• The Risk Management Department needed to spend less time gathering and entering data, and more time analyzing data. They needed to incorporate easy to understand graphics and a simple interface to facilitate organizational compliance. As a global institution, they needed to access real time data regardless of user location. They needed to engage and activate all levels of risk management at the risk owner level, while still being able to report up to the governing committee.

FixNix Solution

  • Fix Nix GRC (Governance, risk and compliance ) provides a simple user interface, easy to understand graphics eith drill-down functionally, and real-time data with fully integrated mobile capability to support the organistion’s ERM ( Enterprise Risk Management ) process: FixNix GRC (Governance, Risk and compliance ) provides a simple user interface, easy to understand graphics with drill-down functionality, and real-time data with fully integrated mobile capability to support the organisation’s ERM (Enterprise Risk Management ) process.

Fully configurable FixNix GRC Heat Map

  • Simple 5x5 matrix uses a Red, Yellow, Green key to clearly define areas of concern for Risk Owners.
  • Easy to use filtering allows Risk Managers and Owners to drill into the data.
  • All data is real-time and immediately available for reporting/viewing purposes.

Key Findings

  • Formal enterprise or IT risk managemetnt and compliance programs are the exception rather than the rule. More common are informal processes and prcedure for dealing with risk management and compliance.
  • Most insitituions have a formal institutional governance body in place. About half a formal IT governance body.
  • There are significant gaps between the perceived importance of specific risk and the effectivenees with which they are being addressed. Information security is viewed as the most importance risk to address, yet the perceived effectiveness with which it is addresed does not match its importance.
  • Maturity is risk management is associated with stronger governance and compliance effotrts and processes. In addition , those with more mature IT risk management programs have a greater influence on institutional leadership decisions.
  • Those with an IT governance body in place are more likely to involve others-particularly faculty, students, and alumni-in both IT budgeting and other IT governance decisions. This increased involvement may facilitate or enhance communication of IT GRC issues across the institution.
  • When embarking on IT GRC initiatives, priority should be given to establishing or strengthening the risk management program. Maturity in risk management is associated with stronger IT compliance and governance processes.
  • CIOs have the opportunity to leverage their position as IT governance leads to convey the importance of initiating and developing formal IT risk and compliance are associated with more investment and better practices in IT risk and compliance.


  • The FixNix GRC solution provided a tool the client can configure to meet their specific EMR needs. FixNix GRC gave them easy to understand graphics, and an intutive interface that removes their dependence on Excel spreadsheets and gives them immediate access to real-time data. Full mobile integration ensure that meetings are productive, and that Risk Managers can make effcient use of their time while travelling between meetings or locations.
  • Ease of use, simplicity in configuration, and intution design ensure that risk Owners, regardless of comfort-level, are able to actively participate in the EMR process. The Risk Department has benefited from increased organizational involvement with the risk management process, and FixNix GRC is being progressively rolled out to their global locations.


  • The risk Management Depatrtment benefitted from a GRC tool that could be easily condigured to meet their goals for a simplified EMR process that would engage the entire organization and empower disparate departments to actively participate in their global risk strategy.