The WCB is inviting your firm to submit a Response for the following: The Workers Compensation Board (WCB) of Manitoba is issuing this Request for Information (RFI) to obtain current market information regarding commercially available Audit Management, Enterprise Risk Management (ERM), Compliance Management, and Governance, Risk and Compliance (GRC) software solutions. This RFI is intended to support WCB's planning and strategic assessment activities related to the modernization of Internal Audit, Enterprise Risk Management, Compliance Monitoring, Audit Reporting, Risk Assessment, and related governance functions. The WCB is seeking information regarding software capabilities that support audit planning and execution, workpaper management, issue tracking, risk assessment, compliance management, reporting and analytics, workflow automation, and artificial intelligence (AI)-enabled functionality. The WCB is particularly interested in solutions that support Canadian data residency requirements and public-sector governance needs.This RFI is being issued for market education and planning purposes only. Responses are non-binding, will not be evaluated as a competitive bid, and will not be used to pre-qualify Vendors for any future competitive procurement.The WCB may use information received through this RFI to:•Better understand available market solutions and deployment models;•Validate functional and technical requirements;•Assess artificial intelligence (AI) capabilities applicable to audit and risk management;•Understand Canadian hosting and data residency options;•Inform budgeting, implementation planning, and future procurement activities;•Refine the requirements and evaluation approach for a future Request for Proposal (RFP), if issued.Scope of Information RequestedThe WCB's objective is to obtain information regarding commercially available software solutions that support Internal Audit, Enterprise Risk Management (ERM), Compliance Management, and Governance, Risk and Compliance (GRC) functions.The WCB is interested in understanding current market capabilities, deployment models, implementation approaches, integration options, artificial intelligence (AI) functionality, security controls, Canadian data residency options, and commercial models available through modern software platforms.Specifically, the WCB seeks information regarding the following areas:a) Audit Management Capabilities•Risk-based audit planning and scheduling;•Audit universe management;•Audit workpaper management and documentation;•Audit workflow management;•Audit findings, recommendations, and action plan tracking;•Controls documentation and testing;•Audit reporting and analytics;•Continuous monitoring capabilities.b) Enterprise Risk Management (ERM)•Enterprise risk identification and assessment;•Risk registers and risk inventories;•Risk scoring methodologies;•Key Risk Indicators (KRIs);•Risk monitoring and reporting;•Risk and control self-assessment capabilities;•Integration between audit, risk, controls, and compliance functions.c) Compliance Management•Compliance obligation management;•Regulatory and policy mapping;•Compliance assessments and monitoring;•Control documentation and testing;•Compliance reporting and dashboards;•Workflow management and remediation tracking.d) Reporting and Analytics•Executive dashboards and management reporting;•Audit, risk, and compliance reporting;•Audit performance metrics;•Ad hoc reporting and self-service analytics;•Trend analysis and predictive analytics;•Data visualization capabilities.e) Artificial Intelligence (AI) CapabilitiesThe WCB is interested in understanding current and emerging AI capabilities available within Audit Management, ERM, Compliance Management, and GRC platforms.Vendors should describe available capabilities including:•AI-assisted audit planning and risk-based audit prioritization;•AI-assisted risk scoring and risk classification;•Predictive risk analytics and trend identification;•Regulatory and control mapping;•Document analysis, extraction, and summarization;•Conversational assistants and natural language query capabilities;•Automated findings and recommendation analysis;•Explainable AI controls and transparency features;•AI audit logging and monitoring capabilities;•Privacy, security, and governance controls applicable to AI functionality;•Canadian AI processing architecture and data handling practices.Vendors should identify which AI capabilities are generally available, currently in preview, or planned for future release.f) Integration and Technical Capabilities•Open APIs and integration frameworks;•Microsoft 365 integration, including Outlook, Teams, and SharePoint;•ERP integration capabilities;•HR and payroll system integration;•Data import and export capabilities;•Workflow automation and event-driven integrations;•Single sign-on (SSO) and identity management integration.g) Security, Privacy, and Data Residency•Canadian data residency and hosting options;•Security architecture and certifications;•Identity and access management;•Encryption, audit logging, and monitoring;•Privacy controls and governance;•Disaster recovery and business continuity capabilities.Vendors must clearly identify the physical locations where application data, backups, disaster recovery environments, AI processing services, and support-accessed data are hosted or processed.The WCB has a strong interest in solutions demonstrating complete Canadian data residency for production data, backup data, disaster recovery environments, and AI-related processing services.h) Commercial and Implementation Considerations•Licensing models and pricing structures;•Implementation methodologies;•Data migration approaches;•Training and onboarding services;•Ongoing support models;•Contract flexibility and exit strategies.Vendors may respond with integrated Audit Management and ERM platforms, Governance, Risk and Compliance (GRC) solutions, or other relevant software offerings that address all or part of the areas identified above.