our solutions

Governance, Risk Management And Compliance

Governance, Risk Management And Compliance

Governance, Risk Management And Compliance

GRC Information Technologies (IT) governance is the field that collects the concepts of risk control and compliance under its roof. In today’s fast-changing business world, every company has become a necessity (manageable) to manage its strategic and operational risks, enterprise internal controls and compliance with regulatory requirements.

It is not possible to effectively meet these needs without using risk management and compliance, internal control and internal audit tools.

Choosing the right tool is a difficult issue in itself. A product manufactured in consideration of the best practices in the industry, containing standards set by international organizations such as the Institute of Internal Auditors (IIA) and the Open Compliance and Ethics Group (OCEG), and with which you can work in a long-term, healthy and efficient relationship with its manufacturer and / or supplier choosing is the most optimal solution.

With over 15 years of experience, PROYA has joined forces with MEGA International, which has 30 years of experience, and started to offer the Hopex GRC package, one of the most ambitious and comprehensive product families in the field of IRM (Integrated Risk Management)

MEGA’s platform, built on the central repository, ensures that all of your GRC goals are met.

Pains

Lack of risk awareness

  • Companies understand that compliance initiatives don’t always help remove risks.
  • Organizations must promote risk -aware culture.

Managing risks in silos

  • Managing risks in silos does not allow to understand the context and to adapt to rapid business and regulatory environement changes.

Risk impact on the organization

  • Companies have difficulties to quickly and comprehensively assess the impact on risks and business operation.
  • Implement an integrated approach with business operations, to shift from a compliance to a risk-aware culture.
  • HOPEX IRM allows Risk Managers, Auditors, Internal Controllers, Data Privacy Officers, Compliance Officers, CISOs, Legal Counselors, IT teams, and Operational teams to work together towards risk identification and risk control in the most effective and efficient manner.

Understand Risks in the Context of Operations

  • HOPEX IRM uniquely leverages information managed by IT, Business or Privacy compliance to better understand risk context and their impact on the business.
  • Combined with other HOPEX solutions, companies can effectively manage risks globally, ensuring employees share a common understanding of the enterprise assets, processes and technologies while ensuring data privacy compliance.
  • Understanding the context allows to better qualify and quantify the impact of risks

HOPEX Integrated Risk Management Key Benefits

Move to a risk-aware culture

Keep up with constant changes

Managing risks with an integrated approach

Speed-up risk management efforts

Integrated Risk Management New Desktop

  • Encompasses Enterprise Risk Management (ERM), Internal Control (IC) and Incident Management as well as regulatory requirements.
  • Uses a unified desktop

Customizable Dashboards

Use customizable dashboards to efficiently monitor risk management efforts.

HOPEX IRM – Risk Management

With HOPEX IRM, Risk Managers can capture and define Risks:

  • Create a Risk and assign it to the relevant stakeholder
  • Describe the context of the Risk by specifying which part of your Organization is affected
  • Assess Risks directly or launch an automatic assessment campaign
  • Compile and report on Risk Assessment results
  • Capture Risk treatment method
  • Define mitigating efforts with the relevant Controls and/or an Action Plan
  • Report on the efficiency of Risk mitigation efforts with trend analysis

Risk Management Identify Risks

Risk Managers can create a new Risk, capture all relevant information and set Risk Target & treatment method.

Risk Management Define Context

Risk Managers can also define the context of a Risk by specifying which Processes, Entities, Applications and Business Lines are affected.

Risk Management Direct Risk Assessment

  • Risk managers can assess Risk directly…
  • Or assign a stakeholder as Risk Assessors for a particular context.

Risk Assessment Templates

  • Risks can be assessed in all their possible contexts with new assessment templates:
    • Risks per Business Process
    • Risks per Organizational Process
    • Risks per Applications
    • Risks per Business Lines
    • Risks per Entities
  • Risks are assessed by likelihood impact, control level

Risk Management Campaign Follow-up

Risk Manager can monitor the progress of an Assessment Campaigns and report on results.

Risk Management Action Plans

  • Risk managers can define Action Plans to remedy Risks and assign them to the right Contributor…
  • …Who can access his/her assigned Action Plans and other tasks from his dedicated interface.

Dashboard Widgets

Widgets for risks are available from the dashboard:

  • Risk Mitigation, Risks per Status, Risk Heatmap Report (Aggregated), Risk Assessment

Build a custom dashboard and follow up on the overall progress of risk management efforts.

HOPEX IRM – Internal Control

HOPEX IRM supports Controllers in their mitigating efforts:

  • Create Controls and specify which Risks are mitigated
  • Specify which regulatory or business Requirements are implemented
  • Describe the procedures or IT tools as well as the entities implementing the Control
  • Create execution checklists and launch execution campaigns
  • Plan and automate Control assessments
  • Report on the efficiency of the Controls with regards to Risk mitigation

Internal Control Features

  • Internal Controllers can create & define Controls…
  • … And describe how to Control is to be implemented (processes), by whom (entities) and what (applications).

Internal Control Features

  • Internal Controllers can also specify control methods and corresponding execution steps.
  • Several Control execution steps can be created in multiple formats for the same Control. These steps will later be answered by Control Executors.

Internal Control Features

  • Internal Controllers can prepare & launch automated Control execution campaigns that sends control execution checklists to…
  • … Control Executors, who then fill in their execution checklists from their dedicated interface.

Internal Control Features

  • Internal Controllers can monitor the progress of their execution campaigns.
  • And inspect the results of the Control execution.

Internal Control Features

Internal Controllers can assess controls directly and analyze the results.

HOPEX IRM – Incident Management

HOPEX IRM allows you to not only capture Incidents, but also to analyze them:

  • Documents Incidents with dates of discovery and actual occurrence, context, financial consequence and what parts of the organization were affected
  • Review Incidents by the stakeholder responsible for the affected part of the Organization
  • Define, assign and track progress of remedial actions

Incident Management Features

Contributors can declare a new Incident from their dedicated Interface and provide all the relevant information.

Incident Management Features

A different contributor, previously assigned as Incident Approver, can either ask the Incident Declarer for modification, approve or reject the Incident altogether.

Incident Management Features

Prior to validating the Incident, a Risk Manager can

  • Capture financial information regarding the Incident (Loss, Gains, Recoveries & Provisions)

Contextualize the Incident by specifying the materialized Risk, the failing Control and other taxonomy related information

Incident Management Features

Prior to validating the Incident, a Risk Manager can

  • Capture financial information regarding the Incident (Loss, Gains, Recoveries & Provisions)

Contextualize the Incident by specifying the materialized Risk, the failing Control and other taxonomy related information

Incident Management Features

Risk manager can analyze Incidents in different manners (breakdown, evolution, relation to risks, financial…)

  • Incidents vs Net Risk Level
  • Loss Distribution
  • Incident and Loss Breakdown
  • Incident and Loss Evolution

HOPEX IRM – Regulatory Compliance, Controls & Risks

The solution supports Compliance efforts:

  • Manage Regulation Frameworks and create your Organization’s Requirements
  • Specify what parts of your organization are affected by regulatory or business requirements
  • Define Controls implementing regulatory compliance
  • Report on the efficiency of the Controls with regards to Requirements compliance
  • Identify & Manage Risks of Non-Compliance

Regulatory Compliance Shared Features

Compliance Officers can create Requirements as part of either a Regulation Framework or the Organization’s own Requirements.

Regulatory Compliance Shared Features

Compliance Officers can specify what parts of the Organization have to comply with the Requirement (processes, entities and applications).

Regulatory Compliance Shared Features

Compliance Officers can analyze the effectiveness of implemented Controls with regards to compliance following a Control Assessment campaign run by an Internal Controller.

Regulatory Compliance Shared Features

Compliance Officers can also identify Risks of non-compliance. These Risks can then be managed by the relevant Risk Managers. Compliance Officers can also analyze information collected during Risk Assessment campaigns.

Internal Audit

HOPEX gives you the tools necessary to manage your Internal Audit activities:

  • Create long and short-term plans aligned to your board’s strategy and direction
  • Manage your Auditors with regards to their workload, skillset and expenses
  • Generate Work programs/activity plans automatically
  • Assign the best suited Lead Auditor and Auditors to your Audits and corresponding Activities
  • Capture all background information relevant to an Activity as well as define instructions and test sheets for your Auditors
  • Document Findings, raise new Risks and issue Recommendations
  • Track and report on Recommendation progress and launch follow-up Audits when necessary
  • Auditors can continue to do their audit work offline (without internet connection) on Audit Everywhere application.

Internal Audit Features

Audit Directors can group Audits under one Audit Plan. Resources, skills, availabilities, expenses and timelines can be managed for the overall Audit Plan.

Internal Audit Features

Lead auditor can build a Work program for the Audits they are assigned to. Each Activity can have Workpapers and any background information necessary for the Auditor to carry out his/her tasks. Once ready, the Work program is sent to the Audit Director for review.

Internal Audit Features

If an Audit is recurrent, Lead Auditors can save time by « cloning » an already existing Audit’s Work program thus saving planning time.

Internal Audit Features

Once the Auditor has validated the Work program, Audit Activities are sent to the Auditors they have been assigned to. Auditors can then complete the Activity and any Test Sheets he/she has been given to fill.

Internal Audit Features

A Finding being an Incident discovered by the Audit team, Auditors can create new Risks against their Findings. These Risks will then have to be managed by the Risk managers.

Internal Audit Features

Once the Auditors have completed their Activities, documented their Findings, as well as written and assigned their Recommendations to an Auditee, the Activities can be submitted to the Lead Auditor for review.

HOPEX gives you the tools and the information necessary to keep your Internal Audits aligned to your Organization’s strategic priorities:

  • Perform Quality Assurance, Compliance, RBIA and Control Tests
  • Prioritize scope of your Audits to concentrate on the lesser managed Risks and the least performing Controls