboards and I views then in Archer we can even create and build up uh applications like we have so many different applications for issues omm right top down bottom bottom up top down loss events issues management applications which is necessary for Bia crisis management right I've got bunch and bunches of applications for uh a use case so Archer has the ability to create complete applications from scratch like you can completely customize an application or whatever is available in the system when you purchase the tool for the very first time you can even use that and customize that so there are majority of the use cases what GRC as a framework supports are available in Archer so Archer has got a wide range of use cases with them uh which are according to the industry best practices and as a tool Archer gives you that flexibility to completely customize and completely change or redevelop something from scratch according to how you want so everything is possible on the back end to configure it to customize it to change it Etc uh on the back end in different applications of uh different use cases that is again one of the important uh features what we have then again important features what in terms of feature what we have is notification because if you see um it is very important for any stakeholder to get the updates what is happening on uh on the Archer side so assuming that we are doing a risk assessment so it is very much possible that there would be a risk manager who would be present and there would be a risk analyst who would be present so while doing the assessment um the risk analyst completes his assessment and he submits the record and then manager has to either approve it or reject it so this notification in Archer are created in such a way that at every step if somebody approves it then respective stakeholders receive an automated notification stating that so and so risk assessment record has been approved so and so risk assessment record has been rejected Etc so likewise we can have uh reminder notifications in Archer where if somebody who has not done assessment since uh you know a month and due date has already passed so even escalation notification reminder notifications are possible to be created in Archer uh you can send notifications timely uh as reminders escalations and then once statuses changed approval happens rejection happens at every step you can customize and create uh notifications as well in Archer for the users to be aware so that is about notification this is about application building this is about exess control and then we even have uh workflows Associated so as an example I'll show you a quick one for uh an audit plan where I know how an audit plan completely moves from scratch all the way till its uh approval so what exactly should be the workflow for an audit plan so in this Advanced workflow feature of Archer we can go ahead and create the workflow that who should be the initial stakeholder who should be creating an audit plan all the way till its approval or closure so we even have the ability to move the record in stepbystep process uh all the way till its completion where things which used to happen manually or just with exchange of information system will completely do it with the help of these workflow and everything will be taken care by the system in terms of changing the value sending notifications okay uh requesting the users to log in Archer and do their approvals or rejections or sign off okay everything can be customized uh in this feature of Archer which is Advanced workflow right so these are um I think primary features uh what we have in the tool apart from from that uh we have even the integration area where I can bulk upload an external data into the tool where let's say you have thousands of records and you want to upload that into Archer you can do that with the help of data import data feeds and then you can even send archers data to an external tool or external uh drive or external location uh through this integration uh methods which is within the data feeds and import s right so these are I think um an overview about what are the capabilities and functionalities what we have in Archer so as a tool it's highly highly customizable and depending on your uh requirement and depending on what is expected you can build completely things from scratch as well as you can do modification from what is existing so now let's discuss about uh you know why one should learn uh Archer so I'll just open up a few of the important points uh what we have that why we should learn Archer so I've seen lot of people complaining that we are not from a tech background and you know why is this tool important why we need to learn we are not uh Archer administrators so few of the reasons is now we do know that people are moving from Excel sheets and manual work to tools and Archer being one of the most widely used tool in the GRC area where they have over, 1500 plus uh customer base plus majority of Fortune 500 companies are using Archer as their GRC tool so it gives you a very good idea about the tool about the functionalities of the tool about the capabilities of the tool that what this tool is capable of doing like many many of you had questions uh regarding that whether we can import this into Archer whether we can customize this whether we can uh do updates whether I can modify the functionalities configuration right so if you know the tool if you know the functionalities and capability of this tool you will be easily able to do your functional work in a much much easier way that will lessen the gap between the the technical experts and the functional experts who are the primary stakeholders for this tool right so that is again one of the very good reason that why uh if you are in the GRC domain looking at the market looking at the needs of uh GRC tool GRC Automation and how as an area GRC is evolving this tool will really really help you to boost up your career uh in in in terms of uh you know your GRC so another reasons are understanding the technological risk um as we know that GRC professional with technical skills are getting better and better in terms of uh you know grasping at it systems infrastructures this understanding of the tool will enable you to develop more effective controls more effective risk-based approaches and try to mitigate in a best possible way because if you know the tool you will exactly know that how and where should I incorporate this risk how can I handle my controls how can I classify my controls how can I build up my controls right once you know the tool you'll be able to do all of these uh in a very easier and effective Manner and then we know that GRC professional with good Technical and functional expertise are always at the top of a priority uh in corporates in an organization because if you look at majority of the big scale Enterprises nobody would be doing their work in Excel sheets and sending emails and you know that's that's a major major data breach as well as gone are those days where people used to spend hours and hours on doing assessments on Excel and all right so if you come with an expertise on tool people will be more than happy to you know have you in their team uh as an functional consultant or as a GRC consultant having techn functional skill set right and at the end of the day you will be able to uh be more productive and effective when doing vulnerability assessments risk assessments okay security controls ensuring compliance have sufficient auditing Etc so all of these is also part of uh regulatory requirements uh which we see increasing every every coming year every coming quarter right we see more and more Regulatory and compliance needs uh coming across the globe from different regions and very very important nowadays to be very strict with the compliance Norms you will be better able to understand the risk management strategies right from let's assume analyzing the risk all the way till preventing the risk that how in Archer you can create risk plans you can create risk mitigation strategies you can create risk acceptance strategies uh you can have certain set of questionnaires which is helpful to categorize a risk as high high medium low right so several aspects uh regarding the risk management strategies will also be familiar to you once you once you know the capabilities and functionalities you will be better able to collaborate with the development core development teams as well as uh technical teams within your organization because as a tool you will have a lot many uh technical equ as well uh which is needed in order to work effectively in Archer if you know that Archer is capable to create certain reports in this way Archard is able to automate certain rep reports which you want in your day-to-day activities if Archer is able to send these kinds of notifications or not once you know each of these you get more and more uh familiar with your functional aspect and you can convert that into technical uh uh you know technical requirements and that suffices the whole purpose as of of the organization of the deliverables so you can streamline activities you can automate processes you can uh have proper compliance management you can have proper uh you know the bridge between Technical and business stakeholders so these are several important and then um we all know that we do not work just on one single tool when we are in GRC we have to learn several tools as well which may or may not be completely related to GRC but there is always an integration or there is always a relationship Associated so when you know the integration capabilities of tools you will be easily able to have a differentiator that okay these are the integration capabilities if I want to integrate something with archer or any any other tool like Vera uh or let's say Q radar if you are on the Sim side or so then you know that how integration could be done once you know it of course your functional aspect and your requirements will get much more easier and you'll be successfully able to deliver the requirements and even for the managers who are managing GRC practices even for them if you see in the Market Archer has got a huge customer base and a huge range if you know the tool you will definitely be able to serve your clients in a much effective way you'll be able to manage teams in a much effective way because you will literally know how the tool is and what are the capabilities of the tool so these are some of the um you know crucial or important aspects what I have figured out when uh you have technical expertise On Tools these are some of the advantage that brings you to your table and to your professional career and uh with that uh I'll just quickly show you some of the career opportunities uh what we have um if you see uh on LinkedIn on Google or if you even you know search on LinkedIn a bit about Archer Archer Archer has got one of the highest market capitalization in terms of uh GRC because that's the most Standalone GRC tool in the market there are other tools as well in Market but Archer is a standalone GRC tool with one of the most advanced functionalities one can think of from a GRC perspective it is widely used in Middle Eastern region Asia Pacific North America followed by Europe um if we talk about Indian market um you will see all the big fours using I using Archer immensely Indian IT services company are bfsi sector specifically with the RBI making stringent laws for compliance and governance majority of PSU banks are using uh archer in their day-to-day uh GRC practices half of Fortune 500 and 90% of Fortune 100 companies have Archer on their side so there is a huge demand of Archer Consultants around and as we all know how important GRC as a pillar is so it is likely that opportunities for GRC Consultants having Technical and functional expertise will likely grow by 3x by upcoming years by 2025 or so and the interesting part is to learn Archer itself as a tool here there is no coding involved you may think of that I don't have a technical expertise or I don't have a technical background I do not come from a uh you know technical expertise area you do not need any prior background in coding or have any technical knowledge or have any background on risk or audit as well because this is the technical differentiator of what Archer of of what Archer has all of these functionalities what we were talking about reports applications okay uh having these questions uploaded right they're done without coding they are all inbuilt functionalities it's just we should know how to use it once you know how to use it you will be easily able to leverage the technical capabilities of the tool so this is about um you know archer in terms of career opportunities