OPERATIONAL RISK MANAGEMENT: A GUIDE TO HARNESS RISK WITH ENTERPRISE GRC

Similar documents
RSA ARCHER OPERATIONAL RISK MANAGEMENT

RSA ARCHER AUDIT MANAGEMENT

Accenture Risk Management. Industry Report. Life Sciences

IMPROVING RISK VISIBILITY AND SECURITY POSTURE WITH IDENTITY INTELLIGENCE

RSA ARCHER BUSINESS CONTINUITY MANAGEMENT AND OPERATIONS Solution Brief

ORACLE ENTERPRISE GOVERNANCE, RISK, AND COMPLIANCE MANAGER FUSION EDITION

FINANCIAL INSTITUTIONS: MANAGING OPERATIONAL RISK WITH RSA ARCHER

The RSA Solution for. infrastructure security and compliance. A GRC foundation for VMware. Solution Brief

Consumer Goods and Services

ENTERPRISE RISK MANAGEMENT POLICY

Point of View: FINANCIAL SERVICES DELIVERING BUSINESS VALUE THROUGH ENTERPRISE DATA MANAGEMENT

Leveraging a Maturity Model to Achieve Proactive Compliance

RSA Solution Brief. The RSA Solution for Cloud Security and Compliance

Effective Enterprise Risk Management with ErmsCo ERM Foundation

FIVE KEY CONSIDERATIONS FOR ENABLING PRIVACY IN HEALTH INFORMATION EXCHANGES

CONNECTING ACCESS GOVERNANCE AND PRIVILEGED ACCESS MANAGEMENT

A NEW APPROACH TO CYBER SECURITY

RSA Archer Risk Intelligence

How To Change A Business Model

Enterprise-Wide Risk Assessment

RSA Archer Training. Governance, Risk and Compliance. Managing enterprise-wide governance, risk and compliance through training and education

Infrastructure consulting. Global Infrastructure

IT Governance: framework and case study. 22 September 2010

The PNC Financial Services Group, Inc. Business Continuity Program

EMC CONSULTING SECURITY STANDARDS AND COMPLIANCE SERVICES

PCI DSS READINESS AND RESPONSE

Data Governance Demystified - Lessons From The Trenches

Policy : Enterprise Risk Management Policy

Driving Business Value. A closer look at ERP consolidations and upgrades

Improving Financial Performance, Governance and Compliance

An Oracle White Paper November Financial Crime and Compliance Management: Convergence of Compliance Risk and Financial Crime

Outperform Financial Objectives and Enable Regulatory Compliance

Compliance Risk Management Survey A Point of View

GRC Program Best Practices & Lessons Learned

P3M3 Portfolio Management Self-Assessment

The IBM data governance blueprint: Leveraging best practices and proven technologies

CREATING THE RIGHT CUSTOMER EXPERIENCE

Breaking Down the Silos: A 21st Century Approach to Information Governance. May 2015

Project and Portfolio Management for the Innovative Enterprise

Paisley Enterprise GRC Audit Profile. Linda Bergs

CA HalvesThe Cost Of Testing IT Controls For Sarbanes-Oxley Compliance With Unified Processes.

RSA, The Security Division of EMC. Zamanta Anguiano Sales Manager RSA

Analytics Strategy Information Architecture Data Management Analytics Value and Governance Realization

building a business case for governance, risk and compliance

White Paper Achieving GLBA Compliance through Security Information Management. White Paper / GLBA

Driving business performance with enterprise risk management

agility made possible

fs viewpoint

Chayuth Singtongthumrongkul

The State of Enterprise Risk Management for Power Companies. January 17, 2013

Enterprise Risk Management: Taking the First Steps

WHITEPAPER. An ECM Journey. Abstract

White Paper. An Overview of the Kalido Data Governance Director Operationalizing Data Governance Programs Through Data Policy Management

Seven Principles of Change:

Tying It All Together: Practical ERM Integration. Richard Scanlon Vice President Enterprise Risk Management CIGNA Corporation

ERM and GRC Fundamentals. Risk Management Definitions & Guiding Principles. Module 1

The PNC Financial Services Group, Inc. Business Continuity Program

fmswhitepaper Why community-based financial institutions should practice enterprise risk management.

Cyber ROI. A practical approach to quantifying the financial benefits of cybersecurity

White Paper 10 barriers to effective inventory management

Third Party Risk Management 12 April 2012

The economics of IT risk and reputation

Integrated Risk Management:

Successfully identifying, assessing and managing risks for stakeholders

FIVE PRACTICAL STEPS

SAP BUSINESSOBJECTS SUPPLY CHAIN PERFORMANCE MANAGEMENT IMPROVING SUPPLY CHAIN EFFECTIVENESS

Strategic PMOs Play A Vital Role In Driving Business Outcomes A Part Of PMI s Thought Leadership Series

IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE

Accenture Technology Consulting. Clearing the Path for Business Growth

SOLUTION BRIEF: CA IT ASSET MANAGER. How can I reduce IT asset costs to address my organization s budget pressures?

Governance, Risk and Compliance in the Healthcare Industry

Transforming IT Processes and Culture to Assure Service Quality and Improve IT Operational Efficiency

RSA SECURITY MANAGEMENT. An Integrated approach to risk, operations and incident management. Solution Brief

Municipal Executive Dashboard Performance Blueprint

Enterprise Risk Management in Compliance 360

Italy. EY s Global Information Security Survey 2013

GOVERNMENT. Helping governments transform public service delivery with efficient, citizen-centric solutions

Transforming risk management into a competitive advantage kpmg.com

Analytics for Healthcare

Feature. Developing an Information Security and Risk Management Strategy

Agile enterprise content management and the IBM Information Agenda.

Navigating the NIST Cybersecurity Framework

Beyond risk identification Evolving provider ERM programs

How To Ensure Financial Compliance

how can I improve performance of my customer service level agreements while reducing cost?

Public Sector Pension Investment Board

BIG SHIFT TO CLOUD-BASED SECURITY

Talent & Organization. Organization Change. Driving successful change to deliver improved business performance and achieve business benefits

XBRL & GRC Future opportunities?

Growing Vendor Management

Transcription:

OPERATIONAL RISK MANAGEMENT: A GUIDE TO HARNESS RISK WITH ENTERPRISE GRC

TOP RISKS: THE WORLD WITHOUT GRC LACK OF ENTERPRISE-WIDE VISIBILITY Every organizational unit has some level of risk it must address. Yet, most internal teams lack the ability to identify priorities and accountability to stay ahead of new threats to the business thus leaving the process of managing risk to be more reactive. While many risks exist within each function, there is often no connected view across the enterprise so business managers often lack visibility into the big picture. Today, 80% of GRC spend occurs at the department or issue level 1. If risk is only managed at the departmental level, organizations are left with little insight into other areas of the business. While many organizations are striving to build Enterprise Risk Management (ERM) capabilities, most companies are behind the curve when it comes to actually execution and realizing their goals. >20% Less than 20% of GRC budgets are spent on top-down enterprise level GRC initiatives. 1 Source: The GRC Pundit Blog, GRC 20/20 2

TOP RISKS: THE WORLD WITHOUT GRC INCONSISTENT VIEW OF RISK Each line of business within an organization has a different view of risk from how they identify, assess and manage it to how they monitor and report on it. This results in an inconsistent view of risk across functional areas which can directly impact the overall ability of executive management and the Board of Directors to make effective business decisions and capitalize on new opportunities. Beyond impairing management s ability to make informed decisions, the inability to provide an accurate view of risk can cause regulators to see an inconsistent treatment of risk. This can lead to more scrutiny from regulators which cost time and resources, or even worse, fines and violations for failing to meet requirements. In 2013, $112 billion in new regulations were created which will require organizations to dedicate 158 million additional hours of paperwork in order to comply. 2 2 Source: A Regulatory Flurry: The Year in Regulation, 2013, January 2014, American Action Forum 3

TOP RISKS: THE WORLD WITHOUT GRC INABILITY TO IDENTIFY UNKNOWN OR EMERGING RISKS The volume of risk management activities often exceeds available resources. It is difficult already for organizational teams to manage current known risks. By lacking the capacity to better identify unknown or emerging risks, organizations could potentially be put at greater risk if they have no plan to respond to business disruptions. Cyber risk is a key example of a risk that is dynamic in nature and has wide-reaching impact across several operational units of the organization. Yet, only one in four organizations feel very confident in their ability to identify, manage and respond. 3 83% 83% of organizations feel the volume and complexity of risks have increased in the last five years. 3 NYSE Governance Series, Managing Cyber Risk: Are Companies Safeguarding Their Assets? July 2014 Source: American Institute of CPAs 4

Operational Risk Management: A Guide to Harness Risk with Enterprise GRC KEY REQUIREMENTS FOR EFFECTIVE OPERATIONAL RISK MANAGEMENT Technology is only as good as the people who manage it and processes that support it. Utilizing GRC technology to manage operational risk offers many benefits, but it requires more than just technology to be effective. There are four key requirements for building out a successful operational risk management program policy, process, people and technology. POLICY PROCESS Operational polices define how day-to-day business is executed and reflect an organization s risk tolerance and appetite. Polices must be connected to key drivers, business strategies and objectives, and regulatory obligations and provide the oversight and governance for business operations. The policy must be consistent and active and reviewed periodically for quality, ownership and accountability. Policies set expectations for business practices which are then enacted and implemented through business processes. How well those processes are defined is a key element to managing operational risk. Internal controls must also be aligned with businesses processes and consistently implemented with discipline during execution ensuring proper compliance to organizational mandates. As business dynamics change regularly, it is important to have a mechanism in place to ensure that as new activities arise, affected stakeholders, including risk managers, have input into changes. 5

KEY REQUIREMENTS FOR EFFECTIVE OPERATIONAL RISK MANAGEMENT PEOPLE Staffing is critical to a successful operational risk management program. Besides ensuring sufficient personnel with relevant experience to manage day-to-day operations, roles and responsibilities and accountability must be clearly defined and understood along the entire chain of risk management from the front line employees to oversight and management functions to external and internal entities responsible for review of controls. Incentives should be designed in a manner that discourages risk taking that exceeds an organization s risk tolerance, drives the timely resolution of remediation plans to address risk levels that exceed tolerance levels, and does not encourage persons tasked with internal control responsibilities to compromise the desired control environment. This message needs to start from the top of the organization to reinforce a strong risk culture. 6

KEY REQUIREMENTS FOR EFFECTIVE OPERATIONAL RISK MANAGEMENT TECHNOLOGY Technology should be implemented that helps organizations understand and manage their risk profile. If done properly, GRC technology can help organizations derive value in a number of areas including improved risk culture, administrative efficiencies, greater agility, and the ability to make better decisions. However, operational risk management is an ongoing work in process which requires adapting to changes in the organizational structure, objectives and strategy, regulatory and business environment, competition, and direct and indirect interdependencies with service providers and other third parties. Technology can help manage controls, but will only be as effective as the policies, process and people that support it and the capabilities of the risk management technology itself. 7

Operational Risk Management: A Guide to Harness Risk with Enterprise GRC CASE STUDIES: GRC IN ACTION CASE STUDY 1: G COMPANY GLOBAL MANUFACTURIN s nufacturing company wa A Fortune 100 global ma gram pro C enterprise-wide GR looking to implement an ks ris prehensive view of that would provide a com th from a single platform. Wi across the organization a ild bu ization was able to RSA Archer GRC, the organ s iou re risks across var defined process to compa ion its to enable better decis functions and business un to s on mber of point soluti making and reduce the nu be managed. 8 CASE STUDY 2: FORTUNE 500 FIN AN CIAL SERVICES PR OVIDER A Fortune 500 finan cial services provid er received designation as a sy stemically importa nt financial institution (SIFI) wh ich would subject them to enhanced standard s and requirements to have an enterprise-wide vie w of risks across th e business. With RSA Archer GR C, the organizatio n has a single view of risk with an enterprise platform that allows stakeholders and business partners to share data, collaborate, and ga ther the necessary information to make more inform ed risk decisions.

Operational Risk Management: A Guide to Harness Risk with Enterprise GRC CASE STUDIES: GRC IN ACTION CASE STUDY 3: MENT AGENCY LARGE FEDERAL GOVERN h t agency was struggling wit A large federal governmen its te it looked to consolida change management as few. It was difficult to sites from many to just a ken ively and process had bro manage resources effect re was a lack of down completely and the her GRC, the agency was Arc accountability. With RSA tion across key areas of able to improve collabora s e 14 manual application responsibility and replac oa int re their infrastructu used to manage risk across single platform. 9

ABOUT RSA ARCHER GRC FOR OPERATIONAL RISK MANAGEMENT RSA Archer Operational Risk Management offers an integrated platform to help organizations understand risk across the business. The centralized system provides insight into risk and compliance by company, division, business unit, products and service, business processes, and IT asset. This integrated approach enables analysis of multiple risks across organizational silos and provides actionable insights to help optimize performance within a dynamically changing business climate. As each item can be assigned to an individual, it also enables the accountability and workflow that is so critical to a successful ORM program. To learn more about RSA Archer Operational Risk Management, please visit https://store.emc.com/rsaarcher. EMC 2, EMC, the EMC logo, RSA, and the RSA logo are registered trade marks or trademarks of EMC Corporation in the United States and other countries. Copyright 2014 EMC Corporation. All rights reserved. H13744

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information