effectively managing operational risk
TRANSCRIPT
NASDAQ – GOVERNANCE, RISK
MANAGEMENT, COMPLIANCE
CONTENTS
Masdaq GRC Strategy 2
Brief Introduction Managing Risk Framework • Conduct Risk
How can technology help manage (Conduct) Risk Lessons Learned in Implementations Conclusion
WHO WE ARE
IGNITE YOUR AMBITION 3
Nasdaq –BWise is a global leader in Enterprise Governance, Risk Management and Compliance (GRC) software.
NASDAQ TICKER SYMBOL: NDAQ MEMBER OF S&P 500
OUR MISSION >
To provide end-to-end solutions supporting an organization’s ability to understand, track, measure, and manage key organizational risks
OUR VISION > To help companies to truly be in control by balancing performance with their financial and reputational risks, improving corporate accountability and operating efficiencies
NASDAQ-BWISE AT A GLANCE
4
The journey to success
NASDAQ lists
3400 COMPANIES
$6 TRILLION MARKET CAP
10,000 NASDAQ customers
Gartner and Forrester recognize BWise as GRC
leader since 2006
>1 million GRC professionals
use BWise daily
NASDAQ BWISE CUSTOMERS
5
WHAT IS CONDUCT RISK?
CONDUCT RISK
Stra
tegi
c R
isk
Rep
ort
ing
Ris
k
Co
mp
lian
ce R
isk
Op
erat
ion
al R
isk
Internal fraud
External fraud
Employment practices & Workplace safety
Clients, products & business practices
Damage to physical assets
Business disruption and failures
Execution, delivery & process management
Conduct Risk
Co
nd
uct
Ris
k
CONDUCT RISK
Stra
tegi
c R
isk
Rep
ort
ing
Ris
k
Co
mp
lian
ce R
isk
Op
erat
ion
al R
isk
Internal fraud
External fraud
Employment practices & Workplace safety
Clients, products & business practices
Damage to physical assets
Business disruption and failures
Execution, delivery & process management
Financial Risk Dimension
Reputational Risk Dimension
Conduct Risk Dimension
ALL AREAS OF THE BUSINESS, BUT TYPICALLY … (EXAMPLE FOR FINANCIAL SERVICES)
Client-facing processes • Sales & Marketing Processes • Asset Management and Investment Advice • Complaints Management • Front Office Processes Back-office processes • Product Approval • Remuneration & Incentives Program IT assets & processes • IT Assets and IT Processes involved in all of the above processes
NASDAQ GRC
BWise Master Roadmap 10
NASDAQ VIEW OF THE GRC INDUSTRY MAIN AREAS OF GRC
Nasdaq GRC Strategy 11
Board-related categories
Operational Risk categories
Compliance Categories
Legal Risk Categories
Physical Categories
Financial Risk Categories
Enterprise Risk Management
Audit Management
Corporate Governance
Corporate Social Responsibility
Operational Risk Management
Financial Assurance &
Control IT GRC
3rd Party Management
Anti-corruption & Fraud
Ethics & Integrity Privacy
Management
Crisis Management
Legal Matter Management
Geo-Political Risk
Management
Global Trade & International
Dealings
Employment/ Labor
Physical Security Management
Quality Management
Environmental, Health & Safety Management
Treasury Risk Management
Insurance & Claims
Management
Credit Risk Management
Market Risk Management
Financial Crime Risk
Management
Business Continuity
Management
Social Reputation Risk Management
Regulatory Compliance
ELEMENTS OF CONDUCT RISK MAIN AREAS OF GRC
Nasdaq GRC Strategy 12
Board-related categories
Operational Risk categories
Compliance Categories
Legal Risk Categories
Physical Categories
Financial Risk Categories
Enterprise Risk Management
Audit Management
Corporate Governance
Corporate Social Responsibility
Operational Risk Management
Financial Assurance &
Control IT GRC
3rd Party Management
Anti-corruption & Fraud
Ethics & Integrity Privacy
Management
Crisis Management
Legal Matter Management
Geo-Political Risk
Management
Global Trade & International
Dealings
Employment/ Labor
Physical Security Management
Quality Management
Environmental, Health & Safety Management
Treasury Risk Management
Insurance & Claims
Management
Credit Risk Management
Market Risk Management
Financial Crime Risk
Management
Business Continuity
Management
Social Reputation Risk Management
Regulatory Compliance
ELEMENTS OF CONDUCT RISK MAIN AREAS OF GRC
Nasdaq GRC Strategy 13
Board-related categories
Operational Risk categories
Compliance Categories
Legal Risk Categories
Physical Categories
Financial Risk Categories
Enterprise Risk Management
Audit Management
Corporate Governance
Corporate Social Responsibility
Operational Risk Management
Financial Assurance &
Control IT GRC
3rd Party Management
Anti-corruption & Fraud
Ethics & Integrity Privacy
Management
Crisis Management
Legal Matter Management
Geo-Political Risk
Management
Global Trade & International
Dealings
Employment/ Labor
Physical Security Management
Quality Management
Environmental, Health & Safety Management
Treasury Risk Management
Insurance & Claims
Management
Credit Risk Management
Financial Crime Risk
Management
Business Continuity
Management
Social Reputation Risk Management
Regulatory Compliance
Market Risk Management
HOW CAN TECHNOLOGY HELP TO MANAGE RISK?
OPRISK CYCLE
Risk Identification
RCSA
Loss & Incident Management
Action Management Risk Framework
Capital Calculation Risk Reporting
KRI Management
COMPLIANCE & POLICY MANAGEMENT CYCLE
Regulatory
Requirements
Risk-based Scoping
Policy Creation
Gap Analysis
Policy Dissemination Policy Attestation
Compliance
Assessment
Regulatory Alerts
Remediation & Risk
Acceptance Enterprise Reporting
Monitoring
INTERNAL CONTROL CYCLE
THE AUDIT CYCLE
INTEGRATION – SINGLE RISK LANGUAGE
Internal Control Internal Audit
Compliance Risk Management
IMPLEMENTATION APPROACH 3 variants
IMPLEMENTATION FORMATS
1. RDS
BWise Best Practice
working system
Gap Analysis
design document
Configuration
Go-Live system
2. Spiral
Business Design
design document
System Design
design document
Configuration
Go-Live system
3. BCOE
BWise Training
trained team
Design & Configure
working system
configuration
Go-Live system
WHY NASDAQ OMX BWISE
WHY NASDAQ BWISE
27
Company
Product
Services
Long term focus on GRC Industry Leader since the start of the GRC market GRC is an instrumental part of company strategy
100% configurable by client, 100% upgradable Scalable, secure, east-to-use modern platform 100% integrated GRC functions
Global implementation partnerships, Transcendent Global implementation teams and support Long-term customer relationships and references
28
THANK YOU