Governance, Risk & Compliance

Similar documents
ARIS 9 Highlights and Outlook

Enterprise Risk Management in Compliance 360

Paisley Enterprise GRC Audit Profile. Linda Bergs

Governance, Risk and Compliance

OWN RISK AND SOLVENCY ASSESSMENT AND ENTERPRISE RISK MANAGEMENT

Welcome to Modulo Risk Manager Next Generation. Solutions for GRC

ARIS 9ARIS 9.6 map and Future Directions Die nächste Generation des Geschäftsprozessmanagements

<Insert Picture Here> Financial Audit Scoping Tool Blueprint for Oracle GRC Applications

Moving Forward with IT Governance and COBIT

ORACLE ENTERPRISE GOVERNANCE, RISK, AND COMPLIANCE MANAGER FUSION EDITION

Metrics that Matter Security Risk Analytics

Agilità per perseguire nuovi modelli di business e creare nuovo valore nel mercato delle utilities. Cristina Viscontino SoftwareAG Solution Architect

ACCELUS RISK MANAGEMENT SOLUTIONS THOMSON REUTERS ACCELUS ACCELUS RISK MANAGEMENT SOLUTIONS

Enterprise Risk Management

COMPLIANCE MANAGEMENT SOLUTIONS THOMSON REUTERS ACCELUS COMPLIANCE MANAGEMENT SOLUTIONS

Case Study: ICICI BANK INTERNAL AUDIT DEPARTMENT PENTANA AUDIT WORK SYSTEM IMPLEMENTATION

Mapping COBIT 5 with IT Governance, Risk and Compliance at Ecopetrol S.A. By Alberto León Lozano, CISA, CGEIT, CIA, CRMA

IT Service Continuity Management PinkVERIFY

Enterprise Risk Management: Strategie e Soluzioni a confronto

How To Improve Your Business

COMPLIANCE MANAGEMENT SOLUTIONS THOMSON REUTERS ACCELUS COMPLIANCE MANAGEMENT SOLUTIONS

PROTEUS Enterprise - IT Governance, Risk and Compliance Management Solution

Audit & Inspection Management. Enterprise Cloud Audit & Inspection Management Solution

IT Governance, Risk and Compliance (GRC) : A Strategic Priority. Joerg Asma

RSA ARCHER OPERATIONAL RISK MANAGEMENT

IT Audit Perspective on Continuous Auditing/ Continuous Monitoring KPMG LLP

Product Overview. acing.com

Governance, Risk, and Compliance (GRC) White Paper

Agenda 3/7/ ERM Symposium March 14 16, Continuous Controls Monitoring. I. Changes In Corporate Environment

Agility for the Digital Enterprise Get There Faster

MOLA MOLA IDA Integrates ARIS Business Architect or ARIS Toolset with EMC Documentum. White Paper

Module 6 Essentials of Enterprise Architecture Tools

CFE 2. Enterprise Risk Management. Study Guide - Supplemental Background Material

Maintaining PCI-DSS compliance. Daniele Bertolotti Antonio Ricci

webmethods Product Roadmap Subhash Ramachandran VP, Product Management webmethods Product Line

Digital Business Platform for SAP

September 17, 1:00 PM. Dean Sorensen, Founder, IBP Collaborative

ARIS 9. Highlights of next ARIS major release

How To Manage Risk With Sas

Full chain integration with your mobile field engineers

RSA Archer Risk Intelligence

Utilizing Experian next generation decision management software to bring customer management to the next level of client experience and value creation

What s the Business Value of SOA? Show It with KPIs

2/9/ HIPAA Privacy and Security Audit Readiness. Table of contents

Continuous Controls Monitoring. Virginia ISACA January Meeting 19 January 2010

EnergySec Partnered Webinar with MetricStream Transitioning to NERC CIP Version 5: What Does it Mean for Electric Utilities JANUARY 28, 2015

Work Performance Statement

ARIS Standards and Conventions Manual

BMC Software s ITSM Solutions: Remedy ITSM & Service Desk Express SOLUTION WHITE PAPER

Business Intelligence. Using business intelligence for proactive decision making

Continuous Monitoring?

Facilitating sound practices in risk management with IBM OpenPages Operational Risk Management

Model Risk, A company perspective Peter K. Reilly, FSA Valuation Actuary & Head of Actuarial Strategic Initiatives Aetna, Inc

Business Process Modeling. Introduction to ARIS Methodolgy

Why Two Thirds of Enterprise Architecture Projects Fail

IT Governance: framework and case study. 22 September 2010

Full chain integration with your mobile field engineers

Integrated Governance, Risk and Compliance (igrc) Approach

IBM Tivoli Asset Management for IT

Independent process platform

LOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE

Process-Driven IT Modernization Strategy. Tim Ward

Action/Task Management

The Modern Service Desk: How Advanced Integration, Process Automation, and ITIL Support Enable ITSM Solutions That Deliver Business Confidence

360 perspective of EUC/Spreadsheet Management and Control for Solvency II

Turn Your Business Vision into Reality with Microsoft Dynamics GP

Buy-Side EDM Managed Service Case Study

Information Governance Workshop. David Zanotta, Ph.D. Vice President, Global Data Management & Governance - PMO

Audit & Inspection Management. Enterprise Cloud Audit & Inspection Management Solution

How To Use The Sap Process Control Application

Improved SOA Portfolio Management with Enterprise Architecture and webmethods

CA Service Desk Manager

Manageability with BPM

14 October 2015 ISACA Curaçao Conference By: Paul Helmich

Matthew E. Breecher Breecher & Company PC November 12, 2008

XBRL & GRC Future opportunities?

Policy : Enterprise Risk Management Policy

IndustryPrint: Business Process Analysis for Everyone! 27 June 2011 IndustryPrint: Business Process Analysis (BPA) for Everyone! 1

Take control of lending credit risk

Getting Started with Business Intelligence

ERM Practice and Challenge in China Insurance Company. Zhang Chensong, FSA,CERA,FIA,FCAA Head of Risk Management Taikang Life Insurance

Frequently Asked Questions

Food & Beverage Industry Brief

C21 Introduction to User Access

Turn Your Business Vision into Reality with Microsoft Dynamics GP

THE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK

The Role of the Board in Enterprise Risk Management

Transcription:

Governance, Risk & Compliance ERM enabled by ARIS Workshop Sistemi IT per la Compliance 30 giugno 2011 Lorenzo Fornai Lorenzo Capozza

Software AG at a glance Revenue over 1 billion Global Leader for Process & Integration Solutions 10,000 enterprise & public customers Over 5,600 employees worldwide 3,500 services consultants 850 R&D staff Offices in 70+ countries Software AG Foundation

Software AG's development 2003 2010 (in mn. ) 1,120 420 411 438 483 621 721 847 7 53 62 73 88 116 141 176 188 218 133 82 8 56 24 46 2003 2004 2005 2006 2007 2008 2009 2010

Software AG from 2003 to 2011 EUR 120 Stock price 100 80 webmethods takeover IDS Scheer takeover 60 40 Goal: 1 bn. 20 Financial crisis 0 2003 2004 2005 2006 2007 2008 2009 2010 2011

Introduction How ARIS enables COSO II ERM & Compliance Management Conclusions and project examples 5

Influence on organizations interest in GRC convergence Source: The convergence challenge, Feb. 2010, KPMG in cooperation with the Economist Intelligence unit. 6

Successful GRC Management is about maintaining balance Manage your risk Ensure compliance Disclosure by reports 7

ARIS GRC Recognized by Analysts (October 2010) Largest BPM vendor delivering a GRCM solution on a robust platform. Business process analysis capabilities enable mapping of processes against risks and controls aligning risks with process steps and enabling business process improvements. Useful for organizations with a strategic approach and seeking to align GRC activities to business processes and objectives. Positioned in the Magic Quadrant for Enterprise Governance, Risk and Compliance Platforms 8

Introduction How ARIS enables COSO II ERM & Compliance Management Conclusions and project examples 10

ARIS Software to support GRC activities DESIGN EXECUTION MONITORING Modelling Test Mngt and documentation Survey Management Sign-off Management Flexible Dashboard/ Mashups Publishing (Op.) Risk Management Loss & Incident Management Issue Management Administration / Reporting Deficiency Management ABICS

Esempi di metodologia applicata 14

Il tracciato ABICS in ARIS Content (COSO e.g.) Methodology Governance (workflow) Software Organigrammi Processi Riferimenti Rischi Controlli Aggiornamenti via Web services Azioni correttive ABICS Tassonomia processi Legal inventory id_processo id_disposizione responsabile argomento fonte descrizione riferimento flag_rischio flag_rischio flag_rischio sanzione_detentiva altre_sanzioni pubbl_quotidiano descrizione rischio sanzione amministrativa sanzione civile 15

La legal inventory in ARIS 16

La legal inventory in ARIS 17

La matrice di trasposizione tassonomia ABILAB - Azienda 18

La gestione degli aggiornamenti: il versioning ARIS 19

Dai riferimenti normativi ai rischi 20

La valutazione dei rischi 21

La repostistica standard: office Report di sintesi Report di dettaglio 22

La repostistica con ARIS MashZone 23

Compliance Management Regulation Interpretation of regulation / norms Covered regulations Implemented control in processes

Internal Environment Questionnaires to check and ask for commitment concerning Internal Environment topics 26

Objective setting Define Strategy (Balanced Score Card) Strategic Objectives (Objective diagram) Identify Risks that avoid goal achievement (Risk Tree) Operationalize KPI s (KPI Alloc. Diagram) 27

Risk Assessment Define Strategy (Balanced Score Card) Strategic Objectives (Objective diagram) Identify Risks that avoid goal achievement (Risk Tree) Risk Assessment data 28 Identify process(es) where the Risk occurs

Risk Assessment Risk Planning based on Risk Management data Execute Risk Assessment (after email notification) Instructies voor Risk Assessment Risk Assessment instructions Review approval on Risk Assessment Gross & Residual Kwantitatieve aanduiding Quantitative evaluation of the Risk Verwachte bruto en netto schade (kwantit.) wordt Automatically automatisch uitgerekend calculated losses Kwalitatieve Gross & Residual aanduiding Qualitative evaluation of the Risk 29

Risk Assessment Risk Monitoring Qualitatively Quantitatively Risk Assessment results Risk History Risk Mitigation by an implemented Control 30

Risk Response Reaching a Threshold of Risk Value Email Notification to Risk Owner Automated action/issue created Management Action Report High Occurence frequency Reduce Accept Avoid Share Low Amount of Damage High 31

Issue Management workflow Issue Creator Create Issue Document weakness/ defect Issue Management Issue Owner Receive issue Initiate/Exec improvements Document results Issue Reviewer New Receive review task Document evaluation/ Closure In progress Owner On hold Reviewer To be approved Closed Approved Not possible Not approved 32

Control Activities Execute control assessments Review and follow up Closed audit trail 33

Design reports ARIS reports for SAS 70, Solvency, SOx 404, 262, 231, Risk & Control matrices, etc. 34

Questionnairs 35

Monitoring Risk Monitoring Control Monitoring 36

Monitoring 37

ARIS Solution for GRC How ARIS enables COSO II ERM & Compliance Management Conclusions and project examples 39

Standard workflow Risk & Compliance Objectives Regulations Risks Control system Execution of Control Assessments Results Sign-off Risk Control Test case Test definition Survey & Questionair Risk assessment Risk assessment case Issue Management Issue Monitoring Risk review 40

Governance of Roles with tasks & responsibilities Company role ARIS Role Tasks & Responsibilities BU Mngr/BoD (accountable of all processes) ARCM client Sign-off Monitor Risk & Control Assessmnt results Internal Control / QM (independent controller of process & content) Sign-off Mngr Issue Mngr Test & Risk Reviewer Initiate & monitor sign-off Monitor Issues Initiate and review Risk Assessmnt Judge not-effective test cases Process Owners (responsible for own risks and mitigation) Process Reviewer Risk Owner Issue Owner Approve/Reject new processes Execute Risk Assessments Solve Issues within your process Process Tester (responsible for testing) End User (responsible for tasks) Tester (control assessments) Reading ARIS Business Publisher 41 Executing test of design & effectiveness Execute business tasks

Integrated approach for Compliancy and ERM This solution: - Brings several GRC activities together (risk, control, compl., performance) - Different regulation covered by one requirement: less controls, less testing - One repository integrated with ABICS2 results in transparency, efficiency and improved quality - Higher acceptance by clear governance and excellent dashboard and reporting 42

Key arguments & Business Benefits Process-driven GRC is success factor ARIS market leader in BPM Seamless integration between Processes, Risks & Controls, Organization Transparency Mapping of Risk & Controls Ownership of Risk and Controls Consistency By common approach for Control testing & risk assessment Common data structures Easy disclosure of information to different target groups Central repository Closed loop for business improvements: Objectives, KPI s, Processes, Risks,.. Cost reductions (~30%) by: Reuse of items & topics Less alignment needed Lower TCO Higher effectiveness by: Standardization Adaptation to new regulations Quality improvement by: Less errors in data maintenance and administration Easier cooperation of IT, Business & Corporate Functions Fact based decision making Lower Enterprise Risks by: Better Governance due to clear ownership Unified methodology Source: customer evaluations 2010 43

Governance, Risk & Compliance Management Check our References! 44

Governance, Risk & Compliance ERM enabled by ARIS Lorenzo Fornai Lorenzo Capozza

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information