managing your risk taxonomy within stratexpoint
Post on 14-Feb-2017
26 Views
Preview:
TRANSCRIPT
Monitor compliance. Manage risk. Execute strategy.
Managing Your Risk Taxonomy within StratexPointOctober 2016
2
Purpose
Purpose
The purpose of this presentation is to provide an understanding of how to manage a risk taxonomy via StratexPoint.
Topics covered Managing a regulatory risk taxonomy Managing a business risk taxonomy
3
Regulatory Risk Taxonomy A three level taxonomy based
on the standard Basel classification of operational risk (See Appendix A).
Designed to support regulatory reporting and compliance.
Business Risk Taxonomy A multi level taxonomy based
on leading management methodologies, including the Risk-Based Performance Management methodology.
Designed to support strategic and operational decision-making & execution.
The StratexPoint solution is designed to support two risk taxonomy within its ‘Framework’
Regulatory Risk Taxonomy(Supported by the Stratex framework)
Level 1 Classification
(Master within StratexPoint)
Level 2 Classification
(Major within StratexPoint)
Level 3 Classification
(Minor within StratexPoint)
Risk Group
Risk Type
4
1.7 Execution, delivery and process management
1.7.1 Transaction capture, execution and maintenance
1.7.1.3 Non-conformance with Policy or procedure
Key
Operational
Example
Taxonomy
5
Business Risk Taxonomy (Inherent within the Stratex framework)
Strategic Risk
Busin
ess M
odel
Risk
Busin
ess E
xecu
tion
Risk
Busin
ess A
lignm
ent R
isk Operational Risk
Proc
ess R
iskPr
ojec
t (Ch
ange
) Ri
skTe
chno
logy
Risk
Peop
le R
iskVe
ndor
(3rd P
arty
) Ri
skIn
form
atio
n As
sets
Phys
ical A
sset
s
Finan
cial A
sset
s
Compliance Risk
Lega
l Risk
Prod
uct R
iskRe
gula
tory
Risk
Qual
ity R
iskBu
sines
s As
sura
nce
Risk
Conduct Risk
Busin
ess M
odel
Ri
skBu
sines
s Ex
ecut
ion
Risk
Proc
ess R
iskPr
ojec
t Risk
Tech
nolo
gy R
iskPr
oduc
t Risk
Peop
le R
isk
Reputational Risk
Stra
tegi
c Ri
skOp
erat
iona
l Risk
Com
plia
nce
Risk
Cond
uct R
iskPe
ople
Risk
Busin
ess
Assu
ranc
e Ri
sk
Cultu
re &
Acc
ount
abili
ties
Monitor compliance. Manage risk. Execute strategy.
Appendix ABasel Operational Risk classification
6
7
Basel Operational Risk Classification
0. Unassigned1.1 Internal Fraud1.2 External Fraud1.3 Employment practices & workplace safety1.4 Clients, products & business practises1.5 Damage to physical assets1.6 Business disruption and systems failure1.7 Execution, delivery and process management
0. Unassigned1.1.1.1 Transactions performed without delegated authority1.1.1.2 Transactions performed beyond delegated authority1.1.1.3 Deliberate misrepresentation, deceit, deception1.1.1.4 Computer crime1.1.2.1 Theft, robbery, misappropriation of assets1.1.2.2 Fraud (other than forgery)1.1.2.3 Destruction of assets1.1.2.4 Forgery1.1.2.5 Bribes / inducements1.2.1.1 Theft, robbery1.2.1.2 Forgery1.2.2.1 Hacking1.2.2.2 Theft of information1.3.1.1 Compensation, benefit, termination issues1.3.1.2 Organised labour activity1.3.1.3 Lack of suitable employees, loss of key personnel, other personnel issues1.3.2.1 Failure to comply with legislative requirements1.3.2.2 Failure to comply with the organisations rules1.3.3.1 Discrimination of all types1.4.1.1 Suitability / disclosure (e.g.KYC)1.4.1.2 Breach of confidentiality (except data protection matters)1.4.2.1 Market manipulation, improper trade / market practices1.4.2.2 Insider trading, unlicensed activity1.4.2.3 Money Laundering1.4.3.1 Product defects1.4.3.2 Model errors
1.4.4.1 Failure to investigate client1.4.4.2 Exceeding client exposure limits1.4.5.1 Disputes over provision of inappropriate advice1.5.1.1 Natural disaster losses1.5.1.2 War, changes in law, political risk1.5.1.3 Terrorism, vandalism1.5.1.4 Theft & Robbery of physical assets1.5.2.1 Inadequate maintenance of physical assets1.6.1.2 Major IT systems failure – other (Hardware, software, telecommunications utilities)1.7.1.1 Miscommunication1.7.1.2 Data entry, maintenance or loading error1.7.1.3 Non-conformance with Policy or procedure1.7.1.4 Non-compliance with statutory / legal obligation1.7.1.5 Non-compliance with regulatory obligation1.7.1.6 Model / system mis-operation, delivery failure1.7.1.7 Accounting error1.7.1.8 Other task mis-performance1.7.1.9 Inappropriate behavior1.7.1.10 Collateral management failure1.7.1.11 Ineffective change management1.7.1.12 Failure to realise project objectives1.7.2.1 Failed regulatory reporting obligation1.7.2.2 Failed statutory reporting obligation1.7.3.1 Customer authorities missing1.7.3.2 Legal documents missing / incomplete1.7.4.1 Unauthorised access given to customer / client accounts1.7.4.2 Incorrect client records1.7.4.3 Negligent loss or damage of client assets1.7.5.1 Non-client counterparty mis-performance1.7.5.2 Non-client counterparty disputes1.7.6.1 Failed / ineffective outsourcing arrangements1.7.6.2 Vendor disputes
Level 1(Master Category within
StratexPoint)Level 2
(Major Category within StratexPoint)Level 3
(Minor Category within StratexPoint)
0. Unassigned1.1.1 Unauthorised Activity1.1.2 Theft & Fraud1.2.1 Theft1.2.2 Systems Security1.3.1 Employee relations1.3.2 Safe Environment1.3.3 Diversity & Discrimination1.4.1 Suitability, disclosure and fiduciary1.4.2 Improper business or market practices1.4.3 Product flaws1.4.4 Selection, sponsorship and exposure1.4.5 Advisory activities1.5.1 Disaster & other events1.5.2 Maintenance of Physical Assets1.6.1 Systems1.7.1 Transaction capture, execution and maintenance1.7.2 Monitoring & Reporting1.7.3 Customer intake & documentation1.7.4 Customer / client account management1.7.5 Trade counterparties1.7.6 Vendor & suppliers
Monitor compliance. Manage risk. Execute strategy.
About Ascendore & StratexPoint
9
About Ascendore
We believe that risk management and compliance must enable strategy execution and value creation, not simply tick
regulatory boxes.
Who we are
We are a technology firm that understands Governance, Risk and Compliance (GRC) and how to embed cultural change and accountabilities.
What we do
We provide the leading SharePoint based Governance, Risk and Compliance (GRC) solution to financial services firms and their regulators.
How we do it
We manage the delivery of our solution as a business change project not as a technical software implementation
Our Values
Ambitious Accountable Aligned Agile
We wrote the book on integrating strategy and risk management
Our conceptually sound framework and change roadmap is based on a proven methodology.
10
Typical problems we solve with our customers
Embedding the right risk and compliance culture
Establishing a single repository of risk and
compliance data
Reducing the time and complexity associated with using spreadsheet-based
risk and compliance registers
Ensure each of the three lines of defence play the
correct role, and have the tools & data to do so.
Automating risk and compliance activities and
processes, including reporting and dashboards
Demonstrating to regulators (and the board) that risk and compliance
are at the heart of the firm’s decision-making
11
About StratexPoint
We provide Integrated Governance, Risk & Compliance solution(s) built on familiar, office platforms. We propose to provide StratexPoint, an Integrated GRC (Governance, Risk & Compliance) software solution.
Strategy and Risk Appetite are central
Built on the world’s leading collaboration platform
Incorporating a proven Governance model - ‘RACI’
Built around a conceptually sound
data model
Delivering world-class risk reporting, plus enabling the
‘right risk culture’
An Integrated GRC solution
12
Our solutions
We provide Integrated Governance, Risk & Compliance solution(s) built on familiar, office platforms.
Our solutions deliver
High ROI High User Adoption High Levels of assurance that your
business is operating within appetite
StratexPoint
Built on the ubiquitous SharePoint platform
Supports each of the Three Lines of Defence
Comprehensive in nature but modular in deployment
StratexCloud – our Azure cloud platform.
Stratex365* – our Office 365 app
StratexStudio* – our mobile app
* Available end of 2016
StratexPoint was designed to support an integrated GRC approach
Performance
Management
Risk Managem
ent
Strategy Managem
ent
Appetite
What are we trying to achieve?
Are we on track?
What is our Risk Appetite?
Are we operating within appetite?
Governance & Communications
Culture
14
The Stratex FrameworkLe
gal
Business Objective
s
KPIs Actions Key Risks
KRIs Issues Assessment
Key Controls
KCIs Actions Assessment
Events
Certification
Risk Appetite
Business Entity
Business Drivers
Checklists
Checklists
Checklists Tests
Issues
Actions
IssuesGovernance Commentary Notifications
Build a strategy focused, risk aware culture
Workflows
Benchmarks Dashboards Reporting Templates
Processes Initiatives Systems
Relationships People
Operational & Compliance enablers are aligned to strategy
Assets
Products Audits
RulebookCompliance
Roles
Regulation
Policy Standards
Monitor compliance. Manage risk. Execute strategy.
Managing Your Risk Taxonomy within StratexPointOctober 2016
top related