Implementation experience
Posted: Thu Feb 13, 2025 4:14 am
The company "Informzashchita" has completed several projects on the implementation of GRC solutions. But in this article we will tell about the work on the project of implementing the GRC system in a Moscow bank, which is a settlement center of a leading payment service, one of the largest in the Russian Federation. The project implements tasks on automating internal control processes for SOX, risk management, risk assessment, and control procedure management. This made it possible to fully automate the activities of internal auditors, save time, and receive reliable and up-to-date analytics and reporting.
Using this project as an example, we can highlight the following successfully implemented tasks within the framework of improving the corporate risk management system and compliance with SOX requirements:
implementation of a single register of all risks and senegal whatsapp data procedures, as well as the results of their testing and evaluation, with restricted access for more than 300 users;
automation of the existing risk management (ERM) process in terms of risk registration and assessment; with the ability to track the assessment process by each user, as well as the development and approval of action plans;
automation of the KPI calculation process;
automation of the process of registration and approval of control procedures, conducting an audit in accordance with the SOX standard by automatically generating an audit perimeter for each business process, with the ability to monitor the progress of the audit by each auditor;
automation of the generation of up-to-date financial and analytical reports and dashboards within the framework of ERM and SOX processes.
Thus, the organization has the opportunity to control the entire process of risk management of the company through a single interface, while each participant in the process works strictly within the framework of their business tasks. And thanks to the ability to receive prompt notifications about any changes by email or mobile phone, the response time to changes in each of the management processes has been significantly reduced. The time required to develop and coordinate new periodic events, such as risk assessment, audit and registration of its results, filling out a self-assessment sheet by automatically generating templates in the system, allowing you to send up-to-date data in the context of the necessary business processes to experts in a couple of mouse clicks, has also been reduced.
Using this project as an example, we can highlight the following successfully implemented tasks within the framework of improving the corporate risk management system and compliance with SOX requirements:
implementation of a single register of all risks and senegal whatsapp data procedures, as well as the results of their testing and evaluation, with restricted access for more than 300 users;
automation of the existing risk management (ERM) process in terms of risk registration and assessment; with the ability to track the assessment process by each user, as well as the development and approval of action plans;
automation of the KPI calculation process;
automation of the process of registration and approval of control procedures, conducting an audit in accordance with the SOX standard by automatically generating an audit perimeter for each business process, with the ability to monitor the progress of the audit by each auditor;
automation of the generation of up-to-date financial and analytical reports and dashboards within the framework of ERM and SOX processes.
Thus, the organization has the opportunity to control the entire process of risk management of the company through a single interface, while each participant in the process works strictly within the framework of their business tasks. And thanks to the ability to receive prompt notifications about any changes by email or mobile phone, the response time to changes in each of the management processes has been significantly reduced. The time required to develop and coordinate new periodic events, such as risk assessment, audit and registration of its results, filling out a self-assessment sheet by automatically generating templates in the system, allowing you to send up-to-date data in the context of the necessary business processes to experts in a couple of mouse clicks, has also been reduced.