Upload
ascendore
View
48
Download
3
Embed Size (px)
Citation preview
Monitor compliance. Manage risk. Execute strategy.
Understanding the Stratex FrameworkSeptember 2016
Purpose
Purpose
The purpose of this presentation is to provide a detailed understanding of the Stratex framework and how to maintain it.
Topics covered Concepts behind the framework Content types Global vs Local Creating a new item in the framework Alignment Matrix configuration Cascade Matrix configuration RACI - Accountabilities and Governance Copy & Move
Monitor compliance. Manage risk. Execute strategy.
Concepts behind the framework
StratexPoint was designed to support a integrated GRC approach
Performance
Management
Risk Managem
ent
Strategy Managem
ent
Appetite
What are we trying to achieve?
Are we on track?
What is our Risk Appetite?
Are we operating within appetite?
Governance & Communications
Culture
5
The Stratex Framework is based on a conceptually sound data model
Lega
l
Business Objective
s
KPIs Actions Key Risks
KRIs Issues Assessment
Key Controls
KCIs Actions Assessment
Events
Certification
Risk Appetite
Business Entity
Business Drivers
Checklists
Checklists
Checklists Tests
Issues
Actions
IssuesGovernance Commentary Notifications
Build a strategy focused, risk aware culture
Workflows
Benchmarks Dashboards Reporting Templates
Processes Initiatives Systems
Relationships People
Operational & Compliance enablers are aligned to strategy
Assets
Products Audits
RulebookCompliance
Roles
Regulation
Policy Standards
6
The Stratex Framework supports strategic and operational management
Lega
l
Business Objective
s
KPIs Actions Key Risks
KRIs Issues Assessment
Key Controls
KCIs Issues Assessment
Events
Certification
Risk Appetite
Business Entity
Business Drivers
Checklists
Checklists
Checklists Tests
Issues
Actions
ActionsGovernance Commentary Notifications
Build a strategy focused, risk aware culture
Workflows
Benchmarks Dashboards Reporting Templates
Processes Initiatives Systems
Relationships People
Operational & Compliance enablers are aligned to strategy
Assets
Products Audits
RulebookCompliance
Roles
Regulation
Policy Standards
The framework is available under each of the
Operational & Compliance enablers
7
The Stratex Framework supports Item Alignment and Cascade across an organisation
Business Entity
Business Objectives Key Risks Key
Controls
Processes
Initiatives
Systems
Relationships
People & Roles
Assets
Business Entity
Key Risks(Strategic
Level)
Key Risks(Operational
Level)
Key Risks(Operational
Level)
Corp
orat
eDi
visi
onDe
part
men
t
Business Entity
Key Risks(Strategic
Level)
Key Risks(Operational
Level)
Key Risks(Operational
Level)
Business Entity
Key Risks(Strategic
Level)
Key Risks(Operational
Level)
Key Risks(Operational
Level)
8
Item Alignment enables firms to align and focus operational & compliance activities to strategic value creation
Item Alignment
Many organisations find it challenging to understand and communicate how operational and compliance items support its strategic items (objectives, risks and controls) and add value to the organisation.
Using the Item Alignment Matrix within StratexPoint enables a many-to-many relationship to be defined between the operational and compliance level to the strategic. These relationships can be defined between different content types.
Additionally, via the Item Alignment Matrix the strength of these relationship.
Business Entity
Business Objectives Key Risks Key
Controls
Processes
Initiatives
Systems
Relationships
People & Roles
Assets
9
Item Alignment Usage Scenario
The ‘classic’ usage scenario for the Item Alignment Matrix is to show the relationship between a set of business objectives and a portfolio of projects and processes.
The Item Alignment Matrix can be used to show; Which objectives do not have an initiative(s) or process(s) in place (the assumption
been, if we don’t have an initiative or process in place the objective will not be achieved)
Which initiative(s) or process(s) are in place, consuming resources etc but not contributing to the achievement of an objective (the assumption been, that if you are using resources on a initiative(s) or process(s) which are not aligned to the achievement of an objective(s) then you are wasting resources and should stop doing the initiative(s) or process(s).
The most critical initiative(s) or process(s) from the perspective of achievement of objectives and delivering the business plan. This can be assist in decision-making around resource allocation, particularly when restructuring and/or cost cutting.
10
The Stratex Framework supports Item Alignment and Cascade across an organisationItem Cascade
Many organisations want to be able to manage, monitor and report on a small number of items at a strategic level but want to cascade of these items through the organisation. For example, reporting the ‘top 20’ strategic risks to the board but have a clear cascade of these 20 through the organisation.
Using the Item Cascade Matrix within StratexPoint enables a one-to-many relationship to be defined between the strategic level down to the operational and compliance level. These relationships can be defined between same content types.
Business Entity
Key Risks(Strategic
Level)
Key Risks(Operational
Level)
Key Risks(Operational
Level)
Corp
orat
eDi
visi
onDe
part
men
t
Business Entity
Key Risks(Strategic
Level)
Key Risks(Operational
Level)
Key Risks(Operational
Level)
Business Entity
Key Risks(Strategic
Level)
Key Risks(Operational
Level)
Key Risks(Operational
Level)
11
Item Cascade Usage Scenario
A common usage scenario for the Item Cascade Matrix is to support and validate a ‘Top-down’/Bottom-up’ approach to enterprise risk management.
The ‘Top-down’ part of the equation might be the at the top of the firm (enterprise level) we may have a ‘Top 20 Key Risks’ that are reported to the board. However, to support the assessment of these risks, the firms wants to be able to understand how each of the ‘Top Risks’ relate to ‘Down-up’ risks and risk assessment data.
The Cascade Matrix enables the firms to create a relationship from the ‘Top 20 Key Risk’ to the ‘bottom-up’ risks at the division level, and have these cascaded to the department, team level etc.
This is sometime referred to as the ‘Risk Chain’ or the ‘Golden Thread’.
The StratexPoint solution support Audit Management
Objectives
Key Risks
Key Controls
Risk Appetite
Entity
Business Drivers
Audit Calendar
Tasks
Initial Audit Issues & Actions
Audit Manifest
Generate Audit
Manifest
Audit Points to 1st Line
Manage interaction btw 1st and
3rd line
Audit MIAudit MI
13
RACI Accountabilities & Governance model built in
Go beyond ‘owner’ and leverage our full accountabilities and governance model built into our framework.
Accountable
“The buck stops here”Those with Yes/No authority related to the objective, risk or control.
Responsible(s)
“The doers”Those people working on delivering the objective, managing the risk or applying the control.
Updater(s)
“The data providers”Those people who provide data and actually update manual data.
Inform
“Keep in the picture”
Position(s) that need to know about decision or action related to the objective, risk or control.
Consult
“Keep in the loop”
Those involved prior to decisions or action related to the objective, risk or control.
Approver(s)
“The Approvers”Those people who approve major changes, such as closing initiatives etc.
RACI
Risk Event Responsbile(s)
“The Risk Event doers”Those people working on managing and resolving risk events.
Extended RACI
14
Architectural overview
Ease of user adoption and reporting/dashboards are at the heart of how we designed our solution.
StratexPoint Portal
Stratex Reporting Database
Production Reporting
(Reporting Services)
Production Dashboards
(Power BI)Excel ExportAd hoc analysis
(Stratex Query)
Reporting and Dashboards
Interface, Business logic and workflows etc Business Intelligence data
15
Regulatory Risk Taxonomy A three level taxonomy based
on the standard Basel classification of operational risk (See Appendix A).
Designed to support regulatory reporting and compliance.
Business Risk Taxonomy A multi level taxonomy based
on leading management methodologies, including the Risk-Based Performance Management methodology.
Designed to support strategic and operational decision-making & execution.
The StratexPoint solution is designed to support two risk taxonomy within its ‘Framework’
Regulatory Risk Taxonomy(Supported by the Stratex framework)
Level 1 Classification
(Master within StratexPoint)
Level 2 Classification
(Major within StratexPoint)
Level 3 Classification
(Minor within StratexPoint)
Risk Group
Risk Type
16
1.7 Execution, delivery and process management
1.7.1 Transaction capture, execution and maintenance
1.7.1.3 Non-conformance with Policy or procedure
Key
Operational
Example
Taxonomy
17
Business Risk Taxonomy (Inherent within the Stratex framework)
Strategic Risk
Busin
ess M
odel
Risk
Busin
ess E
xecu
tion
Risk
Busin
ess A
lignm
ent R
isk Operational Risk
Proc
ess R
iskPr
ojec
t (Ch
ange
) Ri
skTe
chno
logy
Risk
Peop
le R
iskVe
ndor
(3rd P
arty
) Ri
skIn
form
atio
n As
sets
Phys
ical A
sset
s
Finan
cial A
sset
s
Compliance Risk
Lega
l Risk
Prod
uct R
iskRe
gula
tory
Risk
Qual
ity R
iskBu
sines
s As
sura
nce
Risk
Conduct Risk
Busin
ess M
odel
Ri
skBu
sines
s Ex
ecut
ion
Risk
Proc
ess R
iskPr
ojec
t Risk
Tech
nolo
gy R
iskPr
oduc
t Risk
Peop
le R
isk
Reputational Risk
Stra
tegi
c Ri
skOp
erat
iona
l Risk
Com
plia
nce
Risk
Cond
uct R
iskPe
ople
Risk
Busin
ess
Assu
ranc
e Ri
sk
Cultu
re &
Acc
ount
abili
ties
Monitor compliance. Manage risk. Execute strategy.
Adding/Editing Items within the Framework
About the Stratex Framework (“the framework”)
The Stratex framework (the framework) is the central repository for your organisational structure and GRC framework.
By default, there is a link to the framework under the Quicklinks or Administration on the Left Navigation pane or at this location
<Site url>/Lists/StratexFramework/AllItems.aspx
20
Adding Items to the Stratex framework
Adding Items to the frameworkItems can be added by two methods.
1) Add a new Item from the Ribbon
2) Add a new Item from the ‘Actions’ menu
A – This option enables ‘child’ Items to be addedB – This option enables an Item of the same content type at the same level in the framework to be added.
Add Item Menu is context sensitive
A B
From Actions menu; an example of a Add Item
Menu (under Risks)
From the Ribbon; an example of a New Item
Menu (under Entity)
A. This option enables ‘child’ Items to be added from the ‘Actions’ menu
B. This option enables an Item of the same content type at the same level in
the framework to be added
21
Editing Items to the framework
Editing Items within the framework
Use the Edit icon to open the Edit form (right)
The edit icon can be accessed via the ‘drop-down’ menu
Monitor compliance. Manage risk. Execute strategy.
Adding Items to the Stratex framework – Step by step
23
Define an Entity (Organisational Structure)
What is it about?• Enabling the definition of an ‘n–level’
organisational structure.• For each organisational entity, objectives,
initiatives, processes, systems, drivers, risk, controls, indicators and actions can be defined.
• Entities can also be used to define multiple scorecards per entity, CEO Scorecard, Board Scorecard etc.
Steps1.Click the Stratex Framework link on the left
navigation menu.2.Navigate through the Framework to the level
where the new entity is to be added.3.Click the New Item button on the top menu,
select Entity.4.Complete the form with the details required to
define the Entity.5.The RACI model is used to define the
governance and ownership of items in the framework.
• Accountable is the only mandatory field.
24
Defining a Template
What is it about?• Enabling the creation of structures that can
be replicated across the framework and applied to the majority of content types, for example, a IT Risk & Controls framework for each major global entity or a supervisory risk model (used by regulatory customers)
Steps1.Click the Stratex Framework link on the
left navigation menu.2.Templates are only available at the top level
of the framework.3.Click the New Item button on the top
menu, select Template.4.Define the template name and mandatory
fields5.Complete the form with the details required
to define the Template.• The Available for CType field allows you to define
which content type to set the template to and so attach the template to that specific content type in the framework.
25
Defining a Driver
What is it about?• Enabling the definition of an unlimited
number of drivers per entitySteps
1.Click the Stratex Framework link on the left navigation menu.
2.Navigate through the Framework to the level where the new driver(s) is to be added (below an entity).
3.Click the New Item button on the top menu, select Driver.
4.Use the Framework Cascade Control to select a pre-defined ‘Global Driver’ or define a new item.
• The Framework Cascade Control enables Drivers to be cascaded through the organisation, from the Driver's parent or peer.
5.Complete the form with the details required to define the Objective.
• The Key Driver to option allows you to define which driver to use when assessing risks underneath a parent item (e.g. risks related to objectives).
26
Defining an Objective
What is it about?• Enabling the definition of an unlimited number
of drivers per entity• Drivers are the critical success factors that will
determine if the entity is successful or not. • Within StratexPoint we use drivers as part of the
risk assessment process to capture impacts.Steps
1.Click the Stratex Framework link on the left navigation menu.
2.Navigate through the Framework to the level where the new driver(s) is to be added (below an entity).
3.Click the New Item button on the top menu, select Driver.
4.Use the Framework Cascade Control to select a pre-defined ‘Global Driver’ or define a new item.
• The Framework Cascade Control enables Drivers to be cascaded through the organisation, from the Driver's parent or peer.
5.Complete the form with the details required to define the Objective.
• The Key Driver to option allows you to define which driver to use when assessing risks underneath a parent item (e.g. risks related to objectives).
27
Defining a Process
What is it about?• Enabling the definition of an unlimited
number of processes per entitySteps
1.Click the Stratex Framework link on the left navigation menu.
2.Navigate through the Framework to the level where the new process(s) is to be added (below an entity).
3.Click the New Item button on the top menu, select Process.
4.Use the Framework Cascade Control to select a pre-defined ‘Global Process or define a new item.
• The Framework Cascade Control enables Processes to be cascaded through the organisation, from the process’s parent or peer.
5.Complete the form with the details required to define the Process.
28
Defining an Initiative
What is it about?• Enabling the definition of an unlimited
number of Initiatives per entity
Steps1.Click the Stratex Framework link on
the left navigation menu.2.Navigation through the Framework to
the level where the new initiative (s) is to be added (Below an entity).
3.Click the New Item button on the top menu, select Initiative.
4.Use the Framework Cascade Control to select a pre-defined ‘Global Initiative’ or define a new item.
• The Framework Cascade Control enables Objectives to be cascaded through the organisation, from the initiative’s parent or peer.
5.Complete the form with the details required to define the Initiative.
29
Defining a System
What is it about?• Enabling the definition of an unlimited
number of systems per entity
Steps1.Click the Stratex Framework link on
the left navigation menu.2.Navigation through the Framework to
the level where the new system(s) is to be added (below an entity).
3.Click the New Item button on the top menu, select System.
4.Use the Framework Cascade Control to select a pre-defined ‘Global System or define a new item.
• The Framework Cascade Control enables Systems to be cascaded through the organisation, from the system’s parent or peer.
5.Complete the form with the details required to define the System.
30
Defining an AnalysisGroup
What is it about?• Enabling the definition of Analysis Groups per
entity, one entity and many analysis groups. Ad-hoc analysis capabilities. Ability to do benchmarking between entities on the fly.
Steps1.Click the Stratex Framework link on the
left navigation menu.2.Navigation through the Framework to the
level where the new initiative (s) is to be added (Below an entity).
3.Click the New Item button on the top menu, select AnalysisGroup.
4.Use the Framework Cascade Control to select a pre-defined ‘Global Analysis group’ or define a new item.
• The Framework Cascade Control enables Analysis Groups to be cascaded through the organisation.
5.Complete the form with the details required to define the Analysis Group.
31
Defining an Asset
What is it about?• Enabling the definition of an unlimited
number of Assets per entity• Assets can be any ‘Assets’ that you wish
to managed with a risks and controls framework. These could included but are not limited to• Physical Assets• Information (Cyber) Assets• Financial Assets• Other tangible and non-tangible assets
Steps1.Click the Stratex Framework link on the
left navigation menu.2.Navigation through the Framework to the
level where the new asset (s) is to be added (Below an entity).
3.Click the New Item button on the top menu, select Asset
4.Complete the Asset Add/Edit form.
32
Defining an Audit
What is it about?• Enabling the definition of an unlimited
number of Audits per entitySteps
1.Click the Stratex Framework link on the left navigation menu.
2.Navigation through the Framework to the level where the new asset (s) is to be added (Below an entity).
3.Click the New Item button on the top menu, select Asset
4.Complete the Audit Add/Edit form.
33
Define a Audit Issue
What is it about?• Enabling the definition of an unlimited
number of Audit Issues within the framework
Steps1.Click the Stratex Framework link on
the left navigation menu.2.Navigate through the Framework to
the level where the new Audit Issues (s) is to be added (Below an Audit).
3.Click the New Item button on the top menu, select AuditIssue.
4.Complete the form with the details required to define the AuditIssue.
34
Define a Audit Action
What is it about?• Enabling the definition of an unlimited
number of Audit Actions within the framework
Steps1.Click the Stratex Framework link on
the left navigation menu.2.Navigate through the Framework to
the level where the new Audit Actions (s) is to be added (Below an Audit).
3.Click the New Item button on the top menu, select AuditActions.
4.Complete the form with the details required to define the AuditActions.
35
Defining a Relationship
What is it about?• Enabling the definition of an unlimited
number of Relationships per entitySteps
1.Click the Stratex Framework link on the left navigation menu.
2.Navigate through the Framework to the level where the new Relationship(s) is to be added (Under Entities).
3.Click the New Item button on the top menu, select Relationship.
4.Complete the form with the details required to define the Relationship.
36
Defining a CompliancePlan
What is it about?• Enabling the definition of an unlimited
number of Compliance Plans per entity
Steps1.Click the Stratex Framework link on
the left navigation menu.2.Navigation through the Framework to
the level where the new Compliance Plan(s) is to be added (Below an entity).
3.Click the New Item button on the top menu, select CompliancePlan.
4.Complete the form with the details required to define the CompliancePlan.
37
Defining a Product
What is it about?• Enabling the definition of an unlimited
number of Products per entity
Steps1.Click the Stratex Framework link on
the left navigation menu.2.Navigation through the Framework to
the level where the new Product(s) is to be added (Below an entity).
3.Click the New Item button on the top menu, select Product.
4.Complete the form with the details required to define the Product.
38
Defining a Rulebook
What is it about?• Enabling the definition of an unlimited
number of Rulebook per entity
Steps1.Click the Stratex Framework link on
the left navigation menu.2.Navigation through the Framework to
the level where the new Rulebook(s) is to be added (Below an entity).
3.Click the New Item button on the top menu, select Rulebook.
4.Complete the form with the details required to define the Rulebook.
39
Define an Regulation
What is it about?• Enabling the definition of an unlimited
number of Regulations per entity
Steps1.Click the Stratex Framework link on
the left navigation menu.2.Navigation through the Framework to
the level where the new Regulation (s) is to be added (Below a Rulebook).
3.Click the New Item button on the top menu, select Regulation .
4.Complete the form with the details required to define the Regulation.
40
Define an Standard
What is it about?• Enabling the definition of an unlimited
number of Standards per entity
Steps1.Click the Stratex Framework link on
the left navigation menu.2.Navigation through the Framework to
the level where the new Standard(s) is to be added (Below a Rulebook).
3.Click the New Item button on the top menu, select Standard.
4.Complete the form with the details required to define the Standard.
41
Define an Policy
What is it about?• Enabling the definition of an unlimited
number of Policies per entity
Steps1.Click the Stratex Framework link on
the left navigation menu.2.Navigation through the Framework to
the level where the new Policies(s) is to be added (Below a Rulebook).
3.Click the New Item button on the top menu, select Policy.
4.Complete the form with the details required to define the Policy.
42
Define a Risk
What is it about?• Enabling the definition of an unlimited
number of risks per objective (or initiative, process and systems)
Steps1.Click the Stratex Framework link on
the left navigation menu.2.Navigate through the Framework to
the level where the new risk(s) is to be added (below an objective, initiative, process or systems).
3.Click the New Item button on the top menu, select Risk.
4.Use the Framework Cascade Control to select a pre-defined ‘Global Risk’ or define a new item.
• The Framework Cascade Control enables Risks to be cascaded through the organisation, from the risk’s parent or peer.
5.Complete the form with the details required to define the Risk.
43
Define a Control
What is it about?• Enabling the definition of an unlimited
number of controls per risk
Steps1.Click the Stratex Framework link on
the left navigation menu.2.Navigate through the Framework to the
level where the new control(s) is to be added (below an risk).
3.Click the New Item button on the top menu, select Control.
4.Use the Framework Cascade Control to select a pre-defined ‘Global Control’ or define a new item.
• The Framework Cascade Control enables Controls to be cascaded through the organisation, from the control’s parent or peer.
5.Complete the form with the details required to define the Control.
44
Define a Checklist
What is it about?• Enabling the definition of an unlimited
number of Checklists per entity
Steps1.Click the Stratex Framework link on
the left navigation menu.2.Navigation through the Framework to
the level where the new Checklist(s) is to be added.
3.Click the New Item button on the top menu, select Checklist.
4.Complete the form with the details required to define the Checklist.
5.Save the Checklist.6.Re-open the Checklist to add Checklist
steps to the Checklist.
45
Define a Key Performance Indicators (KPIs)
What is it about?• Enabling the definition of an unlimited
number of KPIs per Objective (or Initiative, Process, System)
Steps1.Click the Stratex Framework link on the
left navigation menu.2.Navigation through the Framework to the
level where the new KPI(s) is to be added.3.Click the New Item button on the top
menu, select KPI.4.Use the Framework Cascade Control to
select a pre-defined ‘Global KPI’ or define a new item.
• The Framework Cascade Control enables KPI’s to be cascaded through the organisation, from the KPI’s parent or peer.
5.Use the threshold calculator to get the correct baseline and thresholds for the KPI’s
6.Complete the form with the details required to define the KPI.
46
Define Key Risk Indicators (KRIs)
What is it about?• Enabling the definition of an unlimited
number of KRIs per Risk.
Steps1.Click the Stratex Framework link on the
left navigation menu.2.Navigate through the Framework to the
level where the new KRI(s) is to be added.3.Click the New button on the top menu,
select KRI.4.Use the Framework Cascade Control to
select a pre-defined ‘Global KRI’ or define a new item.
• The Framework Cascade Control enables KRI’s to be cascaded through the organisation, from the KRI’s parent or peer.
5.Use the threshold calculator to get the correct baseline and thresholds for the KRI’s
6.Complete the form with the details required to define the KRI.
47
Define Key Performance Indicators (KCIs)
What is it about?• Enabling the definition of an unlimited
number of KCIs per Control
Steps1.Click the Stratex Framework link on the
left navigation menu.2.Navigation through the Framework to the
level where the new KCI(s) is to be added.3.Click the New button on the top menu,
select KPI.4.Use the Framework Cascade Control to
select a pre-defined ‘Global KCI’ or define a new item.
• The Framework Cascade Control enables KCI’s to be cascaded through the organisation, from the KCI’s parent or peer.
5.Use the threshold calculator to get the correct baseline and thresholds for the KCI’s
6.Complete the form with the details required to define the KCI.
48
Defining an Issue
What is it about?• Enabling the definition of an unlimited
number of Issues within the frameworkSteps
1.Click the Stratex Framework link on the left navigation menu.
2.Navigate through the Framework to the level where the new Issues (s) is to be added (Under all ‘Parent’ items)
3.Click the New Item button on the top menu, select Issue.
4.Complete the form with the details required to define the Issue.
49
Define an Action
What is it about?• Enabling the definition of an unlimited
number of Actions within the framework
Steps1.Click the Stratex Framework link on
the left navigation menu.2.Navigate through the Framework to
the level where the new action(s) is to be added (below any item, except for indicators, causes and consequences within the framework).
3.Click the New Item button on the top menu, select Action.
4.Complete the form with the details required to define the Action.
Monitor compliance. Manage risk. Execute strategy.
Configuring the Alignment and Cascade Matrix
51
Configuring the Alignment Matrix
What is it about?• Defining an Alignment relationship between Items of
DIFFERENT types across the framework.
Use case• A firm may have ‘20 Key Risks’ defined at the
‘Corporate’ level and want to define which operational processes, initiatives and systems are aligned to those Key Risks and support the management of those risks.
Steps1. Select the Entity where the Items to be cascaded
are.2. Select the Item Type (one of the tabs – Objectives,
Risks or Controls). You will see the Items within the Objective structure (strategic) along the top and Items within the Enabler structure (Operational).
3. Select the Item at the top and find the item(s) which you want to cascade to on the left.
4. At the interaction between the Item on the Top and on the Left, select the strength of the relationship (0% to 100%) – The Higher %, the stronger the relationship.
52
Alignment Matrix
53
Configuring the Cascade Matrix
What is it about?• Defining a Cascade relationship between Items of
the SAME type across the framework.
Use case• A firm may have ‘20 Key Risks’ which are reported
to the board however the firms want to see how these 20 Key Risk relate to however level risks across the firm.
Steps1.Select the Entity where the Items to be cascaded
are.2.Select the Item Type (one of the tabs). You will see
the Items within the Objective structure (strategic) along the top and Items within the Enabler structure (Operational).
3.Select the Item at the top and find the item(s) which you want to cascade to on the left.
4.At the interaction between the Item on the Top and on the Left, select the strength of the relationship (0% to 100%) – The Higher %, the stronger the relationship.
<siteurl>/SitePages/cascadematrix.aspx
54
Cascade Matrix
Monitor compliance. Manage risk. Execute strategy.
Using the Copy & Move webpart
56
Copy & Move webpart
PurposeEnable the Stratex framework to be developed and maintained quickly.
Items and part of the framework structure can be copied and moved within the framework.
Items can be copied & moved as a single item or ‘with structure’ meaning the selected item and all the items below within the framework structure.
Warning – use this functionality with care as copying or moving a large number of items within the framework can impact on performance of the solution.
Location<siteurl>/Lists/WebPartPages/advancedcopymove.aspx
57
Copy & Move webpart overview
Source Destination
1 2
3 4
58
Copy & Move webpart detail
1
2
3
4
This is the source framework which reflects the current Stratex framework.
Items are copied or moved from the Source framework to the destination.
This is the destination framework where Items are copied or moved to.
When modifying the framework structure the options are;Copied – the selected item in the source framework is copied to the destination.Copied with structure – the selected item and its underlying structure in the source framework is copied to the destination.Move with structure – the selected item and its underlying structure in the source framework is moved to the destination.
This ‘icon’ shows if there are copy or move operations to be processed. If there is an operations to be processed, the icons will be coloured.
When pointing your mouse to this icon, hover text appears to display the number of operations in the queue to be processed.
Monitor compliance. Manage risk. Execute strategy.
About Ascendore & StratexPoint
60
About Ascendore
We believe that risk management and compliance must enable strategy execution and value creation, not simply tick
regulatory boxes.
Who we are
We are a technology firm that understands Governance, Risk and Compliance (GRC) and how to embed cultural change and accountabilities.
What we do
We provide the leading SharePoint based Governance, Risk and Compliance (GRC) solution to financial services firms and their regulators.
How we do it
We manage the delivery of our solution as a business change project not as a technical software implementation
Our Values
Ambitious Accountable Aligned Agile
We wrote the book on integrating strategy and risk management
Our conceptually sound framework and change roadmap is based on a proven methodology.
61
Typical problems we solve with our customers
Embedding the right risk and compliance culture
Establishing a single repository of risk and
compliance data
Reducing the time and complexity associated with using spreadsheet-based
risk and compliance registers
Ensuring each of the three lines of defence play the
correct role, and have the tools & data to do so.
Automating risk and compliance activities and
processes, including reporting and dashboards
Demonstrating to regulators (and the board) that risk and compliance
are at the heart of the firm’s decision-making
62
Our solution - StratexPoint
StratexPoint is an Integrated GRC (Governance, Risk & Compliance) software solution built on SharePoint.
Strategy and Risk Appetite are central
Built on the world’s leading collaboration platform
Incorporating a proven Governance model - ‘RACI’
Built around a conceptually sound
data model
Delivering world-class risk reporting, plus enabling the
‘right risk culture’
An Integrated GRC solution
63
Our solutions
We provide Integrated Governance, Risk & Compliance solution(s) built on familiar, office platforms.
Our solutions deliver
High ROI High User Adoption High Levels of assurance that your
business is operating within appetite
StratexPoint
Built on the ubiquitous SharePoint platform
Supports each of the Three Lines of Defence
Comprehensive in nature but modular in deployment
StratexCloud – our Azure cloud platform.
Stratex365* – our Office 365 app
StratexStudio* – our mobile app
* Available end of 2016
Monitor compliance. Manage risk. Execute strategy.
Appendix ABasel Operational Risk classification
64
65
Basel Operational Risk Classification
0. Unassigned1.1 Internal Fraud1.2 External Fraud1.3 Employment practices & workplace safety1.4 Clients, products & business practises1.5 Damage to physical assets1.6 Business disruption and systems failure1.7 Execution, delivery and process management
0. Unassigned1.1.1.1 Transactions performed without delegated authority1.1.1.2 Transactions performed beyond delegated authority1.1.1.3 Deliberate misrepresentation, deceit, deception1.1.1.4 Computer crime1.1.2.1 Theft, robbery, misappropriation of assets1.1.2.2 Fraud (other than forgery)1.1.2.3 Destruction of assets1.1.2.4 Forgery1.1.2.5 Bribes / inducements1.2.1.1 Theft, robbery1.2.1.2 Forgery1.2.2.1 Hacking1.2.2.2 Theft of information1.3.1.1 Compensation, benefit, termination issues1.3.1.2 Organised labour activity1.3.1.3 Lack of suitable employees, loss of key personnel, other personnel issues1.3.2.1 Failure to comply with legislative requirements1.3.2.2 Failure to comply with the organisations rules1.3.3.1 Discrimination of all types1.4.1.1 Suitability / disclosure (e.g.KYC)1.4.1.2 Breach of confidentiality (except data protection matters)1.4.2.1 Market manipulation, improper trade / market practices1.4.2.2 Insider trading, unlicensed activity1.4.2.3 Money Laundering1.4.3.1 Product defects1.4.3.2 Model errors
1.4.4.1 Failure to investigate client1.4.4.2 Exceeding client exposure limits1.4.5.1 Disputes over provision of inappropriate advice1.5.1.1 Natural disaster losses1.5.1.2 War, changes in law, political risk1.5.1.3 Terrorism, vandalism1.5.1.4 Theft & Robbery of physical assets1.5.2.1 Inadequate maintenance of physical assets1.6.1.2 Major IT systems failure – other (Hardware, software, telecommunications utilities)1.7.1.1 Miscommunication1.7.1.2 Data entry, maintenance or loading error1.7.1.3 Non-conformance with Policy or procedure1.7.1.4 Non-compliance with statutory / legal obligation1.7.1.5 Non-compliance with regulatory obligation1.7.1.6 Model / system mis-operation, delivery failure1.7.1.7 Accounting error1.7.1.8 Other task mis-performance1.7.1.9 Inappropriate behavior1.7.1.10 Collateral management failure1.7.1.11 Ineffective change management1.7.1.12 Failure to realise project objectives1.7.2.1 Failed regulatory reporting obligation1.7.2.2 Failed statutory reporting obligation1.7.3.1 Customer authorities missing1.7.3.2 Legal documents missing / incomplete1.7.4.1 Unauthorised access given to customer / client accounts1.7.4.2 Incorrect client records1.7.4.3 Negligent loss or damage of client assets1.7.5.1 Non-client counterparty mis-performance1.7.5.2 Non-client counterparty disputes1.7.6.1 Failed / ineffective outsourcing arrangements1.7.6.2 Vendor disputes
Level 1(Master Category within
StratexPoint)Level 2
(Major Category within StratexPoint)Level 3
(Minor Category within StratexPoint)
0. Unassigned1.1.1 Unauthorised Activity1.1.2 Theft & Fraud1.2.1 Theft1.2.2 Systems Security1.3.1 Employee relations1.3.2 Safe Environment1.3.3 Diversity & Discrimination1.4.1 Suitability, disclosure and fiduciary1.4.2 Improper business or market practices1.4.3 Product flaws1.4.4 Selection, sponsorship and exposure1.4.5 Advisory activities1.5.1 Disaster & other events1.5.2 Maintenance of Physical Assets1.6.1 Systems1.7.1 Transaction capture, execution and maintenance1.7.2 Monitoring & Reporting1.7.3 Customer intake & documentation1.7.4 Customer / client account management1.7.5 Trade counterparties1.7.6 Vendor & suppliers
Monitor compliance. Manage risk. Execute strategy.
Understanding the Stratex FrameworkSeptember 2016