Flexibility of WRM and The Power of WRM Bob Adderley 1
Risk Management (GRCA) are the starting point but you can add on many other things including: • Internal Audit • Business Continuity Management • Incident Management • Policy Management • Project Management • Reporting • Vendor Management 2
Internal Audit Sample Dashboard Views 3
Audits grouped by planning periods . 4
Assigned Tests grouped by status 5
View all Audit Findings 6
Risks across departments/business units 7
Regulations & linked Risks 8
Business Continuity Management 9
Purpose • Business Continuity Management is about managing disruption-related risk. • Focus is on reducing the occurrence and scale of events that could cause disruption, and building capacity to: – Stabilise any disruptive effects as soon as possible – Continue or quickly resume operations that are most critical to the organisation’s objectives – Expedite a return to normal operations and a full recovery • WRM can be used as a Business Continuity Management (BCM) application, integrated with ERM practices. 10
Purpose Prepare inventory Determine Record and Determine the list of controls / business activity review Process Review determine case for risk / processes to contingency significance of treatment be analysed plan. disruption Add / Update Add / Update Business Risk & Control Add / Update Contingency Risk linked to Impact with impact of Risk Treatment Plan Processes Analysis disruption 11
Purpose • Business Impact Analysis (BIA) process 12
Identify Critical Processes 13
BIA 14
BIA Results 15
Contingency Plans 16
Incident Management 17
Purpose • Loss Events/Incidents Reporting is an integral part of risk management • Various applications in risk management include: – Loss Events reporting for Operational Risk Management in Financial Institutions – Incident Reporting for healthcare organizations – Occupational health and safety accident reporting – Fraud / Irregularities reporting • Step 1: Incidents are logged directly in the system • Step 2: An investigation is then performed on the logged Incident 18
Logging Incidents 20
Fraud Incidents 21
Health and Safety Incidents 22
Incident Management 24
Incident Reporting • This view presents to the users a dashboard to input and analysis Incidents, including those with Financial Impact 25
Policy Management 26
Policy Management Process • The standard configuration and methods available have been developed to meet the following high-level process. Policy Policy Policy Policy Creation Authoring Creation Version Policy Policy Policy Policy Approval Publish Review Approval Policy Policy Policy Testing Attestation Attestation 27
Policy Creation • The Policy document allows you define who is responsible for the policy, who can allow exemption requests 28
Policy Version • The main policy page allows the user to determine where the policy comes from (can point to external sources if required). Note the Status of the policy as it moves through the workflow 29
Policy Review 30
Policy Approval 31
Publication and Attestation • Alerts with links for Policy Attestation are sent to the distribution list. • The user reads the policy. On the next screen, they can sign off that they have read it. They can also request an exemption if required. 32
Project Management 33
Phases Summary 34
Summary of Impacts 35
Action Plan Summary 36
Project Overview 37
Project Quantification 38
SSRS Reporting Integration UNITED KINGDOM UNITED STATES CANADA DUBAI AUSTRALIA NEW ZEALAND 39
PURPOSE MS SQL Server Reporting Services (SSRS) • MS SSRS is a reporting tool that is provided with MS SQL Server. Wynyard Risk Management (WRM) allows for integration with SSRS using both a Reporting Component that can be added to the Dashboard views, and a reporting menu command on Dashboard Lists • SSRS reports are created using the standard SSRS Report Builder application (or other tools compatible with SSRS) External Reporting Interface (vERI) • SQL view based approach which turns the Risk model into a number of views for reporting and data extraction purposes • Although only SSRS reports can be integrated into the WRM dashboard, these SQL views can be used to create reports in other external reporting tools such as Crystal Reports, Business Objects or Cognos 40
SAMPLE REPORTS - PARAMETERS 43
SAMPLE REPORTS - GRAPHS 44
SAMPLE REPORTS – PARENT REPORT 45
SAMPLE REPORTS – CHILD REPORT 46
Vendor Management Sample Dashboard Views 47
Vendor Management Examples • Vendor is an item type: just like a Risk, Control, Incident, etc… • A Vendor can be linked to the information you’re already capturing • Premise is we’ve loaded our Vendor details into WRM • Ideally WRM sends alert email with link to Vendor • Vendors login and update their own details • Vendor owners monitor status through dashboards • Owners can assign questionnaires to the Vendors • WRM emails link – Vendor completes qnaire in WRM • Vendors are linked to the Systems/Services they provide • Systems are documented in WRM • Vendors via Systems are linked to Risks, Controls, Objectives, BCP items, etc… 48
Criticality and Spend 49
Vendor Details 50
Issues/Concerns/Criticality tied to Vendors/Systems 51
Contract Renewal Dates 52
53
Vendor Questionnaire Overview 54
Advantages of upgrading to WRM UNITED KINGDOM UNITED STATES CANADA DUBAI AUSTRALIA NEW ZEALAND 58
Upgrading to WRM - Opportunity o WRM Upgrade is an opportunity to: o Improve the way our solution supports business needs o Reduce the overhead and increase time for important work o Engage with additional groups within your organization o Share responsibility and ownership o Tune up existing process, workflows and eliminate gaps o Engage experts in directly managing the components of GRC o Centralized, timely data: ease of monitoring, updating, reporting o Flexible dashboards: analyze information in new ways o Eliminate redundancy and duplicate effort o Reduce overhead of chasing and collating data 59
Upgrading to WRM - Advantages • Advantages – User friendly interfaces: easy to use, fewer errors, reduced training time – Standardize approach: ensure consistent workflow across the enterprise – Engage experts in directly managing the components of GRC – Centralized, timely data: ease of monitoring, updating, reporting – Flexible dashboards: analyze information in new ways – Eliminate redundancy and duplicate effort – Reduce overhead of chasing and collating data 60
Upgrading to WRM - Approach – Best approach is to treat this like a standard project – Begin with Requirements Analysis – Expand focus to what we’d like to be able to do, Not limit ourselves to what we are currently doing with ERA – Engage the Subject Matter Experts throughout – Including groups that aren’t going to use immediately – Document all objectives and requirements: – Immediate short term – Medium term – Long term – Phased approach is best - Don’t boil the Ocean 61
Upgrading to WRM - Approach 62
Bob’s Winter Igloo Home 63
Case Studies - Recent WRM Upgrades UNITED KINGDOM UNITED STATES CANADA DUBAI AUSTRALIA NEW ZEALAND 64
International Pharma Co. Go-Live June 2015 • Top 20 on Fortune 500 > +125 billion $US in annual sales > 40,000 employees • Used excel to manage 4900 Controls, 7000 Tests. • WRM provided centralized data store, simple security management and direct access for external auditors. • WRM’s configurable Methods designed for the users reduced training 1740 users to 2, 4 or 8 hour sessions depending on roles. • Built complex testing calculations, deficiency workflow and inserted bitmaps of testing calendars 65
International Pharma Co. Kairos – WRM : Motivation • Leverage new features • After using Kairos for over a year came up with a wish list for improvements and extensions • Desire to integrate other groups into using the solution • And combine all of these improvements and expansion into the upgrade 66
Banking and Trust Company Go-Live May 2015 • 1.5 billion in assets, 12 branches • Upgraded from 5 users in version 7 to 48 in version 9. • Documented controls on spreadsheets but couldn’t link to risks. • WRM made linking easy and reduced redundancies • Customisability of WRM made it possible to have more than just Risk Officers updating items. • Expanded WRM to include COSO, Vendor Management, Incident and Complaints Management. 67
Recommend
More recommend
