QPR Risk Management and Compliance Solution

1
QPR Risk Management andCompliance Solution
2
Agenda

• Risk Concepts and Definitions
• Risk Management and Compliance Drivers
• Common Challenges
• Turning Risks into Opportunities
• QPR Risk Management and Compliance Solution
• Customer References
• Questions and Answers

3
Risk Concepts and Definitions
Risk The combination of the probability of an
event and its consequences that has an influence
on achieving organization's objectives
Assessment Assess the identified risks to their
potential severity of loss and to the probability
of occurrence. Assess and test the validity of
established controls
Risk Management Integrated framework for
managing organization-wide risks in order to
maximize organizations value Compliance System
s to ensure that organizations are aware and
comply with relevant laws and regulations
Regulation Legal restrictions enforced by
governments or other regulatory bodies
Audit An independent, objective assurance and
consulting activity designed to help
organizations accomplish objectives by bringing a
systematic, disciplined approach to evaluate and
improve the effectiveness of risk management,
control, and governance processes.
Control Specific set of policies, procedures and
activities designed to monitor and mitigate risks
4
Risk Management Compliance Drivers Grow Stronger
Governmental SOX, J-SOX etc.
Non- Binding ISO 9000, ITIL
Industry-Specific Basel II, FDA,
FERC, FAA
Reengineering
Outsourcing
Globalization
Geo-Political Factors
Natural Disasters
Offshoring
Joint Ventures

• External forces
• Opportunities and threats
• Political environments
• Economic environments
• Regulatory environments
• Increasing litigation
• Increased scrutiny by financial markets

• Internal forces
• Meeting the challenge
• More dynamic complex business
• Businesses become more distributed
• Regulatory environments
• Increasing litigation
• Increased scrutiny by financial markets

Investor Demands
5
Examples
6
What are The Common Challenges?

• Risk and compliance are managed reactively, not
  proactively
• Risk and compliance are managed in functional
  silos
• Lack of a systematic approach for the whole
  organization
• Multiple regulations are overlapping, causing
  duplicate work
• Regulations and business operations change
  constantly
• Risks are viewed as threats, not as opportunities
• Reacting in an isolated way to each and every
  risk and regulation is inefficient and is
  becoming a huge cost driver
• Management cannot obtain a clear view of risks,
  compliance and the status of internal control

7
How to Turn Risks into Opportunities?

• Proof
• Demonstrate it

• Preparedness
• Active follow up
• Complete, up-to-date overview

• Awareness
• - Common understanding
• - Periodically identify
• Risk communication

• Improve decision making on all organizational
  levels
• Anticipate events in order to gain from them
• Improve stakeholder confidence (investors,
  insurers)
• Comply with all regulations (avoid legal action)

8
QPR Platform Business Benefits
Integrating risk management with strategy,
performance and business process management
Risks
Regulations

• Makes risk identification and communication
  easier
• Provides a commonly understood view of strategy,
• objectives, tasks, processes ? and therefore
  risks
• Improves strategic and operational decision
  making
• Promotes risk-awareness
• Provides a strong driver for continuous process
  improvement
• Driven by risks, regulations, strategic direction
  and performance
• measurement
• Reduces the cost of compliance and audits
• Offers a single point of access to all risk
  compliance related
• information

Business Processes
Strategy Performance
Provides an organization-wide solution to manage
and comply with a multitude of RMC imperatives in
a unified and efficient way
9
Three QPR Solution Areas
Risk Management Compliance A process-oriented
control framework for managing risk compliance
Corporate Performance Management A complete
performance management system for process and
business monitoring and control
Risk Measurement
Enterprise Risk Management
Risk Identification and Documentation
Process Measurement
Business Process Management A process design,
implementation and automation platform supporting
the full BPM cycle
10
Applying CPM and BPM for RMC
Manage just the most important objective-related
risks in order to improve performance
Business-driven
Risk Management Compliance A process-oriented
control framework for managing risk compliance
Risk Measurement
Enterprise Risk Management
Compliance-driven
Risk Identification and Documentation
Ensure all risks (internal external) are
covered by proper controls
11
Risk Management Compliance Cycle

• Identify Assess Risks Regulations
• Identify classify
• Determine likelyhood impact
• Rank their importance
• Decide which to accept, transfer, reduce or
  eliminate

i
feedback
requirements
Enterprise Risk Management Dashboard

• Monitor Report
• Schedule risk assessments
• control checks
• Capture results
• Report

• Implement Policies Controls
• Risk planning
• Make process changes
• additions
• Document
• Communicate

measure
12
Capture all the Risks that are Relevant!
What are all the risks we need to address?
We know the business, but what risks are relevant?
Make sure we are in control
Business risks
Strategy
CEO
Functional Organization Entities
Objectives
Chief Risk Officer
We could be in trouble if...
i
Make sure you comply
Processes
QPR RMC Platform
Process Organization Entities
Regulations
Compliance risks
Regulators
Get everyone involved and facilitate effective
identification of relevant risks
13
Assess Evaluate Risks Your Way!
Our business requires a specific way of
categorizing risks
Probability settings are risk-specific
I need complete freedom in choosing impact
measurement
It would be great if we can allocate risks in
multiple ways
Capture and document risks in a way that best
suits your organization in order to increase
awareness and facilitate an effective,
cost-efficient auditing process
14
Get a Clear View of How all New Identified Risks
are being Addressed
You have one year
We need to take action
QPR Portal Control Actions
Auditor
Chief Risk Officer
Monitor progress Make sure you are on track with
control implementation Actions logging Have a
central point of access to all control actions
15
Communicate Risks and Controls Effectively
One tool that addresses all the risks and
controls I am accountable for
risk / control reuse

• Add risks and controls to the process maps
• Adapt processes where needed
• Communicate to the relevant people to ensure
  awareness

Review previously added risks and identify new
ones
Provide everyone with a clear understanding of
what falls under their responsibility and what
policies procedures to follow to ensure
compliance
16
Get a Complete and Up-To-Date Overview of the
Status of Risks and Controls
Risk Dashboards for SOX, Learning Growth,
Production, Environment, Occupational Health
Analysis, filtering, drill-down... effectively
assess the overall risk compliance profile
Chief Risk Officer
An up-to-date and complete overview of all risk
and compliance information
I now know exactly what I am accountable for and
get alerted when theres a problem
Functional Managers
CEO Management Board
Obtain the ability to react fast and
appropriately to events and the confidence that
things are under control
17
Maintain a Reliable Foundation for Decision
Making and Internal Control
Is this organization in control?
Were in control, were up-to-date and we can
prove it
I get alerted to perform my risk and control
assessments
Chief Risk Officer
I can comment, share ideas and launch actions for
improving controls
Can I trust this information?
Auditor
Investors
Employee
CONFIDENCE All issues addressed appropriately All
activities logged
CEO
Employee
Optimize the organizations capability to
generate value for its stakeholders
18
QPR Benefits

• Reduction of the costs associated with RMC
  activities
• Always a clear, complete and up-to-date overview
  of your business processes, risks and controls
• Get everyone involved Integrate RMC into the
  business
• Facilitate effective reporting to management and
  auditors
• Easy to use Focus on the business user
• Fast to implement
• ? Lift RMC from being a set of tactical, ad-hoc
  initiatives to becoming a strategic advantage

19
QPR RMC Software Benefits All Employees

• Business executives can monitor the state or risk
  and compliance to drive strategic direction
• Risk and compliance officers can be successful in
  the day-to-day management of risk and compliance
  by ensuring its integrated within processes
• Internal and external auditors obtain up-to-date
  reports and can review follow-up activities for
  identified non-conformancies
• Business unit and process managers can answer to
  risk and control assessments and monitor the
  state of risk and compliance in their own area
• Employees, contractors, consultants temporary
  workers have a convenient way of becoming aware
  of policies and compliance issues
• Business partners can participate in conducting
  contract and control assessments

20
Customers
21
H.I.S.

• Profile Globally operating travel operator
• Need Comply with Japanese Sarbanes Oxley Act
• Identify and document business processes and
  associated risks
• Implement controls
• Monitor control effectiveness and appropriateness
• Demonstrate compliance with J-SOX
• Solution Benefits QPR Risk Management and
  Compliance for J-SOX
• Complete and up-to-date overview of all relevant
  risks and controls
• Continuous monitoring of compliance status
  ability to react fast to non-conformancies
• Insight in business processes and their
  performance improved process efficiency and
  productivity
• Implemented organization-wide in lt 1 year

22
Africa Rainbow Minerals

• Profile Globally operating platinum, gold and
  iron mining company
• Need Demonstrate performance of risk control,
  tracking and measurement
• High risk operations satisfy insurance
  stakeholders
• International operations comply with multitude
  of regulations
• Stock-listed company demonstrate compliance with
  listing requirements
• Many partnerships gain control over business
  complexity
• Solution Benefits QPR Risk Management and
  Compliance
• Commitment from management teams to meet defined
  targets
• Timely risk identification and evaluation ?
  Timely action
• Improved decision making and governance Taking
  calculated risks in line with ARM stakeholder
  interests
• Ability to demonstrate the effectiveness of the
  risk management process

23
QPR Mission and Vision

• We help people and organizations to take control
  of their business processes and achieve their
  goals.
• QPR is a highly recognized software vendor
  specialized in process design and control for
  Risk Management and Compliance.

24
Questions and Answers
A!
Q?