GRACE - ERM for Enterprise Risk Management 

The Banking industry faces major challenges in the wake of the market crisis and the resulting Dodd Frank regulatory changes in its needs for risk management and reporting. Systemic Risk, Operational Risk, Liquidity, Counterparty risks have all come to fore as important aspects that the Board and Senior management need to constantly monitor and report. OCIE (Office of Compliance Inspections and Examinations) would like to see Enterprise Risk that is comprehensive and spans all the different aspects of risk management. Basel III requirements for regulatory and internal capital adequacy calculations need a good understanding of all  risks to help determine the amount of capital needed to be put away to guard against financial and operational losses.

GRACE-ERM addresses the needs of the Boards of Banks, Directors, Hesds of Risk and Compliance, Operational Risk Managers, Audit Leaders, Compliance Managers and IT Governance Managers for visible and integrated risk management. It is a easy-to-use, efficient, and versatile tool that automates their day-to-day activities and enables them to implement Enterprise Risk Management (ERM) across the institution. It provides a standardized framework for identifying and managing risks resulting from failed processes, people, systems and external events , non-adherence to defined procedures and non compliance to regulatory requirements. Early identification and corrective action can help the bank prevent monetary, reputation, legal losses and minimize mitigation costs and damages. 

GRACE ERM  is a web based tool that can enable the senior management have a clear real-time view of all the risks faced by the Bank from their desktops.

GRACE ERM is based on the COSO principles of  top down approach to Risk Management by setting the Risk Appetites and controls at the top and making sure that theorganization stays within the defined risk parameters and building oversight through risk and oversight committees that are responsible for taking corrective action as soon as they see thresholds that are likely to create risks to the existence of the bank,  be it from a liquidity, leverage, capital adequacy, reputation, legal, operational or compliance. The GRACE ERM enables setting  up the tone at the top and implementing the culture of Risk Management across all lines of business and institutionalizes the reporting, data gathering through a standarized common risk taxonomy and classification  

GRACE ERM helps setting up the goals of the business, risk appetites across the different risks,  credit, market, liquidity, leverage, capital adequcy, operational, credit, compliance, reputation, legal and business strategy. It collects information from each of these different operational groups to see the current information on each of these from the operational groups as reports that they send into the system as per the calendar to have a central source of information for the senior management. KRIs can also be set up and reported on a periodic basis. These become information that the senior management can monitor to see the trends towards thresholds and take corrective action on a timely basis to avoid risks to the institution The policy statements as well as procedures that are needed to be adhered to by the various departments as per regulatory requirements define the method of operation for the various operational groups. Internal controls definition and periodic testing ensure issues seen are reported as soon as they occur so remedial steps can be taken. Risk Assessments of the various risk activities can bring to visibility from their findings, procedural violatons and deficiencies that can enable correction mechanisms to policies and guidelines. The integrated view achieved by these provide the senior management the tools and ability to ensure that the organization is functioning within the defined risk limits. They are able to use GRACE ERM to showcase their visible risk management  to FDIC, OCC audits

GRACE ERM is a web based software solution and can be used as Software as a Service (SaaS) hosted service or as in-house solution. Pricing is modular and you can choose and pay for the modules you need.

Risk Appetite Setting
Risk Appetite definition for periods for Business LInes, Departments, Products and Types of Risks
-Risk Appetite Review and acceptance
-Risk Reporting Assignment
 
Risk Reporting
- Risks reports from Credit, Liquidity, Leverage, Operational Risk, Compliance, Reputation, Legal and Business Strategy
- Risks report trend analysis
 
Policy and Procedure Management
- Centralized repository of all policies and procedures
- Standardized work flow for review, signoff and release
- Version management
- View of latest released version for use by the organization
 
Risk Control Self Assessments
- Simple and easy to use screens for life cycle management of risk assessment for business processes, procedures and models across departments, regulations, and IT processes
- Assessment calendar management
- Standardized checklist maintenance for comprehensive risk assessments
- Planning, Review, Execution, Findings, Findings review, Risk Identification, Risk Classification and Mitigation monitoring of tasks for risk mitigation with clear lines of accountability and responsibility for assessments, project management and tasks management
- Routine monitoring, reporting, issues management and escalation
- Classification of risks that get identified assigning the risk to Business entities, Objectives/Goals, Risk Categories, Business Processes, Products, Departments, IT applications and Regulations
- Specialized Dashboard for Risk Management group with graphs and drill-down to see underlying details on assignments, status of risk, status of tasks and mitigation

Key Risk Indicators
- Key Risk Indicator definitions, KRI Reporting, Trend charts and monitoring

Internal Controls Monitoring
-  Definition of Internal controls, testing, issues, issue reporting, escalation, and remediation of issues
- Internal controls dashboard of issues by level, drill down into internal control tests and remediation status

Integrated Risk Management
- Standardized risk scoring based on Basel II categories for impact and risk classification
- Assign responsibility based on risk level
- Set up on going risk and task monitoring, reporting and management processes
- Monitor cost of mitigation
- Ensure closure of risks
- Issue tracking and monitoring across the board

Risk and Oversight Committee Meetings Management
- Meetings Calendar
- Agenda, and Minutes of the Meeting
- Risks Identified , Action Tasks, Assignments
- Risk status and task status reporting
 
Powerful Dashboard views
- Actionable dashboard with user defined alert setting
- Graphical Views of Risks by classification, ownership
- Drill down to Risk details, reports, project reports to task status and task reports
- Status of projects, audits, assessments in the organization
- Slide and dice of information for management

Integration with Operational Systems
- Ability to define MIS and Exception reports from operational systems that need to be monitored for risk
- Bring in the information on an ongoing basis
- Record risks seen and monitor mitigation

My Portal
- My alerts
- Internal Communications
- Escalations
- My risks, projects, tasks, routine monitoring processes, internal control testing items
- Ability to send status reports

Security Management
- Role based security management
- Complete audit trail of all activities

Queries and Reports
- Extensive Query and Reporting function that allows exports of data to Excel, Word, HTML, PDG, XML formats

Administration
- Highly parameterised, user maintainable and configurable set up

- Automating the processes for planning, execution & reporting risk assessments, control self assessments, audits, internal controls monitoring, operational reporting, loss events and incident management
- Automating risk reporting and escalation to provides early awareness of issues
- Powerful dashboards that can drive tracking, analysis, & real-time reporting
- Deep drill-down and extensive business analytics
- Ensures risks do not fall through cracks
- Risks are identified and mitigated in a standardized way through the firm
- A current inventory of risks and their mitigation status is available at all times
- All the related policies and procedures are in place and are updated
- Internal controls are tested and issues that come up are addressed
- There is a standardized work flow process for review and agreement and communication in the organization
- All activities are audit trailed
- Information can be provided as proof during audits and examinations without much manual effort to produce the information
- There is a single source of truth for all documentation
- Provides segregation and rights management so access to information is only limited based on user's right
- Create ownership for risk management
- Brings to visibility risks early so cost of mitigation can be reduced
- Provide assurance to the C-levels and Board that all key risks are being managed
- The organization has a standardized way of handling all risks
- It builds a culture of risk and compliance management in the organization
- Makes risk management a business as usual process and institutionalizes it
- Knowledge of policies, procedures, and processes is owned by the enterprise and is not lost when people leave