Transcript Enterprise Risk Management (ERM) and COSO II using Meycor …

Meycor COSO,
a Comprehensive
Solution for
Enterprise Risk
Management (ERM)
COSO I
COSO II
MEYCOR COSO AG - A Comprehensive Solution
Meycor COSO AG
Assessment
Module
Audit
Module
MEYCOR COSO AG
Meycor COSO AG includes several activities to be assigned to
the parties involved in the Risk Management process and a
methodology project to provide a step-by-step guide.
MEYCOR COSO AG
Fully customizable to meet the
organization's needs and corporate culture.
The Organization
Easily define the organizational
structure and its related processes,
managing web communications.
Using a fully customizable
self-assessment you can get a
quick diagnosis of how the
current Risk Environment
and Controls are perceived.
You can quickly identify the
items that need to be
addressed in order to focus
resources.
Fully understand your organization's
attitude towards risk and how the
entity's personnel handles and reacts to
risks.
You can define several Objectives for each
process, classifying and assigning them
importance ratings.
Strategic objectives can be traced to the
highest organizational level.
You can even define a different risk
threshold for each objective.
Enterprise Risk Management ensures
that Senior Management has a
process in place to establish
objectives and that the objectives
thus selected contribute to the
entity's mission.
Internal and external events that
affect the entity's objectives
must be identified and classified
as Risks or Opportunities.
Events are identified
with the collaboration
of all the areas involved.
Meycor COSO AG includes
a sample event database
for common processes.
Risks are analyzed considering
their likelihood and impact in
order to determine how they
should be managed.
You can estimate their
likelihood of occurrence
and consequences.
It is also possible to perform a
quantitative loss analysis by
identifying the value of the
affected assets.
An exposure index is set
and compared against the
acceptable level set by
the organization.
Senior Management selects the
possible answers (avoid, accept,
minimize or share), developing
actions to align the risks with the
maximum acceptable risk and the
entity's tolerance to risks.
You can simulate
several treatment options
It is also possible to review risks that
combined could seriously compromise
the achievement of the objectives.
You can specify mitigation control activities
for each risk and assess their effectiveness
(being even possible to audit them later on).
Policies and procedures are set and executed to
ensure that the risk response is performed
effectively.
If the processes' activities are analyzed,
the control activities can be linked directly
to risks.
All relevant information is identified, captured and
communicated timely and accurately in order to
enable the staff to take on full accountability. An
effective communication needs feasible channels
throughout the entity.
Risk Maps and Reports are published
in such way that each area must take
responsibility for their risks.
Banking
Mortgages
Current
Accounts
Each area is accountable
for their own risks
General Map
w/Controls
Credit
Cards
Using the web module you can access all the
documents and check whether they were
read, understood and agreed on.
You can generate reports
in RTF, HTML and XLS formats
as well as several charts
including specific information.
Enterprise Risk Management is thus entirely monitored,
being possible to make timely changes when
appropriate. This monitoring can be easily performed
either through Senior Management activities or
independent assessments.
The Audit team can access
the risk information
in a read-only format
in order to define
the Audit Projects.
The Audit Module
allows you to
use Audit Guidelines
to perform the review
process and to
report findings.
With Meycor COSO AG you can
define and manage Action Plans
to improve controls.
Record Loss Events
Meycor KP – Event Module
Legal
Registration
OS for
Operational Risk
Management
Generate the control
documents necessary
to report to Senior
Management, to the
Operational Risk
Committee, and to any
areas involved.
Transfers
Collection
SR
Withdrawals
Measure/
Assess
Customer Service
KRI
IT
Risk Unit
Meycor
Delphos
Different areas
can report loss events
to identify possible
changes to the
risk assessment.
You can define KRI
(Key Risk Indicators)
that can be populated
automatically from the
Events Module.
For further information:
• Request a free assessment of
your organization's Risk
Management Maturity Level to
[email protected]