MEGA S SOLUTIONS FOR GOVERNANCE, RISK, AND COMPLIANCE Give your board a real-time, 360⁰ vision of the Corporate Governance framework REGULATORY COMPLIANCE Rc INTERNAL CONTROL Ic INTERNAL AUDIT Ia Rm RISK MANAGEMENT
INTEGRATED GRC APPROACH Today, companies must operate in a complex and changing environment with pressure from customers, competitors and regulators. New and changing regulations lead to new risks and controls that must be managed to ensure compliance and reach business objectives - while maintaining profitability and a high level of performance. GRC departments, including compliance, risk management, internal control and audit, must deal with this challenge, but as the company grows, so does the amount of regulations and risks they have to deal with. These departments report to the board, which is ultimately responsible for the Corporate Governance framework and risk oversight of the organization. Each GRC department must report its findings for the board to make decisions about the strategic direction of the company. When taking a fragmented, silo-based approach to Corporate Governance, the results often lead to a disjointed vision, as well as decisions being made without a clear picture. To enforce efficient Corporate Governance, not only do GRC departments need support to deal with the complexity of their tasks, but they also need a common framework to provide the board with useful information for decision making. OPERATIONAL RISK MANAGEMENT ENTERPRISE RISK MANAGEMENT REGULATORY COMPLIANCE INTERNAL CONTROL INTERNAL AUDIT ALERTS WORKFLOWS DASHBOARDS REPORTS ASSESSMENTS RISK ENGINE CONFIDENTIALITY COMMON REPOSITORY SHARED ENTERPRISE DESCRIPTION AND GRC VIEWPOINTS Reduce response time through automated assessment campaigns, alerts, reminders, and workflows Deliver actionable reports and analyses for process optimization and governance Increases awareness and clearly define responsibilities on risks, controls, and regulations for all employees Streamlines processes to allow GRC teams to focus on high value-added tasks Ensure traceability and reliability of all data Provide support for all levels - from management to business users Flexible data access rules can be configured to define and organize the information that is shared
RISK MANAGEMENT HOPEX Risk Management helps streamline the risk management process by providing a 360 view - from risk identification to reporting - which results in actionable data and metrics to support business growth and profitability. Risk Reporting Dashboard FEATURES Identification Phase - Identify risks using bottom-up and top-down approaches - Set up and manage a risk library including KRIs and KPIs Incident Management and Risk Quantification Phase - Collect incident data, including losses and recoveries - Calculate capital allocations Risk Assessment Phase - Assess risks with RCSA questionnaires - Consolidate risks and forecast future risk exposure Risk Treatment Phase - Monitor risks with reports for both analysis and communication - Follow-up on action plans with alerts and reminders Easily assess high priority risks through key risk indicator (KRI) tracking Faster response times through automated assessment campaigns, questionnaires, alerts, reminders, and workflows Protect against future losses and negative business impacts through scenario analysis Deliver actionable reports and analyses for process optimization and governance Calculate capital allocations 4
COMPLIANCE HOPEX Compliance helps identify, implement, and monitor regulations, and the risks and controls linked to them, to ensure compliance and protect the company against potential breaches. Compliance Risk Aggregation FEATURES Analysis Phase - Gather all regulatory requirements - Map requirements to your processes, business lines and departments Implementation Phase - Communicate regulatory requirements to stakeholders - Assess compliance risks through questionnaires - Test compliance controls Monitoring Phase - Understand regulatory change and impact - Monitor the impact of new business requirements - Use action plans to deal with detected compliance breaches Set up a regulatory governance system Establish operational efficiency by automating assessment and testing campaigns using questionnaires, alerts, and reminders Create clear awareness of applicable regulations for each business process to improve accountability Reduce response time through alerts and workflows Provide accurate and appropriate information for all levels and facilitate production of reporting for internal stakeholders and external regulators 5
INTERNAL CONTROL HOPEX Internal Control turns your internal control system into an asset to ensure compliance and reduce risks. Detailed Control Report FEATURES Inventory Phase - Identify and describe all your controls in a consolidated repository - Associate controls with the corresponding business process, business units, and risks, through a graphical interface Internal Control Execution Phase - Monitor control execution with questionnaires and checklists Evaluation Phase - Asses controls through campaigns using customizable questionnaires - Test controls based on automatic workflows Remediation Phase - Identify and analyze deficiencies - Implement and track action plans Ensure traceability and reliability of all internal control data Establish a repository of controls to improve awareness and responsibility among business users Automate assessment and testing campaigns through questionnaires, alerts, and reminders Reduce response time through alerts and workflows Deliver reports for process optimization and governance 6
INTERNAL AUDIT HOPEX Internal Audit makes it faster, easier, and less expensive to implement internal audit programs. The solution is designed to save time in the internal audit process, while ensuring that audit data is traceable and consistent. Audit Plan Scheduling FEATURES Preparation Phase - Build audit plans based on templates and past assessments - Schedule missions with Gantt charts - Allocate staff based on availability and skills Execution Phase - Generate work programs using templates and checklists - Perform on and offline audits - Write-up recommendations - Generate audit reports Recommendation and Follow-up Phase - Track recommendation progress with automatic alerts and reminders - Follow-up on recommendations Integrates auditing and risk management Accompanies and streamlines all auditing steps using predefined processes Follows a process-oriented perspective with numerous templates and workflows Delivers reports and analysis for process optimization and governance Meets the standards of IIA, PCAOBS, and ISO 19011 7
ABOUT MEGA MEGA International is a global software and consulting company that helps corporations and governments manage enterprise complexity by giving them an interactive view of their operations. We provide business leaders with the visibility and information they need to improve decision making. With our enterprise governance solution, organizations can optimize and transform their key processes while making sure that those processes are aligned with their strategy and objectives. Today more than 2,700 companies in 40 different countries use MEGA solutions. Learn more at: www.mega.com Worldwide Headquarters MEGA International 9 avenue René Coty 75014 Paris France Phone: +33 (0)1 42 75 40 00 Americas Headquarters MEGA International 175 Paramount Drive, Suite 302 Raynham MA 02767 United States of America Phone: +1 781 784 7684 Asia-Pacific Headquarters MEGA International 583 Orchard Road #08-04 Forum Singapore 238884 Phone: +65 6733 4470 MEGA - July 2014