Screens & data fields, workflow stages, review & approval cycles and reporting can be built to suit the unique Risk and Compliance Management practices of each organisation without coding effort. The risk team or the operational departments can be enabled to define this with minimal training.
- Ensures the quick Implementation of the system and processes
- Customizations can be done using Configurations without Coding
- Business Users can maintain and manage the application
- Real time changes enhance end user and business as usual usage
Standardised business user screen designs ensures that all the staff in the organisation have very few clicks and navigations to learn. The clean clutter free user interface makes complex applications like risk management more welcoming. These user considerations allows fast adoption and fosters sustainable usage from everyone.
- Risk management activities can be implemented organization wide
- Enables employees to be more forthcoming to report Risks
- Better data is available for accurate analysis and mitigations
- Enhances the Risk Culture across the organization
- Loss events and other Incidents can be reported across any line of defense.
- Managers and Risk teams get early warning notifications and can track incidents to closure.
- Insurance recoveries for losses can be updated as and when they occur.
- Intuitive Dashboards allow you to analyze trends.
Manage Risks at Strategic or Process Level
TOP DOWN RISK MANAGEMENT
Risk Central provides the framework for Top-Down risk management for Enterprise and Business risks. The application has 2 levels, the Enterprise and Business Levels, where risks related to Enterprise entities like Strategy, Operations, IT and Business entities like Product Lines, Business Lines can be defined.
Risks can be linked and a hierarchy can be created, and where necessary Bottom-Up risks too can be associated.
BOTTOM UP RISK MANAGEMENT
The Execution Level of the solution addresses the Bottom-Up approach for Departmental, Process, Product, and other risks. An unlimited parent-child risk hierarchy can be created at this level to deliver granular management of risk areas.
These risks can also be linked to Business or Enterprise level risks depending on the organizational needs.
Loss events and other Incidents can be reported across any line of defence.
Managers and Risk teams get early warning notifications and can track incidents to closure.
Insurance recoveries for losses can be updated as and when they occur.
Intuitive Dashboards allow you to analyse trends.
INTEGRATION WITH THIRD-PARTY SYSTEMS
Risk Central provides Rest APIs to collect Incident information from other systems.
Excel based templates support upload of Incident data.
Dashboards can be designed to provide integrated views for Risk Monitoring.
System allows to create recurring time-based compliances and monitor the status regularly. Automatically triggers compliances to the right users in the organization allowing them to update compliances as complied and upload proof.
Automatic compliance reminder and escalations keeps compliance owners updated on upcoming compliances increasing the overall compliance level of the organization.
Objective Library and Balanced Scorecard
Risk Central can be used to define the Strategic Objectives and supports Performance Management.
This module can be used as a simple library of Objectives and Key Performance Indicators. The module works as a comprehensive Balanced Scorecard as well for robust Performance Management. Specific or common Scorecards can be assigned to multiple Roles and Users enabling both individual and common goals to be achieved. Risks can be linked to Objectives and KPI’s can be associated to KRI’s using custom formulas to achieve the ‘Likelihood of Success’ / ‘Objective Centric Risk and Certainty’ management metrics.
Automated workflows and Initiatives management ensures that everything is actionable and measurable.
Entity and Risk Hierarchies
Risk Central allows to see all potential risks in one place, to prioritize those risks, assign ownership, and to respond to them.
The Entity Hierarchy allows for hierarchical structure of Business Units, Product Lines, Business Line, Business Services, Departments, Assets, Vendors and other elements to be defined across 3 levels – Enterprise, Business and Execution.
The Risk Hierarchy enables a parent-child taxonomy to be defined centrally and assigned to Roles and users across the 3 levels defined in the Entity Hierarchy. The Risks can be assigned to Business Units or even to satellite administrative units like BCM or HR to manage specific Risks across multiple Departments.
Risk Registers and Risk Control Self-Assessment (RCSA)
The Risk Registers enables Risk Assessments and Risk Treatments to be performed by authorised personnel.
Risk Central provides a comprehensive RCSA solution, that allows organizations to conduct regular risk-control reviews, with simplicity across a wide range of identified risks and evaluating associated controls and their effectiveness.
Questionnaires/Surveys can be used to collect some or all of the information required for an RCSA. The system can auto calculate residual risks based on various events and changes or exceptions happening in the underlying processes.
RCSA outputs are used for the development of risk action plans. Action plans might include improving the effectiveness of existing controls or introducing new controls to address issues.
Qualitative, Quantitative Scoring and Rollups
The application allows scoring of Risks using Qualitative or Quantitative values. The formulas to rollup the Risk values both across Risk Hierarchy and Entity Hierarchy can be defined.
The system automatically rolls-up the values based on the formulas.
The Controls framework within the application is designed to address the need where one set of controls being applicable to multiple Standards and Frameworks. Controls can be reused across External Standards and Frameworks like ISO, NIST, GDPR, HIPAA or others as well as internal policy frameworks.
Controls and Control Objectives can be defined and assessed once and used for compliance as well as Risk Management across the system. This dramatically reduces the effort to manage and monitor multiple controls across various entities.
Incident Management - Risk Events/ Loss Reporting
Risk Central has capabilities with consistent procedures for incident management i.e. incident or event recording, triaging, investigating, tracking, and closure. Incidents can be linked to organizations, processes, controls, risks, policies, and regulations to identify compliance or regulatory risk.
Events & Loss reporting workflow is business user configurable to adapt to unique organizational requirements. Automated alerts and notifications are triggered to relevant stakeholders when incidents are initiated.
Issue Management and Remediations
Issues and Remediations can be raised from various modules in the system. Multiple workflows each having their own data collection fields for different kind of Issues and Remediations can be defined. These can then be assigned to stakeholders for tracking and closures.
Remediation workflows can also be integrated with other IT systems like IT Patch Management or Network Management systems to deliver the complete lifecycle of issue resolution.
Deviations & Self-Attestations
Control Exceptions/Deviations with their severity can be tracked and managed within the application using a configurable workflow.
Users can provide self attestations periodically for having closed the deviations on controls, policies and process exceptions taken by them. This feature allows users to provide confirmation of compliance ensuring the organizations stay compliant with regulatory and policy requirements. Monitoring dashboards allow organizations to track these exceptions and deviations to closure.
Key Indicators (KIs)
The solution supports Key Risk Indicators (KRI’s), Key Control Indicators (KCI’s) and Key Performance Indicators (KPI’s). Both leading and lagging indicators along with thresholds and notifications can be set using the comprehensive Rules Engine. The schedules set on each indicator generates tasks automatically for stakeholders to input the indicator values during the manual type of metric collection.
IT systems within the organization can be integrated for all or a specific metric enabling automatic data collection without needing manual input and reporting. The solution can be integrated with Business IT systems like Core Banking, ERP, CRM and others as well as IT Infrastructure and Security Management systems.
This is a proprietary 360 degrees risk analysis feature that enables to understand the risk drivers and their impacts based on the interlinkages.
Impact analysis can be performed on various drivers of any element for primary and derived interconnectedness.
Configurable Workflows, Drag & Drop Forms
Risk Central Workflow management system automates multi step processes that exist between any combination of entities / stakeholders to achieve better business outcomes.
Screens & data fields, workflow stages, review & approval cycles and reporting can be built to suit the unique Risk and Compliance Management practices of the organisation without coding effort. The risk or the operational departments can design new workflows without needing IT help.
Heatmaps, Dashboards & Reports
The application provides canned Heat Maps as well as Reports and Dashboards for every module.
Adhoc Reports and Heatmaps can be designed by Business Users using the Dashboard Designer and the Heatmap Designer. These can then be assigned to users and roles within the system.
The intelligent Access Management feature delivers the right data within these reports to the right users based on the Role they are assigned in the system.
Incident management is a process of identifying, analyzing, and resolving critical incidents that could lead to issues in an organization if not restored. The goal of incident management is to restore normal service operation as quickly as possible and to minimize the impact of the incident on the business.
The preparation stage involves developing and documenting an incident management plan. This plan should include the following:
- A definition of what constitutes an incident
- A process for reporting and escalating incidents
- A list of contact information for key personnel
- A set of procedures for resolving different types of incidents
Detection and analysis
The detection and analysis stage involves identifying and understanding the incident. This involves gathering information from the affected users, systems, and logs. The goal of this stage is to determine the scope of the incident and its impact on the business.
Containment, eradication, and recovery
The containment, eradication, and recovery stage involves taking steps to contain the incident, eradicate the root cause, and recover from the incident. This may involve restoring data from backups, applying patches, or changing configurations.
The post-event activity stage involves reviewing the incident and taking steps to prevent similar incidents from happening in the future. This may involve updating documentation, training staff, or implementing new processes.
By having a well-defined incident management plan and procedures, organizations can minimize the impact of incidents on their business.