GRACE - Bank for Operational Risk Management

The market crisis has left many banks facing increased liquidity issues and a portfolio that is not in the best of shapes and sometimes bankruptcy. Risk & oversight management are likely to be part of fiduciary duties of the Board henceforth. Standard & Poor's (S&P) has declared that Enterprise Risk Management will be one of the criteria for rating for corporations.

The Banking industry faces major challenges in the wake of the market crisis and the resulting Dodd Frank regulatory changes in its needs for risk management and reporting. Systemic Risk, Operational Risk, Liquidity, Counterparty risks have all come to fore as important aspects that the Board and Senior management need to constantly monitor and report. Basel III requirements for regulatory and internal capital adequacy calculations need a good understanding of all the operational risks to help determine the amount of capital needed to be put away to guard against financial and operational losses.

GRACE-Bank is a web based tool that can enable the senior management have a clear real-time view of all the risks faced by the Bank from their desktops.

Built around the COSO Model, GRACE-Bank addresses the needs of the Boards of Banks , Directors, Operational Risk Managers, Audit Leaders, Compliance Managers and IT Governance Managers for integrated Governance, Compliance and Risk management. GRACE-Bank also addresses the Basel II Pillar II requirements for monitoring risk and oversight supervisory controls. It is a easy-to-use, efficient, and versatile tool that automates their day-to-day activities in simple to use and adapt screen for early implementation of Operational Risk Management processes.

GRACE-Bank provides a standardized ORM framework for Risk Identification, Risk Assessments, Risk Control Self Assessments, Key Risk Indicators (KRI), Loss Event Management and Risk Mitigation management resulting from failed processes, people, systems and external events, non-adherence to defined procedures and non compliance to regulatory requirements. Early identification and corrective action can help the bank prevent monetary, reputation, legal losses and minimize mitigation costs and damages.

GRACE Bank works with information from risk assessment, audit, internal controls monitoring, IT governance, Loss reporting and Operational reports from operational systems to build the comprehensive inventory of risk and presents senior management with integrated risk information generated from the different activities across departments in a single dashboard view. It enables the senior management to focus on the key risks, helps put mitigation action in place and monitor mitigation work to ensure the risk is reduced, eliminated, or managed in a timely manner to reduce losses. GRACE-Bank provides a standard review mechanism for all activities. It sets up responsibility for action and enables reporting from the responsible person. GRACE-Bank builds early warning mechanisms through routine and internal control activities by providing processes for issue reporting, review and issue management. It provides a repository for the organizational policies and procedures and a work flow for review, sign-off, version and history management.

GRACE-Bank is a web based software solution and can be used as Software as a Service (SaaS) hosted service or as in-house solution. Pricing is modular and you can choose and pay for the modules you need.

Policy and Procedure Management
- Centralized repository of all policies and procedures
- Standardized work flow for review, signoff and release
- Version management
- View of latest released version for use by the organization

Risk Management and Control Self Assessment
- Simple and easy to use screens for life cycle management of risk assessments including risk self control
  assessments for business processes, procedures and models across departments, regulations, and IT
  processes
- Standardized checklist maintenance for comprehensive risk assessments
- Assessment calendar management
- Planning, Review, Execution, Findings, Findings review, Risk Identification, Risk Classification and
  Mitigation monitoring of tasks for risk mitigation with clear lines of accountability and responsibility for
  assessments, project management, and tasks
- Routine monitoring, reporting, issues management and escalation
- Classification of risks that get identified assigning the risk to Business entities, Objectives/Goals, Risk
  Categories, Business Processes, Products, Departments, IT applications and Regulations
- Specialized Dashboard for Risk Management group with graphs and drill-down to see underlying details
  on assignments, status of risk, status of tasks and mitigation

Key Risk Indicators
- Key Risk Indicator definitions, KRI Reporting, Trend charts and monitoring

Financial Control Audit Management
- Comprehensive functionality for life cycle management of audits, including audit calendar, audit planning,
  audit checklist management, internal control definition and testing, recording testing and audit findings,
  review of findings, and tasks for mitigation
- Assignment of responsibility for project and task
- Internal Control Issues Management and escalation
- Standard reporting procedures
- Classification of risks that get identified assigning the risk to Business entities, Objectives/Goals, Risk
  Categories, Business Processes, Products, Departments, IT applications and Compliance Regulations
- Automated Alerts for reviews, tasks and reminders via email
- Specialized Dashboard for Internal Audit group with graphs and drill-down to see underlying details on
  internal controls testing, audit progress, identified risks and mitigation status

Compliance Management
- Simple and easy to use screens for recording regulatory changes, impact analysis, regular monitoring and
  reporting of adherence to compliance requirements, task monitoring
- Submit reports of on going monitoring of Adherence
- Compliance monitoring, issues management and escalation
- Assignment of responsibility for regular reporting
- Standard reporting procedures
- Risks to adherence identified are assigned to Business entities, Objectives/Goals, Risk Categories,
  Business Processes, Products, Departments, IT applications for easier tracking of responsibility
- Automated Alerts for reviews, tasks and reminders via email
- Specialized Dashboard for Head of Compliance with graphs and drill-down to see underlying details on
  compliance reporting, and tasks associated with mitigation

IT Governance
- IT Assessment and Audit Calendar for IT Applications for process adherence and compliance to regulatory
  requirements for data protection, record keeping and business continuity
- IT Process assessments and audits based on ITIL best practices
- Assessments and Audits findings, and risk classification across IT including security management, rights
  management, business continuity, compliance to regulatory requirements for customer privacy, ID theft and
  other regulations
- Assign responsibility for risk management and closure

Loss Event Management
- Track incidents of actual loss, near miss losses and external losses
- Categorize losses (based on Basel II loss categories)
- Link losses to Risk classifications
- Show loss information in graphical form
- Analysis of loss trends
- Comprehensive Audit Trails
- Loss escalation and monitoring mitigation

Incident Management
- Record all incidents that need action
- Monitor tasks for incident mitigation
- Ensure closure of all activities related to mitigation

Integrated Risk Management
- Standardized risk scoring based on Basel II categories for impact and risk classification
- Assign responsibility based on risk level
- Set up on going risk and task monitoring, reporting and management processes
- Monitor cost of mitigation
- Ensure closure of risks
- Issue tracking and monitoring across the board

Powerful Dashboard views
- Actionable dashboard with user defined alert setting
- Graphical Views of Risks by classification, ownership
- Drill down to Risk details, reports, project reports to task status and task reports
- Status of projects, audits, assessments in the organization
- Slide and dice of information for management

Integration with Operational Systems
- Ability to define MIS and Exception reports from operational systems that need to be monitored for risk
- Bring in the information on an ongoing basis
- Record risks seen and monitor mitigation

My Portal
- My alerts
- Internal Communications
- Escalations
- My risks, projects, tasks, routine monitoring processes, internal control testing items
- Ability to send status reports

Security Management
- Role based security management
- Complete audit trail of all activities

Queries and Reports
- Extensive Query and Reporting function that allows exports of data to Excel, Word, HTML, PDG, XML formats

Administration
- Highly parameterised, user maintainable and configurable set up

- Automating the processes for planning, execution & reporting risk assessments, control self assessments, audits, internal controls monitoring, operational reporting, loss events and incident management
- Automating risk reporting and escalation to provides early awareness of issues
- Powerful dashboards that can drive tracking, analysis, & real-time reporting
- Deep drill-down and extensive business analytics
- Ensures risks do not fall through cracks
- Risks are identified and mitigated in a standardized way through the firm
- A current inventory of risks and their mitigation status is available at all times
- All the related policies and procedures are in place and are updated
- Internal controls are tested and issues that come up are addressed
- There is a standardized work flow process for review and agreement and communication in the organization
- All activities are audit trailed
- Information can be provided as proof during audits and examinations without much manual effort to produce the information
- There is a single source of truth for all documentation
- Provides segregation and rights management so access to information is only limited based on user's right
- Create ownership for risk management
- Brings to visibility risks early so cost of mitigation can be reduced
- Provide assurance to the C-levels and Board that all key risks are being managed
- The organization has a standardized way of handling all risks
- It builds a culture of risk and compliance management in the organization
- Makes risk management a business as usual process and institutionalizes it
- Knowledge of policies, procedures, and processes is owned by the enterprise and is not lost when people leave