Скачать презентацию Metric Stream Governance Risk Compliance Quality Management Скачать презентацию Metric Stream Governance Risk Compliance Quality Management

f59506428cffc81ab491219cca4c6ce5.ppt

  • Количество слайдов: 44

Metric. Stream Governance, Risk, Compliance & Quality Management Solutions ERM Execution Framework Gaurav Kapoor Metric. Stream Governance, Risk, Compliance & Quality Management Solutions ERM Execution Framework Gaurav Kapoor General Manager and CFO September 11, 2008

AGENDA v Need for enterprise wide Risk Management v Framework for ERM v Case AGENDA v Need for enterprise wide Risk Management v Framework for ERM v Case Study v About Metric. Stream

Increasing Risk of large losses Allied Irish Bank $ 750 Mi Internal Fraud / Increasing Risk of large losses Allied Irish Bank $ 750 Mi Internal Fraud / Lack of Internal Controls Barings Bank $1. 6 bn Poor Operational Risk Management Daiwa Bank $1. 1 bn Poor Management Control Morgan Grenfell $640 Mi Misrepresentation Sumitomo Corp $1. 8 bn Fraud and Forgery Proctor & Gamble $157 Mi Lack of Management Understanding Orange County $1. 7 bn Lack of Management Control Enterprise Risk Management

Increasing Risk of non-compliance § § § Cumulative Percentage of Companies Subject to Any Increasing Risk of non-compliance § § § Cumulative Percentage of Companies Subject to Any Combination of: Basel II Environmental Regulations EU Regulations FCC Regulations FDA Regulations Federal and State Privacy Regulations FERC Regulations HIPAA Import-Export Regulations Labor Regulations Sarbanes-Oxley Act The Patriot Act 70% of companies sampled need to comply with 5 or more broad types of regulation Source: CFO Research Services

Drivers of change and development Global Regulatory developments Rating agency views Capital Market Shocks Drivers of change and development Global Regulatory developments Rating agency views Capital Market Shocks Convergence of financial products, markets, globalization Board attention due to public’s demands for certain assurances

Integrated GRC - Stakeholders § Executive sponsor for overall company compliance § Oversee GRC Integrated GRC - Stakeholders § Executive sponsor for overall company compliance § Oversee GRC processes § Set compliance tone for processes Board of Directors Chief Executive Officer § Ensure compliance with government regulations the company Chief HR Officer § Compliance with HR policies and procedures Internal Audit Chief Information Officer Chief Financial Officer § Compliance with government health and safety regulations § Certification training § Co-certify Sarbanes Oxley Compliance Chief Risk Officer § Information integrity § Enterprise Risk § Systems integrity Management (Financial & Operational) § External Risk Management § Data security § Company-wide financial compliance § Sarbanes Oxley quality standards § ISO, 6 sigma § Industry quality like TS, ISO 13485 etc regulations § Compliance with government regulations (e. g. , Anti-Money Laundering, Foreign Corrupt Practices Act) management of company compliance architecture § Financial integrity § Compliance with § Compliance to industry § Implementation and Certification Chief Quality Officer Chief Compliance Officer Chief Legal Officer § Code of Ethics § Options Management § Corporate Governance

AGENDA v Need for enterprise wide Risk Management v Framework for ERM v Case AGENDA v Need for enterprise wide Risk Management v Framework for ERM v Case Study v About Metric. Stream

Enterprise Risk Model Inherent Risk Mitigation Risk Factors Likelihood Residual Risk Impact Enterprise Risk Model Inherent Risk Mitigation Risk Factors Likelihood Residual Risk Impact

Business Risk Matrix Reduce Risk Terminate Risk Level Extreme Likelihood Accept Reduce Control High Business Risk Matrix Reduce Risk Terminate Risk Level Extreme Likelihood Accept Reduce Control High Moderate Low Ignore Impact

Risk Pyramid Risk Management Strategies Description § Identification of Future Threats § Ongoing Monitoring Risk Pyramid Risk Management Strategies Description § Identification of Future Threats § Ongoing Monitoring of Internal and External Risks § Periodic Assessment of Risk § Implementation of Business & Financial Controls to Mitigate Risk § Attestation That Management Has Financial Controls in Place Scenario Analysis KRI’s and Automated Monitoring Risk Assessments & Internal Audit Internal Controls Management Surveys & Certifications Risk/Cost of Mitigation

S&P Risk Management Framework Strategic Risk Management Emerging Risks Risk Controls Risk Management Culture S&P Risk Management Framework Strategic Risk Management Emerging Risks Risk Controls Risk Management Culture & Governance Enterprise Risk Management Company Operations Element Description Risk Management Culture & Governance Risk management central to daily decision-making (process) Risk Controls Measure and monitor key risks Risk management culture Communication of risks inside and outside the organization (transparency) Maintain risk-control practices Emerging Risks Systematic process for identifying emerging risks Strategic Risk Management Incorporate the ideas of risk, risk management, and return for risk into corporate strategic decision-making and planning processes

Enterprise Risk Management Risk Assessment § Develop strategies for lowering risk Risk Scoping § Enterprise Risk Management Risk Assessment § Develop strategies for lowering risk Risk Scoping § § Location/Division Statutory Group Product Line Commodity Group Risk Mitigation Force-Ranking of Risks Inherent Risks Risk Mitigation Residual Risk Management Consensus Library of Risks e. g. , § Financial § External, e. g. , Political § Operational Risk Factors Risk Analytics § Gain management Internal Audit Controls consensus for risk assessment Self Audit 3 rd Party Testing Compliance Strategy

Key Risk Indicator Executive KRI’s External Feeds Data. Mart Legacy Systems KRI Dashboard Metric. Key Risk Indicator Executive KRI’s External Feeds Data. Mart Legacy Systems KRI Dashboard Metric. Stream Data. Mart Loss Management Data. Mart Risk Self Assessment Controls Testing Issues Management

Governance, Risk and Compliance Cycle GRC Dashboards § Risk Heat Maps § Scorecards § Governance, Risk and Compliance Cycle GRC Dashboards § Risk Heat Maps § Scorecards § Analytics Certification § § Executive sign-offs, Process certification, Letters of representation Regulatory reporting Design and Documentation § Design and document control hierarchy – Processes, Risks, Controls – Test plans, Alert Triggers – Remediation workflows Remediation § Manage documentation § Real-time process for resolving issues § Deficiencies and remediation § Loss Qualification Control Monitoring § § § Testing and Audits Self assessments Surveys Automated Triggers and Alerts

Loss Management Framework Identify Loss § Interfaces with reporting systems § Manual entry Summarize Loss Management Framework Identify Loss § Interfaces with reporting systems § Manual entry Summarize Losses by Category § Summarize losses into categories § Management statistics on significant losses § Define risk profile for losses Report on Losses § Workflow to launch loss management cases for case value over a threshold amount § Loss case tracking § Executive reporting § Database of information regarding losses § Wide distribution of loss information to key stakeholders Launch Cases for Selected Loss Categories § Program management of loss tracking and reporting process Monitor the Process

Business Continuity and Emergency Notification Define § Risks § Controls § Key Risk Indicators Business Continuity and Emergency Notification Define § Risks § Controls § Key Risk Indicators (KRIs) Enterprise Risk Management Monitor controls § Surveys § Self assessments § Audits § Automated testing feeds Controls Testing Via § Email § Phone § SMS § FAX § Pager § Deliver notifications § Confirm delivery § Collect responses § Stamp/ record in Metric. Stream KRI Threshold Incident Management Ad Hoc issue/ event Workflowdriven action items § E. g. Virus Attack Real-Time Reporting from the Authoritative System of Record § Emergency Notification § Inform Remediation & Alerts Ad Hoc initiation of notification § E. g. Earthquake § Fire

Metric. Stream Risk Scenarios Metric. Stream Risk Scenarios

Enterprise Risk Management Value Risk Management Solution Related Modules Risk Flows into Business Performance Enterprise Risk Management Value Risk Management Solution Related Modules Risk Flows into Business Performance Federate Responsibility & Roll Up Assessments Risk Appetite Drives organizational behavior Alerts, Data Feeds Manage Market, Credit and Operational Risk Collaborate on Classifying Risk Identify, Classify & Document Risks Assess Risk Analyze Risk Rationalize Risks Through Collaboration Audits Compliance Change Policies & Documents CAPA/Issues Mitigate Risk Submissions Training

SCREENSHOTS SCREENSHOTS

Risk and Compliance Dashboards and Control Charts Risk Heat Map by Process Issue Status Risk and Compliance Dashboards and Control Charts Risk Heat Map by Process Issue Status Tracking

Define Multiple Executive Reports Trend Charts Pareto Analysis Heat Maps Define Multiple Executive Reports Trend Charts Pareto Analysis Heat Maps

Risk Analytics Risk Assessment Classifications Computed Risk Scores Assess Risk across Functions / Categories Risk Analytics Risk Assessment Classifications Computed Risk Scores Assess Risk across Functions / Categories Compute Risk Score based on Impact, Likelihood, and Weighting Factors Risk Categories and Types are configurable

3 x 3 Risk Exposure Report 3 x 3 Risk Exposure Report

Risk Scorecard Residual Risk Inherent Risk Cost Risk Type Define Risk Score for Entity/Process/Asset Risk Scorecard Residual Risk Inherent Risk Cost Risk Type Define Risk Score for Entity/Process/Asset Class/Issue etc. Compliance Area Inherent and Residual Risk Scores Color Codes to Highlight Thresholds

Loss Tracking Dashboard External Loss Tracking (Recalls, Legislation, Competitor Issues) (Links to External Data Loss Tracking Dashboard External Loss Tracking (Recalls, Legislation, Competitor Issues) (Links to External Data Sources for Tracking Operational Losses ) Internal Loss Tracking (Dashboards for monitoring internal losses)

Loss Management Regulation Impact (e. g. FDA, EH&S) Color Coded Thresholds Loss Amounts ($) Loss Management Regulation Impact (e. g. FDA, EH&S) Color Coded Thresholds Loss Amounts ($) Impact and Likelihood

Loss Trend Dashboard Trend of Losses Details of Losses Source of Loss Color Coded Loss Trend Dashboard Trend of Losses Details of Losses Source of Loss Color Coded Thresholds Break-Up of Losses by Root Cause

Issue Management Organization Issue Classification Activity Impacted Description Importance Owner Follow Up Action Plan Issue Management Organization Issue Classification Activity Impacted Description Importance Owner Follow Up Action Plan Details

Perform Risk Assessment Configurable Risk Types, Assessment Methodology and algorithms Inherent Risk Score What Perform Risk Assessment Configurable Risk Types, Assessment Methodology and algorithms Inherent Risk Score What If Analysis Aggregate Risk Exposure using 6 Elements Residual Risk Score based on Inherent, Control and Treatment Scores

Track Multiple Controls to Mitigate Risk Track Multiple Treatment Procedures to Mitigate Risk Define Track Multiple Controls to Mitigate Risk Track Multiple Treatment Procedures to Mitigate Risk Define Threshold Conditions and Trigger Escalations Track Losses and Liabilities

Risk Management Benefits Quantitative Easy to measure Lower incidence of loss events Qualitative Hard Risk Management Benefits Quantitative Easy to measure Lower incidence of loss events Qualitative Hard to measure but high impact Increase management consensus on business risks Identify positive business opportunities within the company’s risk threshold Build a corporate culture with higher risk awareness More tightly manage customer credit React faster and earlier to loss events Broaden the number of risk factors the organization is tracking and measuring Reduce the direct cost of risk Increase company credit rating (S&P) Become a risk-management first mover management activities Build shareholder value through better Quantify market risks and use market risk as another input to decision making processes risk management practices Build customer confidence Build predictability of company performance

AGENDA v Need for enterprise wide Risk Management v Framework for ERM v Case AGENDA v Need for enterprise wide Risk Management v Framework for ERM v Case Study v About Metric. Stream

Case Study I – Stock Exchange Key Challenges in Managing Risk and Compliance Ø Case Study I – Stock Exchange Key Challenges in Managing Risk and Compliance Ø Ø Ø No easy way to identify and quantify risks Challenge in Linking Risks to Compliance requirements, processes and mitigating controls Difficult to implement strict access control or deploy a streamlined process Solution Offering from Metric. Stream Ø Ability to span across the enterprise and have standardized framework and platform that solved NASDAQ’s current business problems as well as had the capability to be easily extended to address newer emerging requirements: SOX, NASD, Contract, Trading, Business Risk Ø Value offered by Metric. Stream’s Compliance. Online. com to enable effective implementation and adoption of risk and compliance programs

Case Study II – Large Utility Industry Energy & Utility Revenues More than $11 Case Study II – Large Utility Industry Energy & Utility Revenues More than $11 Billion Company Status Publicly Traded Number of Employees About 15, 000 Facilities North America Number of end users More than 1500 Metric. Stream Products Deployed Enterprise Risk & Audit Management Number of Internal Controls 15, 000+ Quick Facts Operates power plants with electricity generating capacity. Nuclear generator in the United States. Delivers electricity to utility customers Supplies natural gas to customers Operates a system composed of high-voltage transmission lines and transmission substations. • • •

Case Study II – Large Utility Business Issues - Used a “home grown” system Case Study II – Large Utility Business Issues - Used a “home grown” system to facilitate Enterprise Risk Management (ERM) and multiregulatory Processes. Ø Ø Limited integration with other applications and portals Ø Significant increase over the last several years in the number of compliance requirements as well as additional scrutiny by various regulatory bodies. Ø Disparate and fragmented view to risk and compliance More and more departments in the company put compliance programs in place, they are looking for technology solutions to help facilitate the process. Solution Ø FERC, NERC, SOX, Energy Trading, Physical Security, Environmental Risk all on 1 platform Ø Ability to co-relate risk to core operations for more effectiveness Ø Adoption of external and internal risk factors into framework

AGENDA v Need for enterprise wide Risk Management v Framework for ERM v Case AGENDA v Need for enterprise wide Risk Management v Framework for ERM v Case Study v About Metric. Stream

Metric. Stream Corporate Overview Mission Solutions Leading Investors Integrated Governance, Risk, Compliance and Quality Metric. Stream Corporate Overview Mission Solutions Leading Investors Integrated Governance, Risk, Compliance and Quality Management Solution Provider for Global Enterprises to help them with better Business Performance § Corporate Governance § Regulatory Compliance § Risk Management § Operational Compliance/ Quality Management § Kleiner Perkins Caufield & Byers (Google, Amazon, Cisco, Genentech) § Advanced Equities (Motricity, Infinera, Alien) § Integral Capital Partners (Qualcomm, Google, Flextronics) Strategic Partners Key Differentiators § § Technology - Enterprise Compliance Platform – 9 Patents Breadth of Solutions – Single vendor for all compliance and quality needs Cross-industry Best Practices and Domain Knowledge Compliance. Online. com - Largest Compliance portal on the web

Industry Leadership & Recognition BOAO Global Forum for Asia – Metric. Stream Chairman Featured Industry Leadership & Recognition BOAO Global Forum for Asia – Metric. Stream Chairman Featured Speaker – 2008 Annual Conference Exclusive Go-to-Market Partner for GRC Solutions Featured Panelist – 2007 & 2008 GRC Webinar

Compliance Online Portal Metric. Stream operates industry’s most comprehensive resource for GRC and which Compliance Online Portal Metric. Stream operates industry’s most comprehensive resource for GRC and which is the world’s most visited online compliance portal and community with over 1000 courses in the catalog. Content from the most reliable and current sources, including white papers and templates on industry best practices Training from the noted industry experts One of the largest repository of products in quality and compliance Tailored alerts for timely and relevant compliance related news Collaboration with industry peers via community forums focused on specific regulations

Leadership Through Vision Ø Ø Early to see Integrated GRC and Quality Management Only Leadership Through Vision Ø Ø Early to see Integrated GRC and Quality Management Only Vendor to create content through Compliance. Online Through Products Ø Ø Ø Patented Technologies Platform - Integration and scalability Compliance. Online Portal Through People Ø Ø Board and Investors Domain Experts – Leading experts from Industry Through Association Ø Ø Leading Customers of the industry Associations and memberships – OCEG, NASDAQ, SVLG, BAO, etc

Leaders work with Leaders Leaders work with Leaders

Delivering Tangible Value to all Stakeholders Delivering Tangible Value to all Stakeholders

THANK YOU THANK YOU