Data-driven enterprise risk management at Equinix
“It doesn’t require much IT support, if any at all. We just found it was a very cost effective approach compared to some of the others. And it provided the integration capabilities and the flexibility that we needed. It gives us that overarching umbrella for how we look at governance, risk and compliance.”
VP of Finance,
“The entire platform—the integrated approach from start to the end—helps me send out exceptions to business owners, to provide information directly in the tool instead of back and forth email and reminders.”
Sr. Manager, GRC Program Office, Legal,
Equinix, Inc. (Nasdaq: EQIX) connects the world’s leading businesses to their customers, employees and partners inside the most interconnected data centers. In 40 markets worldwide, Equinix is where companies come together to realize new opportunities and accelerate their business, IT and cloud strategies.
Enterprise-wide risk oversight
to manage risks & improve performance
on a single, unified platform
Aggregate, data-driven reporting
on governance, risk & compliance
Minimal IT burden
Easy to implement, easy to learn
Interview with Equinix VP of Finance, Rod Verhulp &
Sr. Manager, GRC Program Office – Legal, Nilisha Agrawal
Rod: We’re one of the leading data center companies. We provide space, power and connectivity. Our customers are the major financial institutions and their trading partners, the major ISPs, and all the major enterprises companies you’ll see throughout the world.
How were you previously managing enterprise risk at Equinix?
Rod: It was more in silos, so we did not have a comprehensive view of risk. We did spend a lot of time putting together risk maps and then reports for the board, and then also for management.
Nilisha: Because we were exchanging emails and documents with each other and it’s not sitting in place. Like if we had an audit or we needed to look at something, it was like “okay, let’s gather all these documents.” Audit or compliance or risk management is not sitting in one department anymore, especially for big companies.
Rod: So we looked at that and said: how do we get a better view of risk and how do we get better leverage amongst the different programs that are trying to manage these risks?
Why did you select the ACL platform for enterprise risk management?
Rod: We just saw a lot of the systems as overkill. We just thought they were too heavy, too expensive and then it would have taken a lot of IT support. I’ve just seen too many companies go after these really big, heavy GRC or ERM systems and it’s just too complicated. We had to have a good platform to manage data.
Nilisha: And we looked at many, many platforms and ACL was the one that we chose for many reasons. One was ease of implementation.
Rod: It doesn’t require much IT support, if any at all. We just found it was a very cost effective approach compared to some of the others. And it provided the integration capabilities and the flexibility that we needed. It gives us that overarching umbrella for how we look at governance, risk and compliance.
How does the ACL platform support governance, risk management & compliance across the enterprise?
Nilisha: Inter-departmentally, we are able to share information on the same platform. Let’s say for example, an anti-bribery and corruption program (ABC). I mean, there is parts of it that I manage. There’s parts that our internal audit manages. There’s enterprise-wide risk that there’s a map for. So, being able to see ABC as a whole in one platform, instead of going to three people to ask for three different sheets and then coming up with a report, I think is one of the biggest benefits.
Whether it sits in internal audit or compliance, or the risk department, these departments then jointly come up with a plan of auditing or putting processes or programs in place to mitigate these risks.
How is ACL’s data driven platform adding value for your GRC teams & enterprise risk management at Equinix?
Nilisha: The entire platform—the integrated approach from start to the end—helps me send out exceptions to business owners, to provide information directly in the tool instead of back and forth email and reminders.
Rod: Having the information in front of you, having a database you can go through and parse it and sort it and have the different management reports and the different views of the data, it allows you to get very granular. It allows you to get very specific. And so it really allows us to document what we do. So outside parties like our external auditors and then other regulatory groups—also in talking to our legal department, who we work very closely with—we have a pretty good case of how we manage these risks. We’re very confident that the Department of Justice or the SEC would come in and take a look at our program saying, “You guys have done everything a reasonable company could do,” and it would really limit the sanctions they would have against us.
Nilisha: ACL was right there, saying, “We will change with the market and we’ll move fast and we’re a SaaS solution and easy to implement.” It’s an easily acquirable skill for people to learn and get up and running quickly.
Rod: We think we’re far ahead of most other companies and I’d say a lot of it has to do with the leverage of the technology.