The focus of the solution is to automate the definition of governance, risk and controls within the financial institution’s lending process. The financial institution is allowed to define the control environment from loan origination to servicing and portfolio management. Once completed, SymSure’s monitoring framework examines all electronic activities to detect control breaches and alert the relevant persons automatically.
The document discusses SymSure's loan portfolio monitoring solution. The solution allows banks to define governance, risk and control policies for their lending processes. SymSure then continuously monitors electronic activities and transactions to detect any control breaches or issues. When issues are found, alerts are automatically triggered and follow-up workflows ensure remediation. Reporting and dashboards provide compliance reporting and key metrics on the loan portfolio. The benefits of the solution include automated continuous monitoring, integration with existing systems, and improved efficiency and risk management for the loan portfolio.
The document discusses a revenue assurance solution for utilities companies provided by SymSure. The solution aims to (1) identify sources of revenue leakage, (2) automate monitoring of business processes like billing to detect anomalies and errors, and (3) implement preventative controls to minimize revenue loss. It does this by linking different systems and data sources to provide a comprehensive view of customer accounts and billing activities, and establishes workflows to ensure issues are addressed.
Operational risk can result in losses from failed internal processes, people, or systems or from external events. It is inherent in all business activities. There are four main approaches under Basel II to calculate capital requirements for operational risk: Basic Indicator Approach, Standardized Approach, Advanced Measurement Approaches (AMA), and the Internal Ratings-Based Approach (IRB). The Standardized Approach divides activities into business lines and assigns risk factors to each to determine capital charges. The AMA uses a bank's internal risk measurement system to determine regulatory capital requirements subject to supervisory approval.
Dr. Benetis briefly presented how modern, real time and automated technology from Lumension (Risk & Compliance Manager) is used to audit and monitor level of security in Lithuania's public sector. Presentation showed real use cases how solution made security measurement easier and more efficient. Dr. Benetis is also a president of ISACA Lithuania chapter.
Organisations are realising seriouness of cybersecurity and searching for ways to manage and govern it. How to organise security initiatives? How to monitor their success? How to build trust in own risk management? How to develop compliance management as a simple, but efficient and helpful instrument for everyone in organisation? Presentation will touch on practicalities of risk and compliance methods integration, and overall strategy to minimise costs of risk and compliance initiatives by using Lumension Risk Manager platform for public and private institutions.
Optimizing Revenue Cycle Management: Centricity Business at Saint Francis Hea...GE Healthcare - IT
For large hospitals and small provider practices alike, healthcare
reform and changing reimbursement models have introduced
significant new challenges to the business. It is now more important
than ever for organizations to have a well-designed revenue cycle
management (RCM) strategy in order to optimize their revenue cycle,
prepare for change, and maximize revenue. At the same time, mergers
and acquisitions among U.S. hospitals and physician practices add to
operational complexity, and with most hospitals employing a wide
vendor portfolio of HCIT solutions, these challenges further the
importance of running a tight financial enterprise. The inability to
effectively monitor and proactively manage the revenue cycle can
destroy profitability and make it difficult to focus on what matters
most — delivering outstanding care to patients.
1) Solvency II will require significant mobilization of skills across an insurance company due to the diverse risks that must be modeled and managed.
2) An optimal program management approach is risk-driven and integrates all work streams, with a focus on regulatory compliance, gap analysis, risk identification, and implementation planning.
3) High quality data is essential to effectively measure risk exposure and capital requirements within the three pillars of Solvency II around regulatory capital, governance/risk management, and reporting/disclosure.
The document discusses controls in a computer-based accounting environment and how they are relevant to auditing qualifications. It explains that students need to understand both application controls, which operate at the business process level, and general controls, which relate to many applications and support effective functioning. Application controls can be preventative or detective in nature and include input controls, processing controls, and interface controls. The document provides examples of different types of controls and references relevant auditing standards.
The document discusses SymSure's loan portfolio monitoring solution. The solution allows banks to define governance, risk and control policies for their lending processes. SymSure then continuously monitors electronic activities and transactions to detect any control breaches or issues. When issues are found, alerts are automatically triggered and follow-up workflows ensure remediation. Reporting and dashboards provide compliance reporting and key metrics on the loan portfolio. The benefits of the solution include automated continuous monitoring, integration with existing systems, and improved efficiency and risk management for the loan portfolio.
The document discusses a revenue assurance solution for utilities companies provided by SymSure. The solution aims to (1) identify sources of revenue leakage, (2) automate monitoring of business processes like billing to detect anomalies and errors, and (3) implement preventative controls to minimize revenue loss. It does this by linking different systems and data sources to provide a comprehensive view of customer accounts and billing activities, and establishes workflows to ensure issues are addressed.
Operational risk can result in losses from failed internal processes, people, or systems or from external events. It is inherent in all business activities. There are four main approaches under Basel II to calculate capital requirements for operational risk: Basic Indicator Approach, Standardized Approach, Advanced Measurement Approaches (AMA), and the Internal Ratings-Based Approach (IRB). The Standardized Approach divides activities into business lines and assigns risk factors to each to determine capital charges. The AMA uses a bank's internal risk measurement system to determine regulatory capital requirements subject to supervisory approval.
Dr. Benetis briefly presented how modern, real time and automated technology from Lumension (Risk & Compliance Manager) is used to audit and monitor level of security in Lithuania's public sector. Presentation showed real use cases how solution made security measurement easier and more efficient. Dr. Benetis is also a president of ISACA Lithuania chapter.
Organisations are realising seriouness of cybersecurity and searching for ways to manage and govern it. How to organise security initiatives? How to monitor their success? How to build trust in own risk management? How to develop compliance management as a simple, but efficient and helpful instrument for everyone in organisation? Presentation will touch on practicalities of risk and compliance methods integration, and overall strategy to minimise costs of risk and compliance initiatives by using Lumension Risk Manager platform for public and private institutions.
Optimizing Revenue Cycle Management: Centricity Business at Saint Francis Hea...GE Healthcare - IT
For large hospitals and small provider practices alike, healthcare
reform and changing reimbursement models have introduced
significant new challenges to the business. It is now more important
than ever for organizations to have a well-designed revenue cycle
management (RCM) strategy in order to optimize their revenue cycle,
prepare for change, and maximize revenue. At the same time, mergers
and acquisitions among U.S. hospitals and physician practices add to
operational complexity, and with most hospitals employing a wide
vendor portfolio of HCIT solutions, these challenges further the
importance of running a tight financial enterprise. The inability to
effectively monitor and proactively manage the revenue cycle can
destroy profitability and make it difficult to focus on what matters
most — delivering outstanding care to patients.
1) Solvency II will require significant mobilization of skills across an insurance company due to the diverse risks that must be modeled and managed.
2) An optimal program management approach is risk-driven and integrates all work streams, with a focus on regulatory compliance, gap analysis, risk identification, and implementation planning.
3) High quality data is essential to effectively measure risk exposure and capital requirements within the three pillars of Solvency II around regulatory capital, governance/risk management, and reporting/disclosure.
The document discusses controls in a computer-based accounting environment and how they are relevant to auditing qualifications. It explains that students need to understand both application controls, which operate at the business process level, and general controls, which relate to many applications and support effective functioning. Application controls can be preventative or detective in nature and include input controls, processing controls, and interface controls. The document provides examples of different types of controls and references relevant auditing standards.
The document discusses Novell's Access Governance Suite, which helps organizations reduce costs, manage complexity, and mitigate risks related to access governance and identity management. It outlines the growing risks and regulations organizations face, and how the suite provides visibility and automation to help with continuous access lifecycle management. Implementing the suite can help contain costs through reduced compliance audit costs, improved productivity, and staff redeployment. It can also help avoid costs from fines, loss of customers or revenue, and operational impacts. The suite further helps avoid risks from inappropriate access, aged entitlements, and orphaned accounts. The document calls organizations to schedule demonstrations and assessments to build business cases for implementing access governance solutions.
Solvency II is the biggest regulatory change to bring insurers and reinsurers under one regime. It impacts all areas of a business and requires an enterprise-wide initiative. Early adopters are helping set industry standards. The Gain-Line Consortium provides Solvency II expertise and resources to help clients develop customized solutions. Solvency II requires alignment across functions and consideration of multiple stakeholders' priorities through effective risk management.
1) The document describes a large financial organization that uses MetricStream's operational risk management solution to improve collaboration, integrate risk processes across subsidiaries, and gain real-time insights into operational risks.
2) Previously, each subsidiary managed risks separately using siloed systems and processes, which led to duplication and lack of transparency.
3) MetricStream provided an integrated GRC platform to automate workflows, conduct risk assessments, define controls, and monitor key risk indicators across the organization. This improved efficiency, transparency, and proactive risk management.
Sound Credit Risk Experience Sharing Vietnam Fsa And BankEric Kuo
The document discusses credit risk management and can be grouped into 3 important parts: credit rating, underwriting, and management. It provides examples of rating models that focus on different business segments and discusses factors to consider in building an internal rating system, emphasizing the importance of data. It also covers credit risk measurement standards outlined in Basel II and the process of mapping internal ratings to external ratings.
This document discusses IBM's solutions for IT asset management challenges. It outlines common challenges around reducing IT costs, enhancing operational efficiency, managing multiple asset systems, and maintaining compliance. It then presents IBM's unified solution for asset and service management, highlighting key capabilities like integrated applications and processes, a common data model, process automation, custom workflows, common reporting, compatibility, and an integration framework. The solution is presented as a way to help organizations work smarter through optimized asset utilization and reduced costs.
This document discusses proactive management of operational risk. It outlines various types of operational risks including internal fraud, external fraud, workplace safety violations, and system failures. It also discusses potential areas of loss from an operational risk perspective as defined by the Basel Committee. These include losses from people, processes, systems, and external events. The document then examines costs of operational losses and provides examples of potential losses including penalties from FERC and impacts of Dodd-Frank regulations. It emphasizes the importance of planning for risk through developing an operational risk capability including assessing requirements and impacts, identifying gaps, and creating a roadmap to address gaps over time. The goal is to effectively manage operational risk on an ongoing basis.
Partes is a company that offers fleet risk management services including risk consulting, benchmarking and tendering, implementation, and claims management. They have over 15 years of experience in the fleet and insurance industry. Their services are aimed at reducing a company's total cost of fleet risk through flexible solutions and clear performance indicators. They use a proven APAC methodology involving data gathering, risk assessment, and evaluation of alternatives to deliver cost savings of up to 20% on fleet insurance costs.
This document discusses stress testing frameworks and critical success factors. It covers topics such as stress testing models, scenarios, risk types, aggregation, business impacts, and mitigation plans. The key aspects are robust stress testing models across all material risk types, senior management buy-in and use of insights to address issues, and embedding stress testing into the decision-making process consistently across the organization. Data reconciliation and clearly defined scenarios are also important factors.
Introduction to Operational Risk Management for Bank Junior Officers in Indiamlvenkat
This is an introductory, self-explanatory presentation on Operational Risk Management for Junior officers in Banks in India, illustrated with lots of interesting images to make the concepts easy to understand. Follow the link at the end of the slides to read interesting Op Risk stories compiled from day to day banking, which can be used for group exercise or better personal understanding. (Answers are not given! You have to generate them yourselves or from team members ! ).
(The story on Corporate Banking may appear similar to the recent Banking scam -Feb 2018- in India, but then, similar frauds have been repeatedly happening in one Bank or the other in the last 30 years in India. Neither Commercial Banks in India nor Reserve Bank of India have learnt the operational risk lessons).
You are free to use the slides and my stories for your work.
You can customise the stories to suit your banking environment and/or to add your own Bank stories to build up a library of Op Risk events.
I acknowledge and thank Internet and all original creators for providing cartoons, illustrations, photos, jokes and information which I have liberally used in the PPT.
This document discusses qualifying IT infrastructure. It addresses why infrastructure needs to be qualified, regulatory expectations, and risk assessment. Regulatory agencies now scrutinize infrastructure control since networks are considered part of computerized systems. A key point is that infrastructure is treated differently than applications in validation due to its dynamic nature. Risk assessment involves analyzing risks and evaluating if they are acceptable. The document provides examples of infrastructure risk assessment and outlines controls to mitigate risks. Overall it emphasizes the importance of having control over infrastructure to ensure systems can be considered validated.
The document discusses governance, risk management, and compliance (GRC). It defines GRC and explains why it is important for organizations. It then discusses how collaboration can help in a GRC world and provides perspectives on GRC from functional roles like the chief legal officer, chief risk officer, and chief information security officer. The document presents IBM's GRC framework and reference architecture. It is intended to outline IBM's general product direction but plans are subject to change.
Reporter is a software that provides automated reporting, monitoring, and alerting for IBM Tivoli Storage Manager (TSM) environments. It collects live data from TSM servers without impacting performance and generates over 500 reports, graphs, and charts. Reporter helps ensure TSM servers are running smoothly, identifies potential problems, and confirms compliance with service level agreements. It provides historical trending for capacity planning and troubleshooting.
The client needed to replace an outdated standalone system with an integrated trust banking system. ObjectFrontier developed a solution including an investment management system, corporate trust system, unit investment trust funds system, general ledger system, and loan management system. The new system provided a high degree of automation, integration between systems, and fine-grained administrative controls, resulting in a robust and scalable trust banking system.
Come to this session to learn how Novell Compliance Management Platform addresses risk management, access management, and continuous controls testing and monitoring using an identity management based approach. See how Novell Identity Manager and Novell Sentinel provide an end-to-end solution for preventative and detective controls. We'll show you how the Role Mapping Administrator can manage roles-based access to authorizations in enterprise applications. We'll also show how Identity Tracking can not only report on user activity across enterprise applications, but also blend multi-source technical events with business-relevant data to provide identity-based dashboards and reports.
Presentation for the Bio Supply Management Alliance webinar "Identifying Risks in the
Biotech Global Supply Chain:
TECHNIQUES AND CHALLENGES"
This webinar was presented on June 18, 2009. The sponsors for the webinar were Marsh, Deloitte, and APICS Golden Gate Chapter
This Webinar was presented on Thursday, June 18, 2009.
The audio can be found on http://www.biosupplyalliance.org/identifying-risks-webinar.html
Duration: 110 Minutes
Governance, Risk, and Compliance ServicesCapgemini
Capgemini’s integrated and centralized approach to Governance, Risk, and Compliance (GRC) breaks through traditional functional silos to deliver effective enterprise risk management and compliance as a continuous process. We help organizations manage a range of enterprise risks in the areas of IT, finance and accounting, operations, and regulatory compliance with flexible solutions comprised of a highly qualified CPA and CISA talent pool, innovative tools, and our unique collection of GPM best practice processes and controls.
AIA SOX Conference May 2009 - CCM & Data Analyticsprosenzw69
Continuous control monitoring (CCM) is an integrated set of processes that uses technology to automate the monitoring of control environments, identify control exceptions based on predefined rules, and reduce risks. CCM deployments often focus on access and application controls but interest in transaction monitoring is increasing. CCM capabilities can optimize value by sufficiently covering end-to-end processes. Proper CCM roadmaps and exception management are key to ensure objectives are met and sustained over time.
A Financial Planning Leader Streamlines Audit, Risk and Compliance MetricStream Inc
Case Study - A Financial Planning Leader selected MetricStream to automate and streamline audit, risk and compliance management (GRC) across the Enterprise.
Mc Gladrey Financial Institutions ServicesLinkedInLeo
McGladrey provides specialized business services for financial institutions including assurance services, tax preparation and planning, risk management strategies, regulatory compliance, loan reviews, and strategic planning. Their experienced professionals help financial institutions address challenges, identify and mitigate risks, ensure compliance, and strategically plan for the future.
This document discusses how a leading global payment company automated its internal audit management process using MetricStream's solution. The company was facing challenges with a manual, inefficient audit process and lack of integrated risk management. MetricStream provided its Internal Audit Management solution integrated on its GRC platform, allowing centralized, risk-based auditing across the company's global operations. The solution consolidated the audit process, from risk assessment to reporting, and provides role-based access, improved visibility, and more efficient resource management for audits.
The document discusses Novell's Access Governance Suite, which helps organizations reduce costs, manage complexity, and mitigate risks related to access governance and identity management. It outlines the growing risks and regulations organizations face, and how the suite provides visibility and automation to help with continuous access lifecycle management. Implementing the suite can help contain costs through reduced compliance audit costs, improved productivity, and staff redeployment. It can also help avoid costs from fines, loss of customers or revenue, and operational impacts. The suite further helps avoid risks from inappropriate access, aged entitlements, and orphaned accounts. The document calls organizations to schedule demonstrations and assessments to build business cases for implementing access governance solutions.
Solvency II is the biggest regulatory change to bring insurers and reinsurers under one regime. It impacts all areas of a business and requires an enterprise-wide initiative. Early adopters are helping set industry standards. The Gain-Line Consortium provides Solvency II expertise and resources to help clients develop customized solutions. Solvency II requires alignment across functions and consideration of multiple stakeholders' priorities through effective risk management.
1) The document describes a large financial organization that uses MetricStream's operational risk management solution to improve collaboration, integrate risk processes across subsidiaries, and gain real-time insights into operational risks.
2) Previously, each subsidiary managed risks separately using siloed systems and processes, which led to duplication and lack of transparency.
3) MetricStream provided an integrated GRC platform to automate workflows, conduct risk assessments, define controls, and monitor key risk indicators across the organization. This improved efficiency, transparency, and proactive risk management.
Sound Credit Risk Experience Sharing Vietnam Fsa And BankEric Kuo
The document discusses credit risk management and can be grouped into 3 important parts: credit rating, underwriting, and management. It provides examples of rating models that focus on different business segments and discusses factors to consider in building an internal rating system, emphasizing the importance of data. It also covers credit risk measurement standards outlined in Basel II and the process of mapping internal ratings to external ratings.
This document discusses IBM's solutions for IT asset management challenges. It outlines common challenges around reducing IT costs, enhancing operational efficiency, managing multiple asset systems, and maintaining compliance. It then presents IBM's unified solution for asset and service management, highlighting key capabilities like integrated applications and processes, a common data model, process automation, custom workflows, common reporting, compatibility, and an integration framework. The solution is presented as a way to help organizations work smarter through optimized asset utilization and reduced costs.
This document discusses proactive management of operational risk. It outlines various types of operational risks including internal fraud, external fraud, workplace safety violations, and system failures. It also discusses potential areas of loss from an operational risk perspective as defined by the Basel Committee. These include losses from people, processes, systems, and external events. The document then examines costs of operational losses and provides examples of potential losses including penalties from FERC and impacts of Dodd-Frank regulations. It emphasizes the importance of planning for risk through developing an operational risk capability including assessing requirements and impacts, identifying gaps, and creating a roadmap to address gaps over time. The goal is to effectively manage operational risk on an ongoing basis.
Partes is a company that offers fleet risk management services including risk consulting, benchmarking and tendering, implementation, and claims management. They have over 15 years of experience in the fleet and insurance industry. Their services are aimed at reducing a company's total cost of fleet risk through flexible solutions and clear performance indicators. They use a proven APAC methodology involving data gathering, risk assessment, and evaluation of alternatives to deliver cost savings of up to 20% on fleet insurance costs.
This document discusses stress testing frameworks and critical success factors. It covers topics such as stress testing models, scenarios, risk types, aggregation, business impacts, and mitigation plans. The key aspects are robust stress testing models across all material risk types, senior management buy-in and use of insights to address issues, and embedding stress testing into the decision-making process consistently across the organization. Data reconciliation and clearly defined scenarios are also important factors.
Introduction to Operational Risk Management for Bank Junior Officers in Indiamlvenkat
This is an introductory, self-explanatory presentation on Operational Risk Management for Junior officers in Banks in India, illustrated with lots of interesting images to make the concepts easy to understand. Follow the link at the end of the slides to read interesting Op Risk stories compiled from day to day banking, which can be used for group exercise or better personal understanding. (Answers are not given! You have to generate them yourselves or from team members ! ).
(The story on Corporate Banking may appear similar to the recent Banking scam -Feb 2018- in India, but then, similar frauds have been repeatedly happening in one Bank or the other in the last 30 years in India. Neither Commercial Banks in India nor Reserve Bank of India have learnt the operational risk lessons).
You are free to use the slides and my stories for your work.
You can customise the stories to suit your banking environment and/or to add your own Bank stories to build up a library of Op Risk events.
I acknowledge and thank Internet and all original creators for providing cartoons, illustrations, photos, jokes and information which I have liberally used in the PPT.
This document discusses qualifying IT infrastructure. It addresses why infrastructure needs to be qualified, regulatory expectations, and risk assessment. Regulatory agencies now scrutinize infrastructure control since networks are considered part of computerized systems. A key point is that infrastructure is treated differently than applications in validation due to its dynamic nature. Risk assessment involves analyzing risks and evaluating if they are acceptable. The document provides examples of infrastructure risk assessment and outlines controls to mitigate risks. Overall it emphasizes the importance of having control over infrastructure to ensure systems can be considered validated.
The document discusses governance, risk management, and compliance (GRC). It defines GRC and explains why it is important for organizations. It then discusses how collaboration can help in a GRC world and provides perspectives on GRC from functional roles like the chief legal officer, chief risk officer, and chief information security officer. The document presents IBM's GRC framework and reference architecture. It is intended to outline IBM's general product direction but plans are subject to change.
Reporter is a software that provides automated reporting, monitoring, and alerting for IBM Tivoli Storage Manager (TSM) environments. It collects live data from TSM servers without impacting performance and generates over 500 reports, graphs, and charts. Reporter helps ensure TSM servers are running smoothly, identifies potential problems, and confirms compliance with service level agreements. It provides historical trending for capacity planning and troubleshooting.
The client needed to replace an outdated standalone system with an integrated trust banking system. ObjectFrontier developed a solution including an investment management system, corporate trust system, unit investment trust funds system, general ledger system, and loan management system. The new system provided a high degree of automation, integration between systems, and fine-grained administrative controls, resulting in a robust and scalable trust banking system.
Come to this session to learn how Novell Compliance Management Platform addresses risk management, access management, and continuous controls testing and monitoring using an identity management based approach. See how Novell Identity Manager and Novell Sentinel provide an end-to-end solution for preventative and detective controls. We'll show you how the Role Mapping Administrator can manage roles-based access to authorizations in enterprise applications. We'll also show how Identity Tracking can not only report on user activity across enterprise applications, but also blend multi-source technical events with business-relevant data to provide identity-based dashboards and reports.
Presentation for the Bio Supply Management Alliance webinar "Identifying Risks in the
Biotech Global Supply Chain:
TECHNIQUES AND CHALLENGES"
This webinar was presented on June 18, 2009. The sponsors for the webinar were Marsh, Deloitte, and APICS Golden Gate Chapter
This Webinar was presented on Thursday, June 18, 2009.
The audio can be found on http://www.biosupplyalliance.org/identifying-risks-webinar.html
Duration: 110 Minutes
Governance, Risk, and Compliance ServicesCapgemini
Capgemini’s integrated and centralized approach to Governance, Risk, and Compliance (GRC) breaks through traditional functional silos to deliver effective enterprise risk management and compliance as a continuous process. We help organizations manage a range of enterprise risks in the areas of IT, finance and accounting, operations, and regulatory compliance with flexible solutions comprised of a highly qualified CPA and CISA talent pool, innovative tools, and our unique collection of GPM best practice processes and controls.
AIA SOX Conference May 2009 - CCM & Data Analyticsprosenzw69
Continuous control monitoring (CCM) is an integrated set of processes that uses technology to automate the monitoring of control environments, identify control exceptions based on predefined rules, and reduce risks. CCM deployments often focus on access and application controls but interest in transaction monitoring is increasing. CCM capabilities can optimize value by sufficiently covering end-to-end processes. Proper CCM roadmaps and exception management are key to ensure objectives are met and sustained over time.
A Financial Planning Leader Streamlines Audit, Risk and Compliance MetricStream Inc
Case Study - A Financial Planning Leader selected MetricStream to automate and streamline audit, risk and compliance management (GRC) across the Enterprise.
Mc Gladrey Financial Institutions ServicesLinkedInLeo
McGladrey provides specialized business services for financial institutions including assurance services, tax preparation and planning, risk management strategies, regulatory compliance, loan reviews, and strategic planning. Their experienced professionals help financial institutions address challenges, identify and mitigate risks, ensure compliance, and strategically plan for the future.
This document discusses how a leading global payment company automated its internal audit management process using MetricStream's solution. The company was facing challenges with a manual, inefficient audit process and lack of integrated risk management. MetricStream provided its Internal Audit Management solution integrated on its GRC platform, allowing centralized, risk-based auditing across the company's global operations. The solution consolidated the audit process, from risk assessment to reporting, and provides role-based access, improved visibility, and more efficient resource management for audits.
This document discusses how financial services firms are converging their finance, risk, compliance and treasury functions in response to regulatory pressures and market changes. It outlines trends driving this convergence, including increased complexity, competition and regulatory uncertainty. Firms must ensure financial and strategic decisions minimize risk exposure and consider impacts on customers, transactions and investments. The document also examines priorities firms are investing in, such as risk management and compliance, and how better integrating data and perspectives across divisions can help optimize goals around profitability and risk management. Examples of scenarios where converged information strategies could help with regulatory reporting and capital adequacy assessments are also provided.
The document provides an overview of ISO 9001:2008 quality management standards. It discusses key aspects of a quality management system including quality assurance, quality control, planning to prevent defects, inspection and measurement techniques, customer satisfaction, and continual improvement. It also covers topics like managing documents and records, handling non-conforming products, internal audits, and defining the scope of registration.
The company was facing challenges in managing risk across its global operations due to a lack of consistent reporting, data analytics, and collaboration between teams. It implemented the MetricStream enterprise risk management platform to gain visibility into its entire risk profile, integrate fragmented risk initiatives, and identify and assess key risk exposures. The MetricStream solution automated reporting, enabled real-time data analysis, and provided tools to monitor and track risks, issues, and remediation efforts. This helped align the company's risk management activities with its corporate goals.
The document summarizes a payroll fraud monitoring solution from SymSure that uses automated tests to define and monitor controls within a company's payroll processes. It detects fraudulent activities like ghost employees or unauthorized pay changes. When issues are found, it generates alerts and guides remediation workflows. The system is compatible with various data sources, provides visualization of control environments and metrics, and helps make the payroll compliance process more independent, efficient, and auditable.
Systar's Process Performance for Check Image application addresses the challenges of efficiently monitoring electronic check processing. It provides real-time visibility into check volumes and values moving through the landing, processing, and sending zones to identify issues. The application alerts users to potential problems, helps meet SLAs, increase processing volumes and revenue while reducing costs through automated monitoring.
This document provides an overview of general employee risk management. It begins by giving examples of why risk management is needed to avoid costly jury awards or fraudulent charges. It then defines risk as a measure of uncertainty about the outcome of events or decisions that can be positive opportunities or negative risks. The objectives are to help identify risks, create risk management process awareness, and increase risk management understanding. It outlines the flow of internal risk control procedures and gives an example of a procedural certification checklist. It describes the risk assessment process including risk identification, measurement, prioritization. It provides worksheets to identify activities, choose risk factors, and weight risks. Finally, it discusses how identified risks are managed through controls.
Case Study - MetricStream offers a comprehensive GRC solution that addresses a wide range of health care regulations to reduce the overall cost of compliance management.
This whitepaper discusses quantifying soft cost savings from implementing a vendor management system (VMS) or managed services program (MSP) for contingent workforce management. Soft savings include efficiency gains, reduced risks and legal liabilities, improved quality, and other benefits. The paper provides two methods for unearthing tangible elements of soft savings: 1) Identifying the nearest related tangible benefit and quantifying associated cost/revenue drivers, and 2) Examining the chain of actual measures leading to the end benefit and quantifying each step. Implementing an effective VMS/MSP program can result in total savings of 10-25% of spend within the first 18-24 months through both hard and soft savings.
To keep pace with the ever increasing demand for real-time customer service, shifting to mobility has become inevitable for the insurance industry. In today's scenario, where real-time servicing of customer requests 'on the fly' has become a norm, mobile technology seems ideally positioned to
enable insurers gain a competitive advantage.
To keep pace with the ever increasing demand for real-time customer service, shifting to mobility has become inevitable for the insurance industry. In
today's scenario, where real-time servicing of customer requests 'on the fly' has become a norm, mobile technology seems ideally positioned to
enable insurers gain a competitive advantage. Mobile solutions enable faster and improved communications between customers, field agents,
and the central processing office of the insurer.
Adopting mobile technology can help insurers
enhance customers' experiences, increase
productivity, while keeping a check on costs, and
mitigating operational risks.
This document describes Aerice Risk Management's comprehensive risk management framework and services. It addresses typical issues financial institutions face around increased regulation, governance, resources, and systems. Aerice offers solutions across key risk areas like credit, market, liquidity and operational risk. Their approach involves reviewing existing risk frameworks, implementing standards, and change management. They have experience delivering risk solutions for major private and public organizations.
Operational Risk Management under BASEL eraTreat Risk
Operational risk have always ignored by Banks as they thought Credit and market risks can cause catastrophe. But history of misfortunes taught us different lessons. Controls and internal audit have long been construed as guard till BASEL II dictates forced banks to look with insight. Understand the dimension of ORM in this presentation.
The document examines the costs of a manual expense filing and reimbursement process at a small company with 300 employees over 12 months. Through simulation, it was found that processing 2500 expense reports per year could cost the company up to $1.35 million in unbilled costs. The simulation identified that employees spent the most time gathering receipts and preparing reports, while managers were the second highest cost due to reviewing expenses. The analysis suggests streamlining the process through automation, expense thresholds for different approvers, and other methods to reduce hidden costs.
[weave] Risk and Compliance - Less but Better, Optimizing controlsonepoint x weave
The document discusses optimizing controls by making them less but better. It argues that accumulating more controls does not necessarily improve performance and that controls should be considered a business process. The vision is for controls to be proportionate to risks, with the control system efficiently linking processes, risks, and controls through a dynamic risk management tool. The goal is to design an optimal control plan that eliminates redundant or ineffective controls.
[weave] Risk and Compliance - Less but Better, Optimizing controls
Sym Sure Loan Portfolio
1. Solution Overview WWW.SYMSURE.COM
Loan Portfolio Monitoring
Commercial Lending Purpose of an Audit
The primary business activity for commercial banks is In the context of banks, financial institutions and other
lending and therefore the loan portfolio represents one enterprises in the financial services sector, the quality
of the largest assets and a predominate source of of the loan portfolio has singular significance. Portfolio
revenue. It is also a great source of risk to a bank’s audits are therefore required to determine, by review
safety and soundness. Whether due to lax credit of electronic records, any activities or conditions that
require attention before they become problems.
standards, poor portfolio risk management, or
weaknesses in the economy, loan portfolio problems
have historically been the major cause of bank losses
and failures. SymSure Loan Portfolio
Solution
While annual audits of loan portfolios may address
these risks, experience has revealed that continuous The focus of the solution is to automate the definition
monitoring of the portfolio is the preferred approach. of governance, risk and controls within the financial
Identifying control breaches, anomalies and high risk institution’s lending process. As outlined in Figure 1,
activities early and employing a firm remediation the financial institution is allowed to define the control
strategy often prevents and certainly minimizes the environment from loan origination to servicing and
impact of any potential impairment of the portfolio. portfolio management. Once completed, SymSure’s
monitoring framework examines all electronic activities
to detect control breaches and alert the relevant
persons automatically.
2. SymSure™ Framework
Governance, Risk & Controls Remediation – Routing, Alerts, Reporting and Visualization –
Definition and Monitoring Follow-up, Escalations, etc. Compliance, Regulatory,
Dashboards, Metrics
ORIGINATION SERVICING MANAGEMENT
PROCESS FLOW
Application processing Payments Risk management
Due diligence Accounting Portfolio Metrics
Approvals Adjustments Compliance
Account creation Rescheduling Reporting
Loan scheduling Write-offs Performance
Collateral Refinancing
Figure 1 – SymSure Monitoring Business Process
Figure 1 – SymSure Monitoring Business Process
SymSure Workflow and Reporting
When an event occurs, relevant alerts are triggered Reports include:
and a stringent remediation process is followed to • Key portfolio metrics
• Loan loss provisioning and rates
ensure that high risk activities are addressed as
• Portfolio at risk and repayments rates
stipulated by the business process owners. • Best practice comparisons
• Loan risk concentration
Other key aspects of the solution are the automation Standard dashboards are included in the framework:
of the reporting functions and visualization of the • Trending of results across dates
control environment. SymSure automates key • Grouping by risk ranking
• Grouping by status (new, pending, overdue, etc.)
reporting for stakeholders, including regulators.
• Comparisons across processes and users
2 SOLUTION OVERVIEW
3. Sample of Reports
Origination
Disbursement and original loan amount varies
Loan disbursement date and loan start date differs
Loans without schedules or incorrect schedules
Policy variations at origin – rates, term, principal, fees, penalties, moratorium, etc.
Service charges differ from policy
Other charges differ from policy
Loan approval limits exceeded
Collateral information missing/incomplete
Potential duplicated disbursement
Servicing
Changes to schedules
Customer record changes
Principal repayments consistently different from schedule
Arrears incorrect
Prepayments not being applied
Payments applied incorrectly
Delinquency analysis/reports
Loans written off but not according to policy
Write offs not accounted for in the G/L.
Policy variations at servicing – rates, term, principal, fees, penalties, moratorium, etc.
Suspicious rescheduling, write-offs, refinancing
Loan term changes for a delinquent loan
Lump-sum payments on overdue loan followed by another loan disbursement
New loan disbursed to customer with overdue loans
Ex-employees still receiving employee loan terms
Delinquent loan not flagged properly by system
Suspicious loan account changes
Management
Loan classifications inconsistent/inaccurate
Segregation of duties violations - approval, disbursement, adjustments, scheduling, etc.
Know your customer (KYC) violation
G/L entries incorrect
Loan Officer performance reports
Loan security margin below policy
Portfolio concentration analysis
Loan loss provision report - loan loss provision ratio
Other indicators - arrears, portfolio at risk (PAR)
Aged portfolio at risk (PAR) and repayment rates (RR)
Expected maturities within period
Key parameters – disbursements, arrears, rescheduling, refinancing, write-offs,
payments, terms.
3 SOLUTION OVERVIEW