See our complete list of top GRC vendors
ACL is a privately owned software company headquartered in Vancouver, British Columbia, Canada. For more than 30 years, ACL has been delivering risk management, compliance, and audit software to some of the biggest private and public organizations. Its automated enterprise SaaS platform merges GRC and corporate performance management (CPM).
ACL’s platform contains four core modules – strategy, projects, results and analytics –with integrated content and add-ons such as data connectors and configuration services.
- The Strategy module provides a view of strategic objectives and risks across the entity structure for risk universal planning and assessments.
- The Projects module is where operational risk treatment activities are planned and executed, from audits or compliance reviews to risk assessments or risk action plans.
- The Results module displays the output from risk analytics or monitoring programs, as well as human data from surveys or event forms (e.g. hotlines, whistleblowers).
- The Analytics module performs ad hoc risk analytics or automated analysis for monitoring programs, data aggregation and reporting purposes.
- The Reports module aggregates data from the other modules into BI-type reports or dashboards.
The platform includes a certified data connector to SAP ERP systems; embedded content in the platform specific to functional areas like robotic process automation for ERP processes; IT standards and regulations for cybersecurity and data privacy; regulatory content for banking and lending; and various entitlement programs for government.
“ACL’s embedded content can link standards or regulations to the organization’s library of process risk controls,” said Kris Hutton, ACL Director of Product Management. “This links to data analysis and surveys, which can be aggregated back to the Strategy module for better context to report to the board and senior management, demonstrating the direct business impact of certain initiatives.”
Recent updates include enabling customers to run a well-governed organization in real time, and making ACL’s GRC Platform seamlessly embed GRC knowledge content into daily workflow. The May 2018 release includes:
- A new dashboard for leadership oversight of audits, compliance reviews or risk assessment projects, including productivity benchmarks (e.g. projects completed, controls tested/passed/failed, issues opened and remediated, etc.)
- Robotic control assessments, where you can automate the pass/fail of a control with data analytics
- “Mission Control” module that shows control and process owners a flat view of the controls they own along with milestones and status
- Ability to more easily assign controls to front lines to perform a control or self-assessment for areas like SOX compliance, IT governance, internal control management, compliance management and strategy & performance governance
- Expansion of embedded content suites for financial controls monitoring, IT governance, banking & lending and government entitlement program oversight
- Evidence-linking for audit, compliance and risk project work
Markets and Use Cases
Key verticals include banking and lending, state, local, provincial and federal government, and higher education.
Forrester classifies ACL as a Strong Performer, its second-highest rating. The analyst firm said ACL’s GRC portfolio has grown substantially from its original audit solution. Forrester gives ACL high marks for its simple user interface, strong mobile support, and strong analytic integration.
More than 7100 active customers in 140 countries, including 60 percent of the Fortune 1000, 72 percent of the S&P 500, more than 700 local and state governments worldwide and more than 200 federal government agencies.
ACL’s platform is primarily delivered through the cloud, with its analytics module on premises.
On an annual subscription basis, prices range from less than $10,000/year to $1 million or more a year.
Get the Free Cybersecurity Newsletter
Strengthen your organization’s IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices.