Effektiv riskhantering - teori vs praktik - IBM Smarter Business 2011


Published on

Presentation från IBM Smarter Business 2011. Spår: Hantera risk och säkerhet.
I dagens turbulenta värld är det av största vikt att identifiera och hantera risker. OpenPages är den världsledande lösningen för integrerad riskhantering (Governance, Risk and Compliance, GRC). Vad säger experterna om hur riskhantering ska implementeras, och hur har organisationer runt om i världen gjort i praktiken?
Talare: Johan Söderberg - OpenPages Ansvarig – IBM.
Mer information på www.smarterbusiness.se

Published in: Business, Economy & Finance
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • And beyond congressional action, we’ve seen lots of evidence of current regulators cracking down under their existing mandates. In other words, the regulators are not waiting for congressional action. The OCC, for instance, has been very aggressive about proscribing changes to current risk management practices. And this is true outside of banking as well. The CMS has become increasingly proscriptive as well.
  • The primary challenge that most organizations face today with regard to their risk management information architecture is that it is fragmented across both systems and processes. Most companies have multiple datamarts, Sharepoint servers, custom point solutions that support disparate yet parallel activities. Aggregating risk information for the risk committee is an ad hoc task. Supporting business managers with timely information on risk exposure is a custom activity.
  • Two points An integrated approach to risk management enables risk committees, executives and business managers to understand true risk exposure across the business. And to understand the interrelationships between risks Risk managers and line managers have at their fingertips the right information to make the right decisions to improve business
  • We have a large, diverse, global customer base. These companies are making a strategic commitment with OpenPages, And many are buying multiple modules for enterprise wide deployment. Every one of these customers has a different way of managing risk and has been able to deploy a configured solutions that supports their specific methodology. Our solution is so highly configurable that we don’t have to write custom code to meet the diverse requirements of our customer base. Every one of these customers is on a common code base. This is important because it allows you to take advantage of OpenPages innovation and lowers your overall cost of ownership and support. Another important aspect of our business is that we are able to support customers in a variety of industries: banking, insurance, energy, utilities, healthcare, manufacturing, telecom, and services. That we have such a broad array of customers in different industries speaks to our unique ability to meet the needs of different kinds of customers. Later in the presentation we will review a couple of OpenPages’ Customer Case Studies.
  • Named “leader” in both the Gartner MQ and Forrester Wave Moved further up and to the right in both Gartner: positioned highest in “ability to execute” which measures a company’s ability and success in making their vision a reality (including product/service, overall viability, customer experience and more). Gartner also cited OpenPages’ “Viability” as a strength with a stable executive team and loyal customer base Forrester Wave: very thorough process, months of product interrogation, demos, and research. OpenPages ranked “highest in current offering” based on our product scores Summary: Positioned as GRC Platform leader by the 2 tier one analyst firms.
  • Another benefit of an integrated approach is to reduce the number of disparate activities in a GRC program. Applications, Databases, spreadsheets, and point solutions supporting each one of these activites— So, the result is lots of redundancy in terms of the activities each of the functions is performing. From the business perspective, the result is what we can assessment fatigue when you get the same or largely similar questions from different oversights functions. This redundancy is a big waste of time and the data quality is great. Further, you can imagine the infrastructure costs for supporting this kind of information archecture. An many of you today may be trying to support this kind of infrastructure. Let’s see: How many of you work at companies that are subject to Sarbanes Oxley or some sort of SOX-like rule? Of those that are subject to SOX, how many support SOX programmatically with a software solution? Of those, does the software solution support any other function? Yes, which ones? No—there’s a huge chance for efficiency here.
  • Extensions are configurations on top of existing, productized modules. Extensions require license for relevant module (e.g. GCM for Privacy) and services to configure solution
  • Effektiv riskhantering - teori vs praktik - IBM Smarter Business 2011

    1. 1. Risk Management - Theory & Pratice Johan Söderberg OpenPages Sales Lead Nordics
    2. 2. Operational Risk is whenever a process delivers an unwanted result, refered to as a loss event. In this case, a golf ball loss event. Loss Event (slice) Loss Event (hook) Variation
    3. 3. Basel II (the banking regulation) official categories <ul><li>Internal Fraud </li></ul><ul><ul><ul><li>misappropriation of assets, tax evasion, intentional mismarking of positions, bribery </li></ul></ul></ul><ul><li>External Fraud </li></ul><ul><ul><ul><li>theft of information, hacking damage, third-party theft and forgery </li></ul></ul></ul><ul><li>Employment Practices and Workplace Safety </li></ul><ul><ul><ul><li>discrimination, workers compensation, employee health and safety </li></ul></ul></ul><ul><li>Clients, Products, & Business Practice </li></ul><ul><ul><ul><li>market manipulation, antitrust, improper trade, product defects, fiduciary breaches, account churning </li></ul></ul></ul><ul><li>Damage to Physical Assets </li></ul><ul><ul><ul><li>natural disasters, terrorism, vandalism </li></ul></ul></ul><ul><li>Business Disruption & Systems Failures </li></ul><ul><ul><ul><li>utility disruptions, software failures, hardware failures </li></ul></ul></ul><ul><li>Execution, Delivery, & Process Management </li></ul><ul><ul><ul><li>data entry errors, accounting errors, failed mandatory reporting, negligent loss of client assets </li></ul></ul></ul>
    4. 4. What is Operational Risk in reality? Fraud, breaches of employment law, loss or lack of key personnel, inadequate training, inadequate supervision Payment or settlement failures, documentation which is not for purpose, errors in valuation/pricing models and processes, project management failures, internal/external reporting, miss-selling Failures during the development and systems implementation process, as well as failures of the system itself, inadequate resources External crime, outsourcing (and in sourcing) risk, natural and other disasters, regulatory risk, political risk, utilities'’ failures, competition Contributing Factor Possible failures People Process System External Events
    5. 5. Global Companies, Global Regulations…
    6. 6. Companies Struggling with Risk Information Fragmentation CEO/CRO/CFO IT Risk Compliance Finance Market Operational Risk Credit
    7. 7. Integrated Risk Management Solves These Challenges CEO/CRO/CFO Market Risk Credit Risk Finance Risk Operational Risk IT Risk Compliance
    8. 8. Financial Services Insurance Energy and Power Manufacturing Retail/Consumer Telecommunications Health Services / Pharmaceuticals Proven by the World’s Leading Companies
    9. 9. Recognized Enterprise GRC Platform Market Leader The Forrester Wave: EGRC Platforms July 2009 Magic Quadrant for EGRC Platforms October 2010
    10. 10. Overlap of GRC activities can cause redundancy Risk Compliance IT Finance Audit FUNCTIONS Assess-ment Control Testing Reporting Issue Mgmt Policy Mgmt ACTIVITIES
    11. 11. Using GRC information to make better business decisions Business Manager Risk Audit Compliance Finance RCSA, loss, issues Audit findings Mandatory to mitigate Control effectiveness GRC data by process, e.g. new product launch Business process owner can leverage GRC information to make better decisions
    12. 12. Configurable Solution / Adaptable Framework <ul><li>Unique configuration capabilities allow for: </li></ul><ul><ul><li>Adapt to your specific methodologies and taxonomies </li></ul></ul><ul><ul><li>Support multiple roles on the same platform </li></ul></ul>$5,000,000 $2,500,000 $1,000,000 Measurement High Medium Low Measurement Owner Type Likelihood Impact SOX view of Risk Assessor Type Frequency Severity ORM view of Risk Business Entity Process Sub-Process Risk Control
    13. 13. Key Capabilities for Integrated Risk Management RCSA (Risk and Control Self Assessments) Policy Management Key Risk Indicators Loss Event Management Issues Management Scenario Planning Reporting Workflow
    14. 14. OpenPages Provides Software Solutions for Integrated Risk Management <ul><li>FIVE MODULAR SOLUTIONS </li></ul><ul><li>Operational Risk Management </li></ul><ul><li>General Compliance Management </li></ul><ul><li>IT Governance </li></ul><ul><li>Internal Audit Management </li></ul><ul><li>Financial Controls Management </li></ul><ul><li>And extensions into other risk management disciplines: </li></ul><ul><ul><li>Privacy </li></ul></ul><ul><ul><li>Business Continuity Management </li></ul></ul><ul><ul><li>Vendor Risk Management </li></ul></ul>
    15. 15. OpenPages Operational Risk Management (ORM) Provides an Integrated Operational Risk Management Solution <ul><li>Key Features </li></ul><ul><li>Enterprise Operational Risk Management to identify, manage, monitor and report on operational risks across the enterprise </li></ul><ul><ul><li>Basel II AMA </li></ul></ul><ul><ul><li>Board Reporting </li></ul></ul><ul><ul><li>Business Line decision making </li></ul></ul><ul><li>Fully integrated Operational Risk capabilities </li></ul><ul><ul><li>Risk Control Self Assessments (RCSA) </li></ul></ul><ul><ul><li>Scenario Analysis </li></ul></ul><ul><ul><li>Key Risk Indicators (KRIs) </li></ul></ul><ul><ul><li>Loss Event database (Internal & External) </li></ul></ul>OpenPages ORM dashboards deliver actionable reporting on current state of risk <ul><li>Business Benefits </li></ul><ul><li>Understand and proactively manage the risks that can impact the business </li></ul><ul><li>Improve Operational Risk processes by integrating key risk data (e.g. loss events with RCSA) </li></ul><ul><li>Standardize risk reporting across the enterprise </li></ul>
    16. 16. <ul><li>Key Features </li></ul><ul><li>Automated compliance lifecycle </li></ul><ul><ul><li>Design and documentation through test, review, approval and certification </li></ul></ul><ul><li>Central repository </li></ul><ul><ul><li>Document compliance policies and procedures, capturing full audit trails and approvals </li></ul></ul><ul><li>Issues management </li></ul><ul><ul><li>Automate SOX control issues notification and remediation </li></ul></ul><ul><ul><li>Report against critical issues from dashboard </li></ul></ul><ul><li>302 and 404 certification </li></ul><ul><ul><li>Reduce costs and streamline efforts with OpenPages InteliClose™ enabling progressive closing </li></ul></ul><ul><li>Business Benefits </li></ul><ul><li>Secure and centralized management of all financial compliance data </li></ul><ul><li>Provides executive management with assurance into the state of compliance </li></ul><ul><li>Ensures quick issue remediation </li></ul>OpenPages Financial Control Management (FCM) Market-leading Solution for Managing Financial Reporting Risk OpenPages FCM dashboards, charts and reports deliver views on the state of financial reporting and compliance.
    17. 17. OpenPages General Compliance Management, GCM Sustain Compliance Across Multiple Regulatory Mandates <ul><li>Key Features </li></ul><ul><li>Integrated solution for managing regulatory and policy compliance </li></ul><ul><li>Assess enterprise compliance requirements at the business unit, process or local level </li></ul><ul><li>Policy and procedure mgt. </li></ul><ul><li>Training and communication </li></ul><ul><li>Support for the regulatory certification and audit process </li></ul><ul><li>Business Benefits </li></ul><ul><li>Standardize compliance across regulations to reduce cost and deliver a holistic understanding of all compliance risk </li></ul><ul><li>Provide confidence that compliance is achieved, risks are mitigated and corporate policies and procedures are enforced </li></ul>Executive dashboards provide visibility, control and decision support required for regulatory compliance and to optimize business performance.
    18. 18. OpenPages IT Governance Aligning IT risk and operations management with business objectives <ul><li>Key Features </li></ul><ul><li>Integrated solution for managing IT Risk and compliance </li></ul><ul><ul><li>Assess IT risk in context of business </li></ul></ul><ul><ul><li>Identify key risks, controls and/or gaps </li></ul></ul><ul><li>Support for the regulatory certification and audit process </li></ul><ul><li>Optimize your control environment </li></ul><ul><li>Track and manage common requirements across laws, regulations, standards and policies </li></ul><ul><li>Integrated with UCF, the industry’s most comprehensive IT compliance database </li></ul><ul><li>Business Benefits </li></ul><ul><li>Manage internal IT controls and risk according to the business processes they support </li></ul><ul><li>Unites multiple silos of IT risk and compliance to deliver improved visibility, better decision support, and enhanced corporate performance </li></ul>OpenPages ITG delivers a policy-driven, process-centric way to manage IT risk and compliance.
    19. 19. OpenPages Internal Audit Management Providing independent assurance to the business <ul><li>Key Features </li></ul><ul><li>Integrated solution for audit management </li></ul><ul><li>Define, plan, execute and report on audits across the business </li></ul><ul><ul><li>Track and manage audits, audit phases, workpapers and allocations </li></ul></ul><ul><li>Automate operations through fully configurable reporting and workflow </li></ul><ul><li>Risk rank audit universe, configured according to the audit methodology </li></ul><ul><li>Business Benefits </li></ul><ul><li>Empowers internal audit departments to champion risk management, acting as a strategic partner to management </li></ul><ul><li>Delivers an integrated, closed loop approach to risk management, driving visibility and confidence in organizational risk posture </li></ul>OpenPages Internal Audit Management enables organizations to plan, execute, report and review their audit universe.
    20. 21. Vad är Smarter Business for mig? <ul><li>No risk, no reward! </li></ul><ul><li>Alltså: </li></ul><ul><li>Rätt information, till rätt personer, i rätt tid för snabba beslut utan onödiga men med kontroll på rimliga risker. </li></ul>
    21. 22. TACK!