Introducing Microsoft Dynamics Governance Risk Compliance Dynamics GRC

  • Slides: 46
Download presentation
Introducing… Microsoft Dynamics Governance, Risk & Compliance

Introducing… Microsoft Dynamics Governance, Risk & Compliance

Dynamics GRC 365 Agenda • Preface Definitions of GRC Defense of having GRC inside

Dynamics GRC 365 Agenda • Preface Definitions of GRC Defense of having GRC inside ERP • Principle Instruction Identification • Processing Risk analysis D 365 user forms Reports • Performance Organization Balance scorecards Worker performance management

What is GRC Microsoft Dynamics Governance, Risk & Compliance Governance, Risk Management, and Compliance

What is GRC Microsoft Dynamics Governance, Risk & Compliance Governance, Risk Management, and Compliance (GRC) are three pillars that support a common goal of an enterprise. Well executed; it assures that an organization meets its objectives by promoting collaboration, transparency and effective controls. It compliments OHS (HSE) and ERP systems. Better still if it is all completely integrated.

Preface

Preface

Preface • Governance includes: • Formal Tender management • Trade & non-trade contract governance

Preface • Governance includes: • Formal Tender management • Trade & non-trade contract governance • Overlaps into Sanctions management

Preface • Contracts • Systematic process for creation, execution & analysis Life cycle Commercials

Preface • Contracts • Systematic process for creation, execution & analysis Life cycle Commercials Performance management Renew or Terminate Contract management includes negotiating the terms and conditions in contracts; Ensuring compliance with them, as well as documenting and agreeing on any changes or amendments.

Preface • Contracts • Breach & Remedies

Preface • Contracts • Breach & Remedies

Preface

Preface

Preface • Compliance includes: • Meeting management to prove compliance • Audits (internal &

Preface • Compliance includes: • Meeting management to prove compliance • Audits (internal & ISO audits) to check compliance • Legals Legal register Deed register Declaration of interest Trade mark register etc.

Preface • Meetings • A meeting is a routine activity • Members of an

Preface • Meetings • A meeting is a routine activity • Members of an enterprise discuss organizational issues and other agenda through a gathering • It is even part of the weekly itinerary of many working individuals and business people • Meetings can be formal (or informal) preparation must be done to properly plan and execute the meeting • There are various types of meetings that may depend on its nature and the objectives or purpose

Preface • Meetings

Preface • Meetings

Preface • Audits

Preface • Audits

Preface • Audits • Scheduling of audits • Raising non-conformance & other findings

Preface • Audits • Scheduling of audits • Raising non-conformance & other findings

Preface • Internal Audits • Audit universe to Audit file

Preface • Internal Audits • Audit universe to Audit file

Preface • Internal Audits • Audit universe to Audit file – Engage

Preface • Internal Audits • Audit universe to Audit file – Engage

Preface • Internal Audits • Audit universe to Audit file – Findings

Preface • Internal Audits • Audit universe to Audit file – Findings

Preface

Preface

Preface • All activities and actions

Preface • All activities and actions

Preface • Risk includes the big three • Safety (operational) risk; focus on hazards

Preface • Risk includes the big three • Safety (operational) risk; focus on hazards • Enterprise risk; focus on business issues • Financial risk; treasury focus (youngest addition to risk suite)

Preface • Definitions continued… • Risk Any threat that, if it occurs, may prevent

Preface • Definitions continued… • Risk Any threat that, if it occurs, may prevent the activity’s objectives from being achieved in whole, or in part. • Inherent risk: The risk that an activity would pose if no controls or other mitigating factors were in place. • Residual risk: The risk remaining when you have implemented all the preventive actions you intend to. • Hazard: • ERM: Any source of potential damage, harm or adverse health effects on something or someone under certain conditions at work. The identification and management of all risks within the enterprise. It includes the process of evaluating the chance of loss or harm and then taking steps to combat the potential risk - Enterprise Risk Management.

Preface • Defense – why inside “ERP”? • Same user interface, same database, one

Preface • Defense – why inside “ERP”? • Same user interface, same database, one code base • Risk can continuously be monitored, and act swift action • Efficient support of documentation and implementation of automated controls for any framework • Preventative, real-time approach across diverse departments and disciplines • Performance indicators across ERP to deliver a common, system wide view • Unified management of strategic, financial, operational and compliance risks across the organization

Preface • Defense – what is the purpose? • To protect the organization from

Preface • Defense – what is the purpose? • To protect the organization from severe financial disruption due to accidental losses or internal implosion • To do so at a cost that is affordable and does not fluctuate significantly from year to year • To protect assets from loss or destruction, • To create a safe work environment for employees, • Reducing the likelihood of injuring or damaging a third party Governance, Risk & Compliance is everyone’s business, all people can provide insight into the nature, likelihood and impacts.

Dynamics GRC 365 Agenda • Preface Definitions of GRC Defense of having GRC inside

Dynamics GRC 365 Agenda • Preface Definitions of GRC Defense of having GRC inside ERP • Principle Instruction Identification • Processing Risk analysis D 365 user forms Reports • Performance Organization Balance scorecards Worker performance management

Principle • Instruction • Risk identification: Which accidental losses will be incurred? • Risk

Principle • Instruction • Risk identification: Which accidental losses will be incurred? • Risk measurement and evaluation: How likely is the risk to occur and how much will the damage be? • Analysis of risk treatment methods: How can the organization protect itself from these losses at an affordable and stable cost? • Selection and implementation of treatment methods: What combination of risk avoidance, control, and financing will yield the best result? • Monitoring performance of treatment methods: Are the methods performing properly, and if not, what alterations can be made to raise their performance?

Principle • Identification • Hazards

Principle • Identification • Hazards

Principle • Identification • Risk categories • and other • setups

Principle • Identification • Risk categories • and other • setups

Dynamics GRC 365 Agenda • Preface Definitions of GRC Defense of having GRC inside

Dynamics GRC 365 Agenda • Preface Definitions of GRC Defense of having GRC inside ERP • Principle Instruction Identification • Processing Risk analysis D 365 user forms Reports • Performance Organization Balance scorecards Worker performance management

Processing • Risk analysis • Risk probability and impact The risk analysis process requires

Processing • Risk analysis • Risk probability and impact The risk analysis process requires some form of measure of both the probability that the risk will occur and the possible impact. These will normally include, but not be limited to: Performance Cost Timescale Operational capability Company reputation Risk score = Probability scale x Impact scale

Processing • Risk assessment … from: • • • Trading partner contracts Internal Audit

Processing • Risk assessment … from: • • • Trading partner contracts Internal Audit (RCM) Investigations Permit to work Inspections Incidents Projects Manual App

Processing • Risk assessment … from: • • Trading partner contracts Investigations Audit needs

Processing • Risk assessment … from: • • Trading partner contracts Investigations Audit needs Incidents Projects Manual App

Processing • Risk assessment wizard • Guided steps to do a Risk assessment Who/

Processing • Risk assessment wizard • Guided steps to do a Risk assessment Who/ what might be harmed Possible consequences Inherent risk rating Mitigation Residual risk rating Completion

Processing • Main user forms • Risk register • Risk worksheet • Bow tie

Processing • Main user forms • Risk register • Risk worksheet • Bow tie

Processing • Risk worksheet

Processing • Risk worksheet

Processing • Bow tie explained • 4 principles

Processing • Bow tie explained • 4 principles

Processing • Bow tie explained

Processing • Bow tie explained

Processing • Bow tie explained

Processing • Bow tie explained

Processing • Some reports • Risk register

Processing • Some reports • Risk register

Processing • Some reports

Processing • Some reports

Dynamics GRC 365 Agenda • Preface Definitions of GRC Defense of having GRC inside

Dynamics GRC 365 Agenda • Preface Definitions of GRC Defense of having GRC inside ERP • Principle Instruction Identification • Processing Risk analysis D 365 user forms Reports • Performance Organization Balance scorecards Worker performance management

Performance What is CPM? Microsoft Dynamics “Performance management includes activities which ensure that strategy,

Performance What is CPM? Microsoft Dynamics “Performance management includes activities which ensure that strategy, plans (goals & objectives) are aligned with operations and met. Improvements are formulated as the above are reported on and analyzed. It focus on the performance of an enterprise, a department, worker, vendor, customer or even the processes to build a product or render a service. ”

Performance • Why CPM inside ERP (& GRC) Insight: While often tied to enterprise

Performance • Why CPM inside ERP (& GRC) Insight: While often tied to enterprise resource planning (ERP) systems, CPM software complements ERP by providing management insights in addition to operational data. In other words, ERP is about operating the business—the day-to-day transactional activity—and CPM is about managing the business—analyzing, understanding, and reporting on the business. Integration: Linking financial and operational information to insights (and risk) —and ultimately driving strategies, plans and execution. Integrating management processes & aligning strategy with execution. Thus a unified solution.

Performance • Why CPM inside ERP (& GRC) Intelligence: CPM is not BI; BI

Performance • Why CPM inside ERP (& GRC) Intelligence: CPM is not BI; BI is all about extracting data, transforming and loading into digestible bits and pieces. But BI normally excludes risks, processes, objectives & strategy. CPM allows for enforcement of objectives & strategy by native inclusion of ERP transactional data. Further more CPM inside GRC allows risks and returns to be matched. Risk is closely related to performance and mitigation. So CPM inside GRC takes an enterprise to RI (Risk intelligence). “By utilizing technology…to manage risk…managers can become more intelligent” (Laurent, W; Risk management systems 2006)

Performance Balance scorecard • • KPA, KPI Worker performance Contractor performance Goals, measures etc…

Performance Balance scorecard • • KPA, KPI Worker performance Contractor performance Goals, measures etc…

SHREQ (SHE+GRC) • Invoices (some clients)…

SHREQ (SHE+GRC) • Invoices (some clients)…

Thank you

Thank you