Simplified and Unified Enterprise Governance Risk & Compliance
Drive growth with iSPIRAL eGRC solution
Supporting COSO Framework standards
With our eGRC Solution (RCMS Platform) , you can set strategic business objectives and KRIs in one central repository where you can define, classify, and connect risks to control activities within business processes.
This allows end-users to perform impact analysis and generate reports on potentially high-risk areas of the business where controls should be leveraged.
Our enterprise governance, risk, and compliance solutions (Risk Management, Compliance Management, Internal Audit Management, Incident & Loss Management) are fully integrated, and they work perfectly together and apart.
Risk Management
This Module provides an easy-to-use, and efficient means to significantly improve activity execution and data quality for the risk management process. It enables the identification, assessment, and management of risks across an organization. It allows for:
- Custom methodologies for different types of risk assessment or common methodology.
- Strategic and detailed risk assessment.
- Criticality (Business Impact Analysis) assessment.
- Threats, vulnerabilities and controls evaluation.
- Self-assessment capability.
- Risk surveying, rating and monitoring, key risk indicators definition and monitoring.
- Risk response action plans, responsibilities (delegation of responsibility and accountability, and notifications.
Incident & Loss Management
This Module manages all incidents, from financial losses, to workplace injuries through to security breaches. It provides a set of features for documenting, reporting, and investigating incidents and losses. It allows users to register, analyze and manage identified incidents including defining incident management actions, delegating responsibility and aggregating financial losses. It allows for:
- Incident registration and management.
- Enterprise portal user interface for incident registration.
- Detailed data registration.
- Incident analysis and monitoring.
- Loss definition per incident and allocation of loss %.
- Definition of required actions and delegation of accountability.
- Reference to related risks.
Compliance Management
This Module provides the ability to ensure and demonstrate compliance with internal and external standards, legislations, procedures and codes of conduct. It allows users to register and manage compliance requirements stemming from an obligation, either due to a regulation, an external audit or other source. Users can register an obligation (e.g. audit by an external entity – such as PCI) and then add the compliance requirements that need to be managed. Each requirement is registered and the defined actions associated to the fulfilment of the requirement are defined. It allows for:
- Compliance obligation definition.
- Compliance requirements register and analysis.
- Definition of required actions and delegation of responsibility and accountability.
- Reference to related risks.
Internal Audit Management
This Module automates the audit life-cycle and workflow activities. It enables the scheduling, planning, and conducting of audits/assessments, the subsequent identification of non-conformances, and triggering and tracking of recommendations, management responses and actions for improvement. This can be performed either based on standard audit programs or via a risk based approach as a result of a risk assessment. It allows for:
- Audit planning and scheduling.
- Resource planning and scheduling.
- Timesheet management.
- Standard and custom audit programs and checklists.
- Tracking of recommendations, defined actions and non-conformances.
- Data and work-paper document archive.
- Reference to related risks.
Unified Actions & KRIs Monitoring
The Unified Actions Management Module provides central access to all actions to be monitored form the Risk, Compliance, Audit and Incident Management modules. This includes the functionality to assign and follow up actions / tasks and maintain a chronological history of the updates received. It allows for:
- Enterprise portal user interface for unified actions management.
- Grouping and categorization of actions from all modules.
- Updating of action activities and progress.
- Monitoring of action status and progress.
- Delegation of responsibility and accountability.
- Tracking of actions updates and non-conformances.
Alert & Notifications Management
It provides the capability to configure and generate alerts via email and text messages to notify defined users of specific system / data events of interest. This can include expiration of deadlines, registering of a high risk, changes to a risk rating, registering of an incident, assignment of an action, etc. In addition, the system allows users to generate ad hoc alerts to other system users regarding specific information visible through the system interface. It allows for:
- A range of pre-configured alerts.
- Alerting via email or text message.
- User dashboard with pending items for action.
- Ad hoc alert generation.
Reporting & Dashboards
It provides the capability, to generate pre-defined reports, ad hoc reports and to attach and manage documents at all screens / forms of the system. A relevant document can be attached to a specific system form and can be accessed by all users accessing the form or can be searched via the search capabilities. Standard reports can be accessed via the Reports Module and ad hoc reports can be designed and generated by users as needed. It allows for:
- Standard reports.
- Ad hoc reports.
- Attaching, accessing, sharing and searching documents.
- Reporting tools for privileged users.
- Corep Report.
- Capital Adequacy.
Access & Data Management
The RCMS Platform provides a comprehensive access and authorization management module that is utilized to define user roles, authorization parameters and data / project level access control. In addition, a Data Management module allows privileged users to manage the different data elements utilized by the system and create custom data parameters.
The data parameters are utilized by the functionality modules for the execution of the risk and compliance management process activities. It allows for:
- Parameterized universe and methodology definition.
- Comprehensive role, user and data access model.
- Template libraries (e.g. risk library).
- Active Directory integration.
Benefits
- Identify risks and vulnerabilities across departments.
- Keep the appropriate people engaged in each step of your risk process with automated tasks, alerts, and reminders.
- Risk Data within a centralized platform that could meet your specific needs.
- Send to the board configurable dashboards and reports that include risk details and summaries and heat matrices (e.g. RCSA report).
- Integrated, Unified eGRC that includes Risk, Compliance, Audit and Incident Management solutions.
- Reduce Risk of Penalties, Fines Due to Noncompliance.
- Accountability & Risk Awareness.
- Efficient, Continuous and Controlled process.
Client Stories
Bank of Cyprus
Bank of Cyprus, with a long presence and tradition in the banking and financial services in Cyprus, has selected iSPIRAL and its Enterprise GRC solution to tackle its Risk Management & Compliance processes.