Business Assurance or governance, risk and compliance
Business Assurance Definition
Business assurance is the solution which allows organizations to adequately address these challenges by implementing a flexible and effective control framework with real time monitoring capabilities.A suite of dedicated software applications interact to provide automatic monitoring of controls across the global enterprise and continuous monitoring of critical indicators, offering managers a complete, up to date overview of all the key areas:
- Processes are linked to one or several risks, which in turn are monitored by the corresponding controls.
- Responsible personnel assigned to controls using RACI model ensures that appropriate action is taken at the right time.
- Audits are in place to make sure that critical information is retrieved from relevant personnel; collected data is then analyzed and improvements are made if necessary.
- Contracts information is also stored in the system, alerting key people on contract due date or termination date.
- Compliance with regulations is done by a workflow-based module, guiding each employee to perform assigned task the right way.
RiskRhino supplies business assurance software and business assurance services supporting companies with their governance, risk management and compliance. RiskRhino is all about business assurance and we offer the following applications:
- Risk management (application for risk management and risk control framework)
- Audit management (set your auditing standards, manage audits and create audit reports)
- Compliance management (ensure compliance and create a full audit trail)
- e-Learning (provide education and knowledge to your employees to reduce risks)
- Contract management (manage your contracts to increase financial control and drive sales)
- Business Continuity Management (Business Impact Analysis and manage contingency planning)
- Corporate Legal Management (create legal transparency, shareholder relations, authorizations)
1. Risk management
Risk management is a key business process in which the risks of an organization are analysed via a risk assessment. Per finding there can be a definition of risk with an impact and likelihood. These risks can be categorized in type of risk, severity of the risk. Then risks mitigation strategies are set up and executed to achieve a realistic risk reduction for each type of risk.
What is risk assessment?
In a risk assessment the organization makes an analysis using web based questionnaires. Periodically the chief risk officer invites employees to fill out one or more questionnaires to establish the current risks of the organization. The outcome of the assessment is reported in a risk report and management then decides on a risk mitigation strategy.
The risk mitigation consists of a set of internal control procedures or short, internal controls. These describe the actions taken to either avoid the risks or to mitigate the impact of the risks. Please see below for practical examples and RiskRhino supporting apps. For each internal control the control framework should contain a description, possibly a set of instructions, the responsibility for executing the control (RACI model) and the relationship with the business process and the risks as found in the risk assessment. In this way it becomes clear in which way the risk are mitigated and which business processes or products are controlled and risk reduction is implemented in the organization. The resulting control framework should be transparent and result in regular risk and control reports.
2. RiskRhino audit management
To make sure that the control framework actually works regular audits have to be executed. What is an audit? An audit is a review on the effectiveness of controls and procedures. Audits are fully supported by RiskRhino applications and result in an audit report thus dramatically reducing the audit risk. The internal auditor can issue a financial audit but also audits on other business areas. Audits can be scheduled and the respondents get automatic alerts and access to web based audit forms to fill out and complete with evidence if need be. The auditors report should not only show the controls and their status but also provide insight in eventual improvements that are being implemented in the organization. The business assurance process also provides the external auditor with data to make his work more efficient and allow for a auditors report.
3. RiskRhino compliance management
Part of corporate and financial control is to ensure that the organisation complies with rules and regulations. Part of that is managed using the risk management control framework to make the relations between the business processes and the rules and regulations (laws) transparent. The other part is done via the compliance management application in which all compliance requirements like financial reporting, tax filings etc are scheduled and timely kicked off for execution. The built in workflow supports the execution and automatically builds a detailed audit trail. All used information and documents are managed in the application and the dashboard provides the financial controller and management a live view on the status of all compliance activities.
4. RiskRhino Contract Management
The contract management app supports the finance controller and the legal management of the organization with proper contract management. Easy analysis shows all contracts, signed contracts and allows you to use contract templates for more legal consistency. Business wise the contract management enhances your client relationship, supports cross selling. Next to that it makes your relationship with your suppliers more transparent.
5. RiskRhino e-Learning
Business assurance is not only achieved by a transparent control framework, regular audits or compliance management. A huge part of proper assurance is built in the attitude and knowledge of your employees. Do they know what to do when and how to do it. Real business success is backed by continuous education and readily available knowledge for your employees. The e-Learning application of RiskRhino allows you to easily set up courses and make them available to your employees. You can build exams and the software will automatically review them. The student tracking allows you to see which employee completed which training successful and as such it also supports compliance requirements.
6. RiskRhino Business Continuity Management
A major part of business assurance is continuity management. The quickest way to improve continuity management is by implementing a small set of plans and make them available to your employees whenever an incident or disaster occurs. The RiskRhino mobile BCM app sends alerts to your staff and these alerts contain relevant information to allow your employees to take timely and appropriate action thus reducing the impact of an event. Beware, BCM is not only about disasters.
What is a disaster?
A disaster is a key, disruptive event that only happens very rarely and for which you would like to set up your BCM to recover from the disaster as quickly as possible. However, there are many events that can harm your business but are not considered disasters. These occur more frequently and it managing these is the key to your continuity and pristine reputation. The next step is to execute a Business Impact Analysis (BIA) which is fully web based supported by the software. The BIA shows clearly what the impact of incidents on your key processes is. Per process you can also indicate the Recovery Point Objective. In this way you can set up your contingency planning such that the key business processes can continue in case of fire, flood, black-out or IT malfunction. The BCM can also take care of your information assurance, today a key part of every organization.
7. RiskRhino Corporate Legal Management
The legal management application services 2 main needs. First off, you can manage all your legal data, be it shareholder relations, authorizations, board memberships, meeting notes, deeds of incorporation etc etc. The built in graphical org-chart automatically displays the relationships between your entities, business units or tax groups. Next to that the legal entity management support business assurance once it goes beyond one legal entity. You can have a larger organization with multiple entities across multiple jurisdictions. Using the legal entity application allows you to set up your full business assurance suite per entity thus obeying local auditing standards, financial controls, compliance requirements etc. In this way your business assurance can be localized yet globally (headquarters) transparent.