News

...now browsing by category

 

Qualitative Risk Assessment Methodology

Tuesday, April 6th, 2010

Inherent Risk Controls Residual Risk

Overview

Risk Assessment is very important as it provides the organization with an objective measure to differentiate between low risks and high risks. Risk Identification is an important step but often we end up with hundreds of risks without a clear way of determining which risks are the ones most important. The Risk Assessment methodology below describes how easy2comply meets these challenges.

Easy2comply also offers the ability to perform a quantitative assessment of the risk as well as a Scorecard / Questionnaire approach. These are not dealt with in this methodology paper.

The qualitative methodology is divided into three components:

  1. Inherent Risk
  2. Controls
  3. Residual Risk

The combination of the Inherent Risk value together with the Controls generates a Residual Risk level

Click to continue »

Posted in News | 1 Response »
Tags: , , , , , ,

How to Implement an Integrated GRC Architecture

Tuesday, January 19th, 2010

Background

Risk Management, Compliance and Govenrnace reforms that followed the corporate failures of the past decade have dramatically changed today’s business environment. Organizations worldwide are coping with a proliferation of new regulations and standards, and are challenged to do so in a way that supports performance objectives, upholds stakeholder expectations, sustains value and protects the organization’s brand.

Recent studies indicate that Fortune 1000 corporations are subject to 35-40 different regulatory mandates and the management of regulation and compliance has become a serious risk factor in itself.  Complying with each individual regulation is always complicated, lengthy and costly.   Managing the burden of complying with multiple and overlapping regulations is becoming increasingly difficult and expensive. The need for an integrated GRC (Governance, Risk Management and Compliance) platform in today’s business environment is obvious.  Despite the hype around this topic, only few organizations have succeeded in implementing a truly integrated GRC platform due to the complexity of the GRC environment.

Click to continue »

Posted in News | 13 Responses »

Basel II – Operational Risk webinar

Sunday, November 22nd, 2009

Easy2comply has its third Basel II – Operational Risk webinar that focused on building effective Risk Management frameworks that can be implemented with smaller budgets and smaller departments.

Many questions were asked and I would like to focus on a few of them as they raise some interesting ideas for all of us.

A risk manager from the United States wanted to know about the overlap between Operational Risk and Sarbanes-Oxley. Whilst this blog won’t go into a lot of detail about the similarities and differences, the point that I made was around Controls coverage.

The SOX program covers all of the controls surrounding the Financial Reporting process, as well as the information flows into the end financials. The analysis on these controls is incredibly rich and deep, from identification, assessment, and all the way through to testing.

In contrast, Operational Risk covers a much broader set of controls across the organization; however the analysis on these controls is generally a lot shallower. Quite often it is sufficient to record that the controls exists and that they work.

These different approaches are both supported by the easy2comply SOX and Operational Risk software. Click to continue »

Posted in News | 6 Responses »
Tags: , , , , ,