The starting point for a firm's GRC framework should be strategy; it is about creating and protecting value.
With our software, we enable our customers to monitor and manage the execution of strategy, using industry-leading tools such as the Strategy Map.
In an increasingly uncertain, fast-changing and low growth business environment, businesses need to integrate their enterprise performance and risk management frameworks. A crucial part of combining these management disciplines is risk appetite and in particular, the alignment of risk appetite and strategy.
One of the central processes within enterprise and operational risk management is the risk and control self-assessment (RCSA) process. Often the RCSA process is delivered using cumbersome manual spreadsheets which are highly inefficient, error-prone and doesn't support timely risk-based decision making.
Our software cut across the three lines of defence to automate the RCSA process; from automated data capture to reporting and analytics.
Another critical risk management process is the capture of loss events; capturing crystallised risks and control failures as they happen, in real time and managing these events through to resolution. Loss events should be linked back to the risk framework to drive continuous operational improvement, deliver better risk management and enable firms to make better risk-based decisions.
“In our first 18 months of using StratexPoint, we have been able to deliver a 94% reduction in the value of loss events and a 63% reduction in the volume of loss events”
Head of Enterprise Risk, Homeloan Management Limited
Strategy and its associated risks and controls framework needs to be cascaded down to the operational level. This means defining operational enablers including; Processes, Initiatives, Technology, Information Assets, and other firm assets.
Strategy without tactics is the slowest route to victory. Tactics without strategy is the noise before defeat. SUN TZU (544 BC - 496 BC)
As part of their Enterprise Governance, Risk & Compliance (GRC) approach, firms should deploy a suite of indicators, Key Performance Indicators (KPIs), Key Risk Indicators (KRIs) and Key Control Indicators (KCIs) to provide a holistic view of the state of firm performance and the risk profile.
Building up a comprehensive and holistic set of indicator data supports better analytics, better risk and control self-assessment and better risk-based decision-making.
“it is a faint yellow light blinking on the Financial Stability dashboard [within StratexPoint]”
Sir Jon Cunliffe, Deputy Governor Financial Stability and Member of the Prudential Regulatory Authority Board
Our software is designed to enable firms to make better risk-based decisions. Firms need to know that once decisions are made, the necessary actions will be taken to implement those decisions and any issues that emerge will be managed.
Therefore, our software includes comprehensive enterprise-wide action and issue tracking capabilities; transforming GRC from a passive to proactive management discipline.
Automate and streamline management reporting on paper or in pdf.
"After working with StratexPoint for the last Nine months, we have re-engineered and fully automated our IT Risk & Controls framework across 42 locations, globally. Rather than taking six weeks of manual work to complete, our month-end reporting to the Global IT Executive team is fully automated and delivered by the end of day 5 of the month" – a remarkable change. CIO, Rabobank