Flexibility of WRM and The Power of WRM. Bob Adderley
|
|
- Bartholomew Ball
- 5 years ago
- Views:
Transcription
1 Flexibility of WRM and The Power of WRM Bob Adderley 1
2 Risk Management (GRCA) are the starting point but you can add on many other things including: Internal Audit Business Continuity Management Incident Management Policy Management Project Management Reporting Vendor Management 2
3 Internal Audit Sample Dashboard Views 3
4 Audits grouped by planning periods. 4
5 Assigned Tests grouped by status 5
6 View all Audit Findings 6
7 Risks across departments/business units 7
8 Regulations & linked Risks 8
9 Business Continuity Management 9
10 Purpose Business Continuity Management is about managing disruption-related risk. Focus is on reducing the occurrence and scale of events that could cause disruption, and building capacity to: Stabilise any disruptive effects as soon as possible Continue or quickly resume operations that are most critical to the organisation s objectives Expedite a return to normal operations and a full recovery WRM can be used as a Business Continuity Management (BCM) application, integrated with ERM practices. 10
11 Purpose Determine business activity / processes to be analysed Process Review Prepare inventory list of controls / determine significance of disruption Determine the case for risk treatment Record and review contingency plan. Add / Update Risk linked to Processes Business Impact Analysis Add / Update Risk & Control with impact of disruption Add / Update Risk Treatment Contingency Plan 11
12 Purpose Business Impact Analysis (BIA) process 12
13 Identify Critical Processes 13
14 BIA 14
15 BIA Results 15
16 Contingency Plans 16
17 Incident Management 17
18 Purpose Loss Events/Incidents Reporting is an integral part of risk management Various applications in risk management include: Loss Events reporting for Operational Risk Management in Financial Institutions Incident Reporting for healthcare organizations Occupational health and safety accident reporting Fraud / Irregularities reporting Step 1: Incidents are logged directly in the system Step 2: An investigation is then performed on the logged Incident 18
19 Logging Incidents 20
20 Fraud Incidents 21
21 Health and Safety Incidents 22
22 Incident Management 24
23 Incident Reporting This view presents to the users a dashboard to input and analysis Incidents, including those with Financial Impact 25
24 Policy Management 26
25 Policy Management Process The standard configuration and methods available have been developed to meet the following high-level process. Policy Creation Policy Creation Policy Version Policy Authoring Policy Approval Policy Review Policy Approval Policy Publish Policy Attestation Policy Testing Policy Attestation 27
26 Policy Creation The Policy document allows you define who is responsible for the policy, who can allow exemption requests 28
27 Policy Version The main policy page allows the user to determine where the policy comes from (can point to external sources if required). Note the Status of the policy as it moves through the workflow 29
28 Policy Review 30
29 Policy Approval 31
30 Publication and Attestation Alerts with links for Policy Attestation are sent to the distribution list. The user reads the policy. On the next screen, they can sign off that they have read it. They can also request an exemption if required. 32
31 Project Management 33
32 Phases Summary 34
33 Summary of Impacts 35
34 Action Plan Summary 36
35 Project Overview 37
36 Project Quantification 38
37 SSRS Reporting Integration UNITED KINGDOM UNITED STATES CANADA DUBAI AUSTRALIA NEW ZEALAND 39
38 PURPOSE MS SQL Server Reporting Services (SSRS) MS SSRS is a reporting tool that is provided with MS SQL Server. Wynyard Risk Management (WRM) allows for integration with SSRS using both a Reporting Component that can be added to the Dashboard views, and a reporting menu command on Dashboard Lists SSRS reports are created using the standard SSRS Report Builder application (or other tools compatible with SSRS) External Reporting Interface (veri) SQL view based approach which turns the Risk model into a number of views for reporting and data extraction purposes Although only SSRS reports can be integrated into the WRM dashboard, these SQL views can be used to create reports in other external reporting tools such as Crystal Reports, Business Objects or Cognos 40
39 SAMPLE REPORTS - PARAMETERS 43
40 SAMPLE REPORTS - GRAPHS 44
41 SAMPLE REPORTS PARENT REPORT 45
42 SAMPLE REPORTS CHILD REPORT 46
43 Vendor Management Sample Dashboard Views 47
44 Vendor Management Examples Vendor is an item type: just like a Risk, Control, Incident, etc A Vendor can be linked to the information you re already capturing Premise is we ve loaded our Vendor details into WRM Ideally WRM sends alert with link to Vendor Vendors login and update their own details Vendor owners monitor status through dashboards Owners can assign questionnaires to the Vendors WRM s link Vendor completes qnaire in WRM Vendors are linked to the Systems/Services they provide Systems are documented in WRM Vendors via Systems are linked to Risks, Controls, Objectives, BCP items, etc 48
45 Criticality and Spend 49
46 Vendor Details 50
47 Issues/Concerns/Criticality tied to Vendors/Systems 51
48 Contract Renewal Dates 52
49 53
50 Vendor Questionnaire Overview 54
51 Advantages of upgrading to WRM UNITED KINGDOM UNITED STATES CANADA DUBAI AUSTRALIA NEW ZEALAND 58
52 Upgrading to WRM - Opportunity o WRM Upgrade is an opportunity to: o Improve the way our solution supports business needs o Reduce the overhead and increase time for important work o Engage with additional groups within your organization o Share responsibility and ownership o Tune up existing process, workflows and eliminate gaps o Engage experts in directly managing the components of GRC o Centralized, timely data: ease of monitoring, updating, reporting o Flexible dashboards: analyze information in new ways o Eliminate redundancy and duplicate effort o Reduce overhead of chasing and collating data 59
53 Upgrading to WRM - Advantages Advantages User friendly interfaces: easy to use, fewer errors, reduced training time Standardize approach: ensure consistent workflow across the enterprise Engage experts in directly managing the components of GRC Centralized, timely data: ease of monitoring, updating, reporting Flexible dashboards: analyze information in new ways Eliminate redundancy and duplicate effort Reduce overhead of chasing and collating data 60
54 Upgrading to WRM - Approach Best approach is to treat this like a standard project Begin with Requirements Analysis Expand focus to what we d like to be able to do, Not limit ourselves to what we are currently doing with ERA Engage the Subject Matter Experts throughout Including groups that aren t going to use immediately Document all objectives and requirements: Immediate short term Medium term Long term Phased approach is best - Don t boil the Ocean 61
55 Upgrading to WRM - Approach 62
56 Bob s Winter Igloo Home 63
57 Case Studies - Recent WRM Upgrades UNITED KINGDOM UNITED STATES CANADA DUBAI AUSTRALIA NEW ZEALAND 64
58 International Pharma Co. Go-Live June 2015 Top 20 on Fortune 500 > +125 billion $US in annual sales > 40,000 employees Used excel to manage 4900 Controls, 7000 Tests. WRM provided centralized data store, simple security management and direct access for external auditors. WRM s configurable Methods designed for the users reduced training 1740 users to 2, 4 or 8 hour sessions depending on roles. Built complex testing calculations, deficiency workflow and inserted bitmaps of testing calendars 65
59 International Pharma Co. Kairos WRM : Motivation Leverage new features After using Kairos for over a year came up with a wish list for improvements and extensions Desire to integrate other groups into using the solution And combine all of these improvements and expansion into the upgrade 66
60 Banking and Trust Company Go-Live May billion in assets, 12 branches Upgraded from 5 users in version 7 to 48 in version 9. Documented controls on spreadsheets but couldn t link to risks. WRM made linking easy and reduced redundancies Customisability of WRM made it possible to have more than just Risk Officers updating items. Expanded WRM to include COSO, Vendor Management, Incident and Complaints Management. 67
61 Banking and Trust Company Recognition that there was a lot of overhead Wasted low value work chasing, correcting data Data was inaccurate WRM to improve quality Process was inconsistent WRM to standardize Desire to eliminate silos Centralize the data reduce delays 68
62 US Bank Go-Live January 2015 Risk data captured in spreadsheets, scores hard to aggregate up to categories and processes WRM allows for clean data to be entered Use WRM to capture Tasks including department initiatives, process improvements, directives from Leadership Committees. Dashboards created for committee s/boards to track progress of the tasks. 69
63 70