In increasingly competitive and globalized business environment, organizations are striving to effectively manage full spectrum of internal and external risks comprising of strategic, operational, legal, IT, financial, etc. With increased penetration of social media and ever changing cyber security threats, not so heard earlier, brand and reputation risk have also become very critical.
Lexcomply - ERM enables organizations to implement an Enterprise Risk management (ERM) & Internal Controls framework. Risk Manager captures information such as loss events, key risk indicators (KRIs), assessment responses and scenario analysis data in a flexible and connected way. Connecting the entire risk eco system including internal and external stakeholders, it allows Risk managers to analyse risk intelligence and communicate effectively.
COSO defines ERM as “a process, affected by entity’s board of directors, management and other personnel, applied in strategic-setting and across the enterprise, designed to identify potential events that may effect the entity, and manage risk to be within its risk appetite, to provide a reasonable assurance regarding the achievement of entity objectives”.
COSO’s guidance illustrated the ERM model in the form of a cube. The cube illustrates links between objectives that are shown on the top and the eight components shown on the front, which represent what is needed to achieve the objectives. The third dimension represents the organisation’s units, which portrays the model’s ability to focus on parts of the organisation as well as the whole.
Built on principles of COSO’s enterprise risk management (ERM) model; LEXCOMPLY - ERM can be used in different environments worldwide.
Identify & create comprehensive repository of risks, controls processes. Define business objectives, criticalities, exceptions, ownership & hierarchy, reporting frequency, etc for every risk. Upload multiple documents, templates and forms for risk reporting.
Common global platform to define all types of risks Financial Controls, Strategic Risk, Operational Risk, Legal Risks, IT Risk, External Guidelines (FCPA, Anti Bribery), Brand & Reputational Risk. Assign common risks across multiple entities and locations.
Set up one time, recurring, on-going or event based risks & interlink with other risks to assess overall impact. Set up risk assessment questionnaires and define periodicity. Add new risks or controls during assessment with version control for future reference.
Bring entire risk ecosystem in single platform; define control matrix, assign to internal and external process owners and locations. Define approval matrix and hierarchies; access control to the level of risk or compliance.
Enable both a top-down and bottom-up approach to risk assessments. Measure and score risks from different perspectives. Evaluate each risk by responding to one or more factors. Attach evidence documents, and route the data for review and approval. Assessment scores are combined to flow up into an overall risk score.
Define a set of key controls and test plans in form of surveys and questionnaires to determine the effectiveness of controls. Assign self-assessments to team or individual along with details such as testing milestones, due dates and task details. Capture non-compliance or control deficiencies.
Enables Audit on reported controls with trail. Record audit findings and recommendations. Attach supporting evidence, configure checklists. Send recommendations and findings to risk owner for review and feedback. Risk owner to revert or course correct on risk parameters basis audit findings.
Upload internal audit findings, recommendations in the system, map them to Risks and Controls wherever applicable. Allocate audit findings to users with timelines , required proofs and directions to respond and close. Set reminders, escalations in case the observations aren’t closed within specified timelines.
Analytical dashboards with drill down for management to gain quick and real time access to information on risk management across the enterprise. Generate report based on group, location, department, no. of open issues, individual wise, etc. Auto generated reports to various stakeholders on set frequency.