Brainwave GRC & ISACA Montreal: how can technologies enable continuous audit and control?

Brainwave GRC & ISACA Montreal: how can technologies enable continuous audit and control?

Brainwave GRC and ISACA Montreal conference

How can technologies enable continuous audit and control? 

From 11:30 am to 01:00pm – Thursday 13th of April 2017 in Montreal




Continuous audit and controls are among the most appealing evolutions for the audit and control world today. Nevertheless, they encounter strong obstacles:
– information compartmentalization and systems’ heterogeneity
– complex business processes involving numerous applications on-premise and cloud-based
– difficult identification of appropriate and fast-to-deploy solutions

During this luncheon organized by ISACA Montreal, Brainwave GRC will present examples of continuous audit and controls implementation within IT environments: IT access-related cyber risks, verification of compliance to SoD rules in business processes, etc. You will see how analytics and intelligence can improve greatly audit and controls efficiency and provide benefits for the whole organization.


To sign up for this upcoming conference, click here (in French)

Look up the event on ISACA Montreal’s website (in French)!


Speaker: Eric In from Brainwave GRC

  • Eric manages Brainwave Identity GRC inc., Brainwave GRC’s North-American subsidiary located in Canada. Before this, Eric was Investments Director at Entrepreneur Venture, an investment fund for technology and high-growth companies. For this position, he was in charge of technology investments (cloud information, security, online services) including Brainwave GRC. Eric has degrees in IT and finance.
Brainwave GRC at the IS days: the 6th edition’s recap

Brainwave GRC at the IS days: the 6th edition’s recap


28th and 29th of March


IS days is a two-day event in Luxembourg gathering cybersecurity experts and diverse IT actors for multiple conferences and live demos. It is one of the rising IT security events in Europe with more and more companies and organizations gathering each year to network and listen to in-depth conferences on diverse information security topics.

Brainwave GRC was SILVER sponsor for the 2017 IS days. The 6th edition attracted many European cybersecurity professionals, many of them showing strong interest in Cyril Gollain’s presentation, CEO of Brainwave GRC, and in the Brainwave Identity GRC solution. This presentation focused on the GDPR and how Brainwave GRC can help companies and organizations move forward and adopt a pragmatic approach to GDPR compliance by streamlining the building of the GDPR registry and the inventory and classification of processing and data.

Along this presentation, dozens of professionals came to Brainwave GRC’s booth and exchanged with the team to better understand the solution and attend live demos throughout the two-day event.




The 2017 IS days edition included for the first time a prestigious dinner “gathering 200 IT decision-makers to reward best practices on March 28th”.


See you next year!

Learn how to master your access certification with Paradigmo and Brainwave GRC

Learn how to master your access certification with Paradigmo and Brainwave GRC

Access certification
learn the basics and keys to success in 45 minutes

 Thursday 27th of April 2017 from 11:00 am to 11:45 am

  • What are the pain points and challenges related to access reviews?
  • What are the best practices?
  • Discover the Brainwave Identity GRC solution for efficient, easy and collaborative access reviews
with Paradigmo and Brainwave GRC’s expertise

With regulatory requirements, system complexity and continuous organisational transformation, there are strong regulatory and internal audit pressures for compliance.

Answer access review challenges, tedious data collection & processing as well as Joiners Movers Leavers (JML) process.

Discover the keys to success for industrialising access reviews and recertification campaigns with Brainwave GRC. 

Brainwave GRC at IDM Europe 2017 in Amsterdam

Brainwave GRC at IDM Europe 2017 in Amsterdam

Brainwave GRC was a the Identity Management White Hall media event – IDM Europe 2017 – on the 8th of March in Amsterdam!


IDM Europe is Europe’s leading Identity and Access Management conference for senior risk management, security and IAM actors across all industries, from government to worldwide manufacturers and banks. It is one of the rising IT security events in Europe with more and more companies and organizations gathering in Amsterdam each year.

Brainwave GRC was one of the IDM 2017 sponsors. The 3rd edition of this event was attended by many actors this year, attracted to the numerous seminars, speakers and customer testimonials.

Pablo Valarezo, Expert Information Security Manager at Acxiom, explained to a very large crowd why his company chose Brainwave GRC, how the project was sucessfully implemented and the solution’s benefits. Dozens of participants, many having to stand as all of the available seats were taken, listened to this down-to-earth presentation of what a Brainwave GRC project looks like and how successful it can be.





The 2017 IDM event in Amsterdam lasted only a day and went by very fast with Mr. Valarezo’s presentation and multiple exchanges and demonstrations at the Brainwave GRC booth all day long.

See you next year!


Want to know more about how Brainwave GRC can help you ensure you IAM project’s success by supporting and completing IAM with Identity Analytics and Access governance? Click here 




Controls automation: auditors and internal control’s key to success?

Controls automation: auditors and internal control’s key to success?

Why and how should a company automate controls?

The reasons to automate controls processes will logically depend on the company’s context and security challenges. Fighting against fraud is one of the main reasons for organizations to implement controls automation today. But it isn’t the only one. Here are a few of them:

  • Focusing on fraud risks

The goal here is to reduce fraud risks, often over large data volumes. The stakes are to gain full visibility over fraud risks, segregation of duties policy implementation but also to ensure that controls are properly operated and cover all the critical applications and business processes for which fraud risks are very high.

  • Targeting sensitive business processes

For some companies, the prime focus needs to be set on preventing risks at a business process level for their most sensitive ones, such as the Purchase-to-Pay business process. Security risks, such as fraud risks, are often significant at the business process level – within and between applications and systems – but companies often focus only on risks linked to IT infrastructures and fraud risks within applications only.

  • Improving data analysis

The goal here is to implement efficiently and broadly a proper data governance through automated controls. Controls over applications are a priority in this context and need to comply to security requirements such as proper privileged accounts management and efficient access rights governance.

What are the benefits?

Controls automation can provide many benefits, here are the main ones:

  • Optimizing controls processes, strongly needed by companies as they face rising regulatory requirements and pressure from control and compliance authorities.
  • Reducing security risks within applications and at a business process level
  • Reinforcing internal audit and control’s position within the company

Automating controls enables internal audit and control teams to save significant time, money and energy not using Excel spreadsheets with over fifty tabs to operate manually their controls. With controls automation, they can focus  on the most critical security and compliance stakes and risks that trully need their time and attention.


Are they limits to controls automation and how can you move past them?

Automating controls at the scale of an application, system or a wholke business process requires paying special attention to a number of topics in order for a company to prevent limitations and evaluate if its is ready to implement the automation of all or part of its controls processes.

Here are a few of the topics you should pay attention to:

  • Your applications’ maturity

Automating controls properly depends on your applications having the same “maturity” level.

  • Risks moving upstream or downstream

By automating controls, there is a risk that security issues be displaced. An example of risks moving “downstream” is an inefficient analysis and correction of discrepancies.

  • Automated controls staying relevant and answering internal audit’s needs over time
  • Segregation of duties

One of the keys to controls automation is implementing a proper segregation of duties at a business process level, within and between applications and processes in the IT systems.


Any questions? Don’t hesitate and contact us!