Ian Abrahams

1
Ian Abrahams

• An Integrated
• Risk Mngt, Compliance Audit Solution

CorProfit Systems Pty Ltd
2
Introduction

• Clients see risk-compliance as a cost,
  integration of functions would reduce the
  overhead
• There is no 1-way to perform risk mngt,
  consists of a number of processes
• An overall solution will see alignment of risk
  compliance - audit

3
Depth Breadth of Risk
Where does R.M. fit in who will use?
Executive
Senior Mgrs
Team Ldrs
?
Workers
4
People Technology Interwoven

• If only risk mngt dept, or audit or compliance
  using a system, they can learn the hardest
  system.
• If everyday staff are going to be the users (risk
  / control owners) of the system, the system must
  be user friendly for them.
• The System follows the need.

5
Integrates Proactive R.M.
Link, Organisations In-house Objectives, Policies
Procedures
6
Multiple Risk Mgt Activities(Integrated
Aggregated Management)
7
Risk Management Framework

• CorProfit advocates, and KnowRisk supports a
  Framework
• That serves all functional areas
• Works from Board to shop-floor
• That integrates
• Risk
• Audit
• Compliance

8
Risk Methods The Core
Set Context
This core covers all risk assessments, it is
generic. KnowRisk has brought a science together.
9
CSA Audit

• Audit Independent Reviews

10
Methodology
Risk reduction a balance of

• Likelihood
• Magnitude Impact
• Control Effectiveness

Controls Fail (or Gaps)
Effectiveness
Retained Risk
11
Run Through Simplest Method

• Run through the R.M. process
• Add new User Defined field
• Add new Key Word list
• Apply filters / reports
• Configure user screens

Configure KnowRisk according to user roles. The
Simplest Method is a broad-brush approach to
populating a Risk Register
12
User Interface
13
Implementation of Risk Compliance Solution

• An ideal system delivers
• There are not many functions to learn
• Once familiar in one area of the System, the same
  functionality and look feel is available in
  all other areas
• Training effort is low, particularly for richness
  in features and scope of methods covered.

14
Risk Assessment
Each has a role, and particularly useful for
audit reviews.
15
Risk Assessment

• Benefits of the scientific options to assessment
• Strategic risk management
• Increasing accuracy
• Integrate different strategies

Gain the maximum risk mitigation for the least
efforts
16
Strategic Risk Management

• Start with Inherent to Residual levels

R
Before Controls
After Controls
Existing
Q

• Assessments at R level, view Q C
• Populates your Risk Register

C
C
17
Strategic Risk Management

• Inherent to Residual levels

18
Strategic Risk Management

• Prioritise leads to Action Plan, set Targets

R
Controls
After Existing Controls
Improve
Q
C
1st Stage
C

• Work with small population Risks

19
Strategic Risk Management

• Prioritise key risks, start aggregation

20
Overall Perspective
21
Strategic Risk Management

• Set targets for Prevention

• Similarly for Correction

22
Increasing Accuracy

• Start with simplest approach (fewest fields, 8,
  but lots of risks, i.e. build Risk Register)
• Prioritise risks, show target risk (add 5 fields,
  work with smaller population of risks)
• Use Global Relative impact values, start
  some semi-quantitative analysis
• Start aggregation (add just 5 new fields)
• Gap analysis in Controls, improve Existing
  effectiveness To (larger effort, smallest no.
  risks)

23
Extend Broad-Brush Method

• Use Common unique fields in the process

24
Extend Broad-Brush Method
25
Compliance Strategies
26
Structures in KnowRisk Ideal for Compliance
27
Organisation Wide Risk Profile

• A user interacts with their own profiles
• That user is part of a business unit
• Business unit part of a group / division
• Etc . . .To encompass whole organisation

28
Audit

• KnowRisk provides for
• Recording audit findings
• Management of actions arising
• Monitoring progress of actions - grouped by
  audits

29
Audit Sampling in KR

• KnowRisk enables the review of control
  effectiveness / performance
• Set the audit plan
• Appropriateness of controls
• Testing effectiveness
• Maintains ongoing effectiveness

30
Audit Plan

• Audit can see framework in 1 place

Profiles
31
Example Risk Knowledge Base
Consequences Controls Likewise Classified
32
Organisation Wide Framework
IT
HR
Etc
Environt
Recruit
BCP
Etc
Etc
Etc
Summarise
33
Scalability Distribution
Populate Know. Bases
34
KnowRisk Reporting
Summarised Reports
Strategic
Operational
35
Risk - Compliance Kept Simple
Cross-link Objectives Work Performed
ID Assess Risks
Prioritise / Treatment
Key Tasks / Improve Controls / Monitor
36
Value to Boards

• Collates all identified risks on an equitable
  basis
• Users can easily filter risks to select
  appropriate risks to report to the Board
• Risk status can be aggregated
• Standard reports (including graphs) can be
  prepared by activating pre programmed icons
• Reports can be supported by detailed
  documentation at all framework levels functions