The power of simplicity

Size: px

Start display at page:

Download "The power of simplicity"

Joshua Derrick Blake
5 years ago
Views:

1 The power of simplicity FACTSHEET

2 - 1 - Vertex GRC is a cloud based system developed with focus on the user it is designed to be intuitive, easy to implement, maintain and use. The system is set up with best-practice functionality, workflows and reports, which means that the customers can accomplish tasks and get reports from day one. It is our aim and objective to enable medium-sized companies easy access to the benefits of a modern GRC-system at a reasonable price.. Organizational structure Create a clear overview of the organization with processes, risks and controls Frameworks Combine processes, risks and control activities in separate views. Follow-up on the created framework by obtaining information shared across the system Status Quickly idenitfy the parts of the organization that require action or corrective measures Reports Chose between a large number of different pre-configured reports showing information specifically designed for the use by management and control functions Integration between the lines of defence Common definitions, single source of information, workflows and reports all designed to align on the same level of granularity enables the lines of defence to cooperate in a simple and effective way. FACTSHEET

At the same time it is important that the control functions have adequate mandate and tools to ensure efficiency and effectiveness of the organization as well as ensuring adherence to applicable laws

3 - 2 - Common platform for different needs The business performs it s daily work and expects input and support from the control functions. This should be a smooth process without wasting time on different documentation requirements to satisfy separate perspectives by the control functions. At the same time it is important that the control functions have adequate mandate and tools to ensure efficiency and effectiveness of the organization as well as ensuring adherence to applicable laws and regulations. FACTSHEET Internal Control Organizational structure Risk and control universe Workflows for risk and control assessments Follow-up on identified control weaknesses and corrective actions Risk Yearly risk plan Documentation of risk activities Analyse incidents and losses Analyse assessed risks Follow-up on high risks and corrective actions Internal Audit Yearly audit plan Documentation of audits and observations Follow-up on issues and corrective actions Compliance Yearly compliance plan Documentation of compliance activities Management of policy documents Management of applicable regulations Workflows for assessment of compliance Follow-up on identified issues and corrective actions

- 3 - Aligned planning and follow-up The control functions have the possibility to plan and document their yearly activities centrally in an the same tool.

The same applies for identified issues and corrective actions, which all collected, manged and displayed centrally.

view of planned activities Activity overview Control functions receive a clear picture of when activities are planned. This enables coordinated planning to maximize control function synergies.

4 - 3 - Aligned planning and follow-up The control functions have the possibility to plan and document their yearly activities centrally in an the same tool. Plans are individual but also available on a high level to align activities across functions. The same applies for identified issues and corrective actions, which all collected, manged and displayed centrally. Responsible persons have only one place to go and any updates are immediately visible Show activities distributed over the year Chose filters on the organization and control function to show desired view of planned activities Activity overview Control functions receive a clear picture of when activities are planned. This enables coordinated planning to maximize control function synergies. Central picture of corrective actions All open corrective actions are shown centrally to support the responsible functions to follow-up upon actions in relation to their deadlines Active follow-up on corrective actions The sunburst chart is interactive and clickable to select one or many actions for analysis or direct follow-up with responsible persons Genererate follow-up directly in the system Select the corrective actions that require follow-up and send personalized s. s include the link to the action for the respondents to act upon.

5 - 4 - Organizational structure Relevant processes, risks and controls can be logically mapped to create a clear overview of the organization Frameworks Combine processer, risks and controls in separate views. Create and follow-up the frameworks based on available information on each element of the frameworks Risk and control assessments Initiate workflows of risk and and control assessments directly in the organizational tree structure Select view Select filters on date and organization to show the desired view of control status Control activity status Quickly identify in which parts of the organization control weaknesses are located and how the status has evolved over time Internal control function The responsible person for internal control has one single tool for management of the yearly cycle. Update documentation, initiate risk and control assessment workflows, follow-up on status of risk mitigation and control actions without the hassle of managing separate documents and excel sheets.

6 - 5 - Risk assessments Conduct and validate risk assessments centrally using different risk perspectives. Access related risk information from other parts in the system directly in the assessment Risk mitigation actions If a risk deemed to take action upon, mitigation actions are created and assigned to responsible persons with multiple follow-up possibilities Reporting with different views Use the filters to display selected risks and total exposure in the report Export Data selected in the report can be exported to excel to easily create own graphs or presentations Analysis Drill-down to the individual risk assessment to create a better understanding of the risk Trends Follow how the risk develops over time Risk management function Risk management has all essential functions for documenting, executing risk activities including follow-ups on total exposure and risk mitigation actions.

- 6 - Regulatory requirements Central documentation of the requirements including mapping to relevant policy documents Compliance function Responsible person for compliance has one single tool for

Regulation register Create a clear overview with a central register of all laws and regulations relevant for the organization Compliance status Follow-up on status of control activities that ensures

7 - 6 - Regulatory requirements Central documentation of the requirements including mapping to relevant policy documents Compliance function Responsible person for compliance has one single tool for documenting and executing compliance assessments including follow-ups on regulation by regulation basis as well as on individual policy documents. Regulation register Create a clear overview with a central register of all laws and regulations relevant for the organization Compliance status Follow-up on status of control activities that ensures compliance Policy document register Create a clear overview with a central register of all policy documents. Workflows with notifications ensure they are kept up to date Policy awareness Use the workflow to send the current policy document to all relevant employees for easy confirmation of awareness including follow-up possibilities

8 - 7 - Internal audit Head of Internal audit has one single source for planning, documentation, execution and follow-up on audits. It creates a clear structure that follows the IPPF standard to ensure that a quality review is passed with ease, even with parts of the function being outsourced to external consultants. Yearly audit plan Switch back and forth between the years for comparison Overview All the audits on the yearly audit plan are displayed to create an overview including vital information on status, timing, resources and results Supporting documentation Central and clearly structured repository of required yearly audit plan documentation according to the IPPF standard Planning of individual audit Create a high level planning to set the objectives, assign auditors and keep track of budgeted hours and audit status Audit documentation Central and clearly structured repository of required documentation according to the IPPF standard Follow-up on identified issues Issues and corrective actions are followed-up centrally with multiple reports and views

9 - 8 - Register incidents All employees have the possibility to register incidents for further analysis and management Manage incidents Incidents can intuitively be analysed and categorized. Occurred losses and corrective actions are recorded and may be followed-up upon. Reporting Reports show the overview of amount of incidents and total losses that resulted from the incidents on a selected time line Aggregated analysis Incidents are also displayed in aggregated form in relation to the underlying risk the incident has been mapped to Incident management With incident registration all employees of an organization contribute to identify and manage anything that might go wrong. The person responsible for incident management in respective part of the organization where the incident occurs can easily analyse, manage and follow-up on corrective actions.

- 9 - Surveys Various functions within the organisation may use surveys to collect information and verify status and knowledge. This can be done directly in the protected environment of the system.

10 - 9 - Surveys Various functions within the organisation may use surveys to collect information and verify status and knowledge. This can be done directly in the protected environment of the system. Surveys and questionnaires may be compiled, sent to the respondents, followed-up upon and reported. Results can also be attached as evidence documentation for different activities in the system. Overview Create and manage all your surveys directly the system Sections Divide the survey in different sections. Each section contain a different set of questions. Each section can be sent to a custom defined set of respondents. Questions Chose format and standard answers for each question. The questions may also be set as mandatory when an answer is required. Reporting All survey come with a preconfigured reporting with charts and lists. Evidence documentation All survey reports can be attached as evidence documentation to control assessments, audits as well as to risk- and compliance assessments.

11 Advantages of Vertex GRC Super fast implementation Vertex GRC is a fully pre-configured off-the-shelf system, which is shipped with all functionality, workflows and reports from start. This means that the system may be fully implemented and in use within days. The traditional initial investment in technical setup and configuration is no longer applicable, which increases the time to go live dramatically. Cost Technical implementation, configuration and customization Go live Go live Traditional GRC System 2-3 days 3 18 months Time Full cost control Vertex GRC is a subscription service without lock-in period. The monthly license cost is a flat fee covering unlimited amount of users using all functionality. The flat fee also covers cloud hosting within the EU, updates, upgrades and support. If the subscription is terminated, all created data may be exported to excel for use outside the system. We truly believe in transparency, which is why we publish our prices on our website. Monthly subscription No hidden costs Hosting and support included All users included No lock-in period All modules included* * Internal audit may be selected separately

- 11 - In-depth business knowledge Vertex GRC was designed based on our own hands-on experience in the areas of internal control, risk management, compliance and internal audit, primarily in the

12 In-depth business knowledge Vertex GRC was designed based on our own hands-on experience in the areas of internal control, risk management, compliance and internal audit, primarily in the financial service sector. Our vision was to provide the control functions an easy to use tool to manage their areas of responsibility at the same time as synergies and increased effectiveness is created where possible through cooperation and reuse of information for different purposes. Designed by business users for business users Interested in testing Vertex GRC? We are happy to setup a test instance for you to click through all the functionality and reports. We offer this for free with no strings attached. We believe that testing a system prior to purchase is as important as it is when buying a car. While testing, you gain a complete and more realistic picture of what you procure. It also eliminates any expectation gaps that may occur when buying the system based on information in brochures and RFP answers. Interested? Contact us

About Vertex GRC Vertex Governance Risk Compliance AB was founded 2016 in Stockholm by former management consultants specialized in governance, risk, compliance (GRC) in the financial services sector.

13 About Vertex GRC Vertex Governance Risk Compliance AB was founded 2016 in Stockholm by former management consultants specialized in governance, risk, compliance (GRC) in the financial services sector. The aim was to create a simple and user friendly tool for end-to-end management of GRC activities for medium sized companies at a reasonable price. The tool creates structure and supports follow-up and reporting for management and the control functions. Vertex GRC is present on the market with offices in Sweden and Switzerland. In France the company is represented through Agora Partners. Please visit our homepage for further information SWEDEN (HQ) Vertex GRC Folkungagatan 44, plan Stockholm petter@vertexgrc.com SWITZERLAND Vertex GRC Schweiz Bellerivestrasse Zürich aho@vertexgrc.com FRANCE Agora Partners 34 Rue de Cléry Paris jonathan.clarke@ agora-partners.net APRIL 2018