News

...now browsing by category

 

New in easy2comply: Tasks Component

Monday, February 7th, 2011

I would like to share some thoughts and tips today regarding our recently released Tasks component.

When dealing with GRC, you never know which resources and strategies will be utilized during the management of the next compulsory regulation. C’est la vie, as they say.

For this reason specifically, we have redesigned the Tasks component within easy2comply to add flexibly and support to any work flow process. Moreover, we improved the usability, while adding some other cool features.
Click to continue »

Posted in News | No Responses »

New in easy2comply: Sign-Off Feature

Monday, November 22nd, 2010

Until today, whenever you wanted to obtain the  approval of process documentation  by the owners, you needed to produce a report, send it to the owner, and make sure they understand the report structure, content and the description of the process under their responsibility.

Many of our clients asked for a clever feature that will allow you to automatically send the processes to their owners based on the definition you made.

In our latest release 4.7.0, we are proud to deliver our new “Sign-Off” feature. This is a new enhancement that will send (via mail) to each owner their responsibilities for signing. The functionality will require them to read the signing statement and approve it digitally. This feature is not limited to the approval of processes. It also covers organizational units, computer systems, controls, and risks.  The feature can be used to have multiple people in the organization reviewing the information.

Click to continue »

Posted in News | No Responses »

“How do I calculate the risk of my secretary forgetting to order sufficient pens for my employees?”

Monday, November 15th, 2010

Sounds ridiculous? You’d be right in thinking so, however this was a question I was asked last week as part of a workshop focusing on Risk Identification.

These questions never surprise me. In fact, I look forward to them being asked because it creates an opportunity to engage with participants on a topic that all of them could understand, but few of them do.

What is a risk? And which risks do I need to be taking seriously?

Click to continue »

Posted in News | No Responses »

GRC automation – is it possible?

Sunday, November 7th, 2010

First of all, yes!!!

But the question is, “Is it that simple?”

Well, that depends on whether you have a clear view on what GRC automation is all about.

Before we start, this post is not intended to warn organizations away from getting into projects that involve automation. I categorically state, GRC automation is blessed, and its achievement should be analyzed. But you should make yourself aware of the challenges you will face and how to approach such a project. Click to continue »

Posted in News | 1 Response »

Stand up if you believe in good business practice?

Thursday, October 14th, 2010

Anyone, anyone? No, I thought not.

The more companies I meet, the more I am forced to accept the reality that business executives “talk the talk” but rarely “walk the walk”. I am of course referring to the investment drivers behind Risk Management. Click to continue »

Posted in News | No Responses »
Tags: , , ,

4 tips for using Alerts & Notifications

Thursday, October 7th, 2010

A few weeks ago we have launched the new Alerts & Notifications and we hope you have had enough time to play with them and enable some of the alerts already. In this post I would like to share some tips and thoughts about this new feature. These hopefully will help you to use them more easily and get the best benefits from the integration with your mailbox. Click to continue »

Posted in News | No Responses »
Tags: ,

Qualitative Risk Assessment Methodology

Tuesday, April 6th, 2010

Inherent Risk Controls Residual Risk

Overview

Risk Assessment is very important as it provides the organization with an objective measure to differentiate between low risks and high risks. Risk Identification is an important step but often we end up with hundreds of risks without a clear way of determining which risks are the ones most important. The Risk Assessment methodology below describes how easy2comply meets these challenges.

Easy2comply also offers the ability to perform a quantitative assessment of the risk as well as a Scorecard / Questionnaire approach. These are not dealt with in this methodology paper.

The qualitative methodology is divided into three components:

  1. Inherent Risk
  2. Controls
  3. Residual Risk

The combination of the Inherent Risk value together with the Controls generates a Residual Risk level

Click to continue »

Posted in News | 3 Responses »
Tags: , , , , , ,

How to Implement an Integrated GRC Architecture

Tuesday, January 19th, 2010

Background

Risk Management, Compliance and Govenrnace reforms that followed the corporate failures of the past decade have dramatically changed today’s business environment. Organizations worldwide are coping with a proliferation of new regulations and standards, and are challenged to do so in a way that supports performance objectives, upholds stakeholder expectations, sustains value and protects the organization’s brand.

Recent studies indicate that Fortune 1000 corporations are subject to 35-40 different regulatory mandates and the management of regulation and compliance has become a serious risk factor in itself.  Complying with each individual regulation is always complicated, lengthy and costly.   Managing the burden of complying with multiple and overlapping regulations is becoming increasingly difficult and expensive. The need for an integrated GRC (Governance, Risk Management and Compliance) platform in today’s business environment is obvious.  Despite the hype around this topic, only few organizations have succeeded in implementing a truly integrated GRC platform due to the complexity of the GRC environment.

Click to continue »

Posted in News | 10 Responses »

Basel II – Operational Risk webinar

Sunday, November 22nd, 2009

Easy2comply has its third Basel II – Operational Risk webinar that focused on building effective Risk Management frameworks that can be implemented with smaller budgets and smaller departments.

Many questions were asked and I would like to focus on a few of them as they raise some interesting ideas for all of us.

A risk manager from the United States wanted to know about the overlap between Operational Risk and Sarbanes-Oxley. Whilst this blog won’t go into a lot of detail about the similarities and differences, the point that I made was around Controls coverage.

The SOX program covers all of the controls surrounding the Financial Reporting process, as well as the information flows into the end financials. The analysis on these controls is incredibly rich and deep, from identification, assessment, and all the way through to testing.

In contrast, Operational Risk covers a much broader set of controls across the organization; however the analysis on these controls is generally a lot shallower. Quite often it is sufficient to record that the controls exists and that they work.

These different approaches are both supported by the easy2comply SOX and Operational Risk software. Click to continue »

Posted in News | 6 Responses »
Tags: , , , , ,

Newer Entries »