Upload
others
View
3
Download
0
Embed Size (px)
Citation preview
GRC’s Positive Impact on Internal Control Management
User Experience Innovation in Workiva Wdesk
2 © 2015, all rights reserved, www.GRC2020.com
Today’s Presenters
Joe Howell Co-founder and Executive Vice President, Workiva
Michael Rasmussen GRC Pundit, GRC 20/20 Research, LLC
Jeramie Taylor Internal Controls Manager, Energy Company
3 © 2015, all rights reserved, www.GRC2020.com
– Current challenges
– The need for GRC solutions for internal control management
– How companies are benefiting
– Your questions
Overview
4 © 2015, all rights reserved, www.GRC2020.com
Jeramie Taylor Internal Controls Manager, Energy Company
5 © 2015, all rights reserved, www.GRC2020.com
Why did you create a category for innovation in user
experience for internal control management? Why is this important to practitioners?
6 © 2015, all rights reserved, www.GRC2020.com
The Line of Business Is Frustrated With the Barrage of Internal Controls
Operational Unit
Operational Unit
Operational Unit
Operational Unit
Changing business, risk, and regulatory
environments
Board
Line of Business Management
Employees
Control
Control Control
Control
Control
Control
Control
Contrl
Control
Control
Control
Control Control
Control
Control Control
7 © 2015, all rights reserved, www.GRC2020.com
Organizations are burdened by manual ad hoc processes to document, manage, and attest to internal controls.
This involves being overwhelmed with emails and documents — leading to, in varying degrees…
ü Excessive emails, documents, and paper trails
ü Poor visibility & reporting ü Files and documents out of sync ü Wasted resources and spending ü Overwhelming complexity ü No accountability
The Hydra of Inefficiency
8 © 2015, all rights reserved, www.GRC2020.com
The Winchester Mystery House • 160 rooms
• 47 fireplaces
• 6 kitchens
• 10,000 windows
• 65 doors to blank walls
• 13 staircases abandoned
• 25 skylights — in floors
• 147 builders/no architects
• Built without a blueprint
• $5.5 million over 38 years
. . . Confusing User & Employee Experience
9 © 2015, all rights reserved, www.GRC2020.com
Why Documents, Spreadsheets & Email Fail at Internal Control Management
NO AUDIT TRAIL § Documents, spreadsheets, and emails
alone do not have inherent audit trails. § An organiza9on cannot state with
certainty that answers to an assessment represent the actual, unaltered, and authen9cated answer to that control assessment, a<esta9on, or audit.
SLIPPING THROUGH CRACKS § There is no structure of required
workflow and task management.
§ People fire off emails asking for assessments in spreadsheets and documents and no one gets it done.
EASY TO MANIPULATE § It is a simple task for anybody to go back
and manipulate responses to paint a rosier picture to get themselves, someone else, or the organiza9on out of hot water.
NO CONSISTENCY § It is hard to make control assessments,
surveys, a<esta9ons, and other GRC related informa9on consistent.
§ Different documents and spreadsheets are forma<ed in different ways and each requires its own learning curve.
COMPLILATION NIGHTMARES § With hundreds to thousands of
documents used for internal control management, organiza9ons are struggling with compiling reports.
§ Significant 9me needed to integrate and compile informa9on from a mountain of documents, spreadsheets, and emails.
COMPILATION ERRORS § All the work compiling and integra9ng
hundreds to thousands of documents, spreadsheets, and emails for GRC is inevitable failure—odds are there is something wrong.
§ Manual reconcilia9on is bound to have errors.
10 © 2015, all rights reserved, www.GRC2020.com
. . . And We Hope Nothing Fails Ø Inability to gain clear view of
control dependencies;
Ø High cost of consolidating control information;
Ø Difficulty maintaining accurate control information;
Ø Failure to trend across control assessment periods;
Ø Redundant approaches limit correlation, comparison and integration of control & risk information; and
Ø Lack of agility to respond timely to changing risks, regulations, laws, and situations.
11 © 2015, all rights reserved, www.GRC2020.com
You make the statement that GRC approaches are cumbersome—in what way?
12 © 2015, all rights reserved, www.GRC2020.com
Are You Truly Aware of Your Risks?
“Never in all history have we harnessed such formidable technology. Every scientific advancement known to man has been incorporated into its design. The operational controls are sound and foolproof!”
—E.J. Smith, Captain of the Titanic
13 © 2015, all rights reserved, www.GRC2020.com
Change Is the Greatest Challenge Impacting GRC and Internal Controls
contact Carole S. Switzer [email protected] for comments, reprints or licensing requests ©2012 OCEG visit www.oceg.org for other installments in the Anti-Corruption Illustrated Series
011100111001010100
External Risk ChangeMonitor change in the external risk environment to determine how uncertainty in economic, geo-political, environmental, industry, societal, and market forces affect current and needed policies.
MARKET FORCES
INDUSTRY
TECHNOLOGY
COMPETITIVEFORCESGEO-POLITICAL
SOCIETAL FORCES
contact Carole S. Switzer [email protected] for comments, reprints or licensing requests ©2012 OCEG visit www.oceg.org for other installments in the Anti-Corruption Illustrated Series
$
Internal Risk/Business ChangeMonitor changes to the internal environment to identify how changes to strategy, mergers & acquisitions, processes, technology, business relation-ships, and employees affect current and needed policies.
MERGERS &ACQUISITIONS
STRATEGY
PROCESSES
IT
EMPLOYEES
FINANCIALPOSITION
BUSINESSRELATIONSHIPS
contact Carole S. Switzer [email protected] for comments, reprints or licensing requests ©2012 OCEG visit www.oceg.org for other installments in the Anti-Corruption Illustrated Series
Regulatory/Legal ChangeMonitor change in the legal and regulatory environment to determine how pending legislation, court decisions, new/changing regulations, and enforcement actions affect current and needed policies.
COURT RULINGS
ENFORCEMENT
LEGISLATION
REGULATIONS
MONITOR
14 © 2015, all rights reserved, www.GRC2020.com
Regulatory Activity in Financial Services Tracked 2008 to 2015 REGULATORY ACTIVITY TRACKED 2014-15
*Note: Tracked activity includes document changes, announcements, and enforcements by regulators. Average Daily Alerts = Total Alerts Year-on-Year / 261 Working Days
15 © 2015, all rights reserved, www.GRC2020.com
What do you see practitioners doing to address these GRC problems?
16 © 2015, all rights reserved, www.GRC2020.com
Titelmasterformat durch Klicken bearbeiten
GRC is a capability that enables an organization to:
G) reliably achieve objectives R) while addressing uncertainty and C) act with integrity.
OCEG GRC Capability Model
17 © 2015, all rights reserved, www.GRC2020.com
GRC Capability Model v3.0 – Iterative Cycles of Change & Improvement
What – has to be done? Who – is going to do it? Why – does he/she do it? How – will it be done? When – will it be done? Where – will it be done? Why – is it done like this?
KAI “CHANGE”
ZEN “GOOD”
18 © 2015, all rights reserved, www.GRC2020.com
GRC Technology Provides Automation and Tracking
Contact Carole S. Switzer [email protected] for comments, reprints or licensing requests ©2012 OCEG visit www.oceg.org for other installments in the Policy Management Illustrated Series
• Policy implementation and/or enforcement is not always possible. Exceptions can happen when the organization cannot comply with a policy, when the policy is too subjective, or requires excessive clarification.
• Organizations need processes to authorize, track, monitor and review exceptions.
• Those who authorize exceptions must have sufficient authority. Limits should be set so exceptions are regularly reviewed and not granted for extended or unreasonable time periods.
MANAGING EXCEPTIONS
• Exceptions must be documented and available to auditors and regulators upon request. Organizations that demonstrate clear procedures for policy exception management are also better able to defend their policy management processes.
• Organizations should institute compensating controls as part of exception approval until policy revisions are made or the organization is brought into full compliance.
?
COLLABORATION
Contact Carole S. Switzer [email protected] for comments, reprints or licensing requests ©2012 OCEG visit www.oceg.org for other installments in the Policy Management Illustrated Series
Archive and History
Every policy and its past revisions must be archived for referral at a later time. When an organization experiences an in-cident or is examined by an external audi-tor or regulator, it is often necessary to provide positive evidence of policy com-pliance. Preserving a full view of the policy history and audit trail (including key data points such as the owner, who read it, who was trained, acceptance acknowl-edgements and dates for specific policy versions) will help assert an accurate and complete policy control environment is operating effectively.
AUDIT TRAIL
contact Carole S. Switzer [email protected] for comments, reprints or licensing requests ©2012 OCEG visit www.oceg.org for other installments in the Anti-Corruption Illustrated Series
4 IMPLEMENT & ENFORCEEven with good communication, policies aren’t always fol-lowed. Implement controls that enable enforcement. Monitor those controls for effectiveness and adherence. Document and remediate violations, while considering what policy improvements should be made.
NUMBER OF FAILURES:3 POLICY VIO-
LATIONS:0EXCEPTIONS AND DEVIA-
TIONS
I haven’t seen any violations.
This needs to be done differently.
ENFORCEMENT
Contact Carole S. Switzer [email protected] for comments, reprints or licensing requests ©2012 OCEG visit www.oceg.org for other installments in the Policy Management Illustrated Series
Policy Maintenance ChecklistMeasure and Re-evaluate
Frequent changes to policies should not be necessary in a healthy policy environment. Active diligence through regu-lar review cycles will ensure policies remain appropriate and aligned to organizational needs and help minimize un-necessary exposure and liabili-ty. Policies found to be out of date should be revised or re-tired.
MANAGEMENT REPORTING
Contact Carole S. Switzer [email protected] for comments, reprints or licensing requests ©2012 OCEG visit www.oceg.org for other installments in the Policy Management Illustrated Series
0
0
11
1
1
1
01
0
0
0
11
1
0
0
1
1
0
0
0
0
1
1
0
1
0
0
11
1
1
1
01
0
0
0
1
1
0
0
0
0
1
1
0
1
0
0
11
1
0
0
1
1
0
0
1
1
01
0
0
0
1
1
0
0
0
0
1
1
0
1
0
0
11
1
1
01
0
0
110
10
0
10
0
0
11
1
1
010
10
0
10
0
0
11 0
10
1
1
010
10
0
10
1 0 10 11 00 0 1 100 0
Metrics
Metrics can provide a solid founda-tion for continuously refining the or-ganizational policy program. The right metrics will help ensure policies are effective at establishing desired behaviors efficiently, and agile enough to accommodate the de-mands of a dynamic and distributed business environment.
WORKFLOW & TASKS
contact Carole S. Switzer [email protected] for comments, reprints or licensing requests ©2012 OCEG visit www.oceg.org for other installments in the Anti-Corruption Illustrated Series
00
0
111
11
11
1
011
00
00
0
111
11
000
0
11
1
000
0
000
0
11
1
000
1
00
0
111
11
11
1
011
00
000
0
11
1
000
0
000
0
11
1
000
1
00
0
111
11
11
1
011
00
00111
000
0
11
1
000
0
000
0
11000
11
1
011
00
000
0
11
1
000
0
000
0
11
1
000
1
00
0
1111
11
1
0011
00
0
111100
111100
00
111100
00
0
1111
11
1
001100
111100
00
111100
00
0
1111
11
1
0011
00
0
111100
111100
00
111100
11
1
001100
111100
00
111100
00111
11
1
011
00
00
0
111
11
000
0
11
1
000
0
000
0
11
1
000
1
11011
000
0
11000
000
0
11000
00
0
111
11
11
1
011
00
00
0
111
11
000
0
11
1
000
0
000
0
11
1
000
1
11
1
011
00
000
0
11
1
000
0
000
0
11
1
000
1
00
0
1111
11
1
0011
00
0
111100
111100
00
111100
11
1
001100
111100
00
111100
00
0
1111
11
1
0011
0
111100
111100
00
111100
11
1
001100
111100
00
111100
00
0
111
11
11
1
011
000
111
11
000
0
11
1
000
00
11
1
000
1
11
1
011
00
000
0
11
1
000
0
000
0
11
1
000
1 111
00
0
1
000
00
11
011100
0000
1 0 10 11 00 0 1 0100 0 0 10 0 1 0 11 001 1 1 0 10 000 0 00 0
Integration Visibility Global Reach AvailabilityPolicy communication and training technologies need to integrate into the larger business environment - such as with HR systems to gain access to employee lists to prop-erly target and communicate policies.
Policy communication and training technologies need to be user friendly and intuitive so that users of varying degrees of capabilities can use the system and under-stand the policy.
Policy communication and training technologies should have the proper capabilities to meet the language and geographic needs of the organization.
Policy communication and training technologies need to be accessible across the business and often business relationships so that anyone associated with the organi-zation can easily access the policy and associated training.
THE BENEFIT OF TECHNOLOGY
Technology is the backbone for the implementation of the policy, training and communications plan.
0
DATATECH THE BENEFITS OF TECHNOLOGY
RepositoryTechnology enables policy implementation and enforcement by creating a repository of all policies, procedures, and controls that are cross-referenced with one another and not treated as isolated documents.
ConsistencyTechnology creates a consistent environment to conduct assessments, track issues of non-compliance, and take corrective actions. Technology allows organizations to more easily and efficiently manage its hundreds to thousands of individual documents especially during audits and assessments.
AccountabilityTechnology provides for a complete picture and defensible audit trail of the ‘who, what, when, where, how and why’ including the role and actions of each individual.
AutomationTechnology enables the automation of workflows and tasks to complete audits and assessments related to policy compliance. No longer is the organization encumbered by unanswered or lost emails or documents that are out of sync.
00 11 000111
0111
00 110111
0111
00 11 000111
0111
110111
0111
0000
0
111
1111
1
001
0000
0
111
0
110
0
110
0000
0
111111
1
001
0
110
0000
0
111
1111
1
001
0000
0
111
0
110
0
110
1111
1
001
0
110
0
110
00110111
0111
0000
0
111
1111
1
001
0
110
0
110
1111111111111
1
0000000000001111
0000000000
1100 0
Contact Carole S. Switzer [email protected] for comments, reprints or licensing requests ©2012 OCEG visit www.oceg.org for other installments in the Policy Management Illustrated Series
THE BENEFITS OF TECHNOLOGY
RepositoryTechnology enables policy implementation and enforcement by creating a repository of all policies, procedures, and controls that are cross-referenced with one another and not treated as isolated documents.
ConsistencyTechnology creates a consistent environment to conduct assessments, track issues of non-compliance, and take corrective actions. Technology allows organizations to more easily and efficiently manage its hundreds to thousands of individual documents especially during audits and assessments.
AccountabilityTechnology provides for a complete picture and defensible audit trail of the ‘who, what, when, where, how and why’ including the role and actions of each individual.
AutomationTechnology enables the automation of workflows and tasks to complete audits and assessments related to policy compliance. No longer is the organization encumbered by unanswered or lost emails or documents that are out of sync.
00 11 000111
0111
00 110111
0111
00 11 000111
0111
110111
0111
0000
0
111
1111
1
001
0000
0
111
0
110
0
110
0000
0
111111
1
001
0
110
0000
0
111
1111
1
001
0000
0
111
0
110
0
110
1111
1
001
0
110
0
110
00110111
0111
0000
0
111
1111
1
001
0
110
0
110
1111111111111
1
0000000000001111
0000000000
1100 0
Contact Carole S. Switzer [email protected] for comments, reprints or licensing requests ©2012 OCEG visit www.oceg.org for other installments in the Policy Management Illustrated Series
THE BENEFITS OF TECHNOLOGY
RepositoryTechnology enables policy implementation and enforcement by creating a repository of all policies, procedures, and controls that are cross-referenced with one another and not treated as isolated documents.
ConsistencyTechnology creates a consistent environment to conduct assessments, track issues of non-compliance, and take corrective actions. Technology allows organizations to more easily and efficiently manage its hundreds to thousands of individual documents especially during audits and assessments.
AccountabilityTechnology provides for a complete picture and defensible audit trail of the ‘who, what, when, where, how and why’ including the role and actions of each individual.
AutomationTechnology enables the automation of workflows and tasks to complete audits and assessments related to policy compliance. No longer is the organization encumbered by unanswered or lost emails or documents that are out of sync.
00 11 000111
0111
00 110111
0111
00 11 000111
0111
110111
0111
0000
0
111
1111
1
001
0000
0
111
0
110
0
110
0000
0
111111
1
001
0
110
0000
0
111
1111
1
001
0000
0
111
0
110
0
110
1111
1
001
0
110
0
110
00110111
0111
0000
0
111
1111
1
001
0
110
0
110
1111111111111
1
0000000000001111
0000000000
1100 0
Contact Carole S. Switzer [email protected] for comments, reprints or licensing requests ©2012 OCEG visit www.oceg.org for other installments in the Policy Management Illustrated Series
THE BENEFITS OF TECHNOLOGY
RepositoryTechnology enables policy implementation and enforcement by creating a repository of all policies, procedures, and controls that are cross-referenced with one another and not treated as isolated documents.
ConsistencyTechnology creates a consistent environment to conduct assessments, track issues of non-compliance, and take corrective actions. Technology allows organizations to more easily and efficiently manage its hundreds to thousands of individual documents especially during audits and assessments.
AccountabilityTechnology provides for a complete picture and defensible audit trail of the ‘who, what, when, where, how and why’ including the role and actions of each individual.
AutomationTechnology enables the automation of workflows and tasks to complete audits and assessments related to policy compliance. No longer is the organization encumbered by unanswered or lost emails or documents that are out of sync.
00 11 000111
0111
00 110111
0111
00 11 000111
0111
110111
0111
0000
0
111
1111
1
001
0000
0
111
0
110
0
110
0000
0
111111
1
001
0
110
0000
0
111
1111
1
001
0000
0
111
0
110
0
110
1111
1
001
0
110
0
110
00110111
0111
0000
0
111
1111
1
001
0
110
0
110
1111111111111
1
0000000000001111
0000000000
1100 0
Contact Carole S. Switzer [email protected] for comments, reprints or licensing requests ©2012 OCEG visit www.oceg.org for other installments in the Policy Management Illustrated Series
19 © 2015, all rights reserved, www.GRC2020.com
Power of Control Integration Drives GRC Intelligence
REGULATIONS &OBLIGATIONS
RISK & ANALYSIS
OBJECTIVES& GOALS
INCIDENTS& ISSUES
ASSETS & RELATIONSHIPS
POLICIES &TRAINING
CONTROLS &ASSESSMENT
ROLES & RESPONSIBILITIES
©2012 OCEG, Permission by OCEG is required for reproduction and/or use of material www.OCEG.org -- Derived from the OCEG GRC Illustrated Series
BENEFITS
process optimizationAll non-value-added activities are eliminated and value-added activities are streamlined to reduce lag time and undesirable variation.
better capital allocationIdentifying areas where there are redundancies or inefficiencies allows financial and human capitalto be allocated more effectively.
higher quality informationIntegrating GRC information allows management to make more intelligent decisions, more rapidly.
protected reputationReputation is protected and enhanced because risks are managed more effectively.
improved effectivenessOverall effectiveness is improved as gaps are closed, unnecessary redundancy is reduced, and GRC activities are allocated to the right individuals and departments.
reduced costsReduced costs help to improve return on investments made in GRC activities.
.
©2012 OCEG, Permission by OCEG is required for reproduction and/or use of material www.OCEG.org -- Derived from the OCEG GRC Illustrated Series
BENEFITS
process optimizationAll non-value-added activities are eliminated and value-added activities are streamlined to reduce lag time and undesirable variation.
better capital allocationIdentifying areas where there are redundancies or inefficiencies allows financial and human capitalto be allocated more effectively.
higher quality informationIntegrating GRC information allows management to make more intelligent decisions, more rapidly.
protected reputationReputation is protected and enhanced because risks are managed more effectively.
improved effectivenessOverall effectiveness is improved as gaps are closed, unnecessary redundancy is reduced, and GRC activities are allocated to the right individuals and departments.
reduced costsReduced costs help to improve return on investments made in GRC activities.
.
20 © 2015, all rights reserved, www.GRC2020.com
Current Level of GRC Integration Across Organization
1 The more integrated, the more consistent in how GRC needs are addressed in different areas of concern.
2 The more integrated, the more confident about management of risk and compliance.
3 The more integrated, the more confident about performance and ability to audit performance, risk and compliance.
4 The more integrated, the more confident about having the right metrics to get clear views about performance, risk and compliance.
5 The more integrated, the more business units feel they give the right amount of information to strategic decision-makers and the board.
6 The more integrated, the more respondents select positive terms to describe metrics they use.
The Value of Integrated GRC
SOURCE: OCEG & GRC 20/20 2014 GRC Maturity Survey, data is from 190 respondents from organizations with 500+ employees.
21 © 2015, all rights reserved, www.GRC2020.com
To Enable Organizations to Be . . .
1. Aware
ü Have a finger on the pulse of business
ü Watch for change in internal & external environment
ü Turn data into information that can be, and is, analyzed
ü Share information in every relevant direction
2. Aligned
ü Support and inform business objectives
ü Continuously align objectives and operations to risk of the entity
ü Give strategic consideration to information from risk management enabling appropriate change
3. Responsive
ü You can’t react to something you don’t sense
ü Gain greater awareness and understanding of information that drives decisions and actions
ü Improve transparency, but also quickly cut through the morass of data to what you need to know to make the right decisions
4. Agile
ü More than fast, nimble
ü Being fast isn’t helpful if you are headed in the wrong direction
ü Risk mgmt enables decisions and actions that are quick, coordinated, and well thought out
ü Agility allows an entity to use risk to its advantage, grasp strategic opportunities, and be confident in its ability to stay on course.
5. Resilient
ü Be able to bounce back quickly from changes in context and threats with limited business impact
ü Have sufficient tolerances to allow for some missteps
ü Have confidence necessary to rapidly adapt and respond to opportunities
6. Lean
ü Build the muscle, trim the fat
ü Get rid of expense from unnecessary duplication, redundancy, and misallocation of resources within the risk management
ü Lean the organization overall with enhanced capability and related decisions about application of resources
22 © 2015, all rights reserved, www.GRC2020.com
Case Study in Effective Internal Control Management
In a report in November 2012, the DOJ and SEC stated they:
“have often encountered companies with compliance programs that are strong on paper but that nevertheless have significant . . . violations because management has failed to effectively implement the program even in the face of obvious signs of corruption.”
POINT: Regulators are tired of paper-based compliance programs that look good on paper but fail in operations and employee engagement.
23 © 2015, all rights reserved, www.GRC2020.com
When you saw Wdesk, what stood out to you right away as the biggest and most valuable things that
set Wdesk apart from other GRC solutions/platforms?
24 © 2015, all rights reserved, www.GRC2020.com
INNOVATOR
2015
ü The Wdesk platform by Workiva is a GRC solution that GRC 20/20 has researched, evaluated, and reviewed with organizations that are using it in dynamic business environments.
ü GRC 20/20 has evaluated and verified the innovation found in Wdesk and sees this as a compelling offering for internal control management. With an intuitive and engaging user experience, Wdesk makes organizations more efficient, effective, and agile.
ü In this context, GRC 20/20 has recognized Wdesk with a 2015 GRC Innovation Award for the best user experience in Internal Control Management in 2015.
What the Wdesk Platform by Workiva Innovation Is About . . .
25 © 2015, all rights reserved, www.GRC2020.com
Capabilities of Wdesk Platform by Workiva
1 Task Management
2 Audit Trail & Evidence Management
3 Data Collection
4 Flowcharts
5 Visualizations
6 Dashboards
7 Cellular Audit Trail
8 Out-of-the-Box Templates
9 Mobility
10 Collaborative
26 © 2015, all rights reserved, www.GRC2020.com
GRC 20/20 Value Trajectory of Wdesk Platform by Workiva
Security of data & informa9on Increase produc9vity
Time to value and con9nued value
Maintaining data integrity across plaOorms & documents
Review process Document centric experience
27 © 2015, all rights reserved, www.GRC2020.com
Characteristics of GRC Solution Maturity Enablement
Automating and streamlining
individual requirements or risks Siloed, Fragmented
Information. Manual Processes, Documents, Spreadsheets &
Email, Cumbersome
Streamlining individual functions / departments with
department level processes and analytics that addresses a range of risk and compliance areas in
context of the department / function.
Cross-department collaboration, sharing of information, and 360°
contextual awareness of risk and compliance in context of
the organization
Agile
Maturity of the Program Enabled by Information & Technology Architecture
Stra
tegi
c Ef
fect
iven
ess
Fragmented
Managed
Questions? Michael Rasmussen, J.D. The GRC Pundit & OCEG Fellow [email protected] +1.888.365.4560
Some of the content we have evaluated is OCEG content which GRC 20/20 has an established relationship to use. Please do not copy slides or graphics without permission. GRC 20/20 highly recommends you consider OCEG membership at www.OCEG.org.
GRC 20/20 Newsletter
LinkedIn: GRC 20/20
Blog: GRC Pundit
Twitter: GRCPundit
LinkedIn: Michael Rasmussen
29 © 2015, all rights reserved, www.GRC2020.com
Dare to think differently
“Any intelligent fool can make things bigger, more complex and more violent. It takes a touch of genius – and a lot of courage to
move in the opposite direction.”
Albert Einstein or E.F. Schumacher.