reporte de governance, risk e compliance em ambiente digital

C o p y r i g h t © 2 01 2 , SAS In s t i tu te In c . A l l ri g h ts r es er ve d .

REPORTE DE GOVERNANCE, RISK E

COMPLIANCE EM AMBIENTE DIGITAL

MANUEL FORTES

BUSINESS SOLUTION MANAGER

[email protected]

mailto:[email protected]


REPORTE

DE GOVERNANCE,

RISK E

COMPLIANCE EM

AMBIENTE DIGITAL

AGENDA

1

2

3

The Need for GRC

Reporting – The Importance of Data Visualization

The Role of Technology in the Digital World


GRC DEFINITION

• “the automation of the management,

measurement, remediation, and reporting of

controls and risks against objectives, in

accordance with rules, regulations, standards and

policies” - Gartner

4C opyrigh t © 2012, SAS Inst it u t e Inc. All r igh t s reserv ed .

Risk• Financial risks (e.g. Credit,

Market, Liquidity)

• Non-Financial risks (e.g.

Operational, IT risks, Information

Security, Strategic, Country,

Reputation)

Governance

Enterprise Linkage

• Strategy definition & execution

• Organisational culture

• Structure & Processes• Policies

C opyrigh t © 2012, SAS Inst it u t e Inc. All r igh t s reserv ed .

Compliance• Laws (e.g. SOX, Tax,

HR)

• Regulations (e.g.

Basel II, Solvency II)

• Policies

Integration


GRC – INTEGRATING MULTIPLE SILOS

Multiple risk & compliance streams are integrating into GRC.

0

Enabling Organization Implement it’s Strategy

Efficiently and Effectively

Common Library of Risk and Controls

Common Business Processes

Common Remediation Actions

Based on


WHY IS SO

IMPORTANT


TRENDS IN GOVERNANCE RISK AND COMPLIANCE

GRC without linkage to Finance and Performance is limited

GRC requires “big data” technologies and “big analytics”

capabilities

Human factor and behavior-based risk management practices are

essential (ex. Conduct Risk)

Major Trends


It is not only important to achieve

your business objectives.

How you achieve your business

objectives is also equally important.

EFFECTIVE GRC PROGRAMS SHOULD DELIVER ON BOTH


GRC

Strategy is the what / Governance is the how

Strategy Management lays out the goals of the organization as well as initiatives for turning those

goals into action.

Governance provides the rules, policies and applicable regulations

that must govern those actions.


FUNCTIONAL ARCHITECTURE OF A GRC SYSTEM

EGRC

Repository

Risk & Control

AssessmentIncident

Management

GRC

Indicators

Policy

ManagementScenarios

Remediation Management (Issues & Action Plans)

GRC Integration

Audit

Management

Control

Testing

GRC Assurance (Continuous Monitoring & Automation)

Operational Systems &

Other GRC Applications

Dashboard &

Reporting

Alerts &

Escalation

Corporate Performance

Management SystemsRisk Analytics &

Modelling

External

Loss Data


So what the role of the

emerging technology

in this environment?


BIG DATA IS EVERYWHERE…


NEW ERA OF

INFORMATION

PROCESSING

MOVE ANALYSIS TO DATA SOURCE

ANALYZE BEFORE DATA IS STORED – KEEP WHAT IS RELEVANT


Brand sentiment

Product strategy

Maximum asset utilization

APPROACH SHIFT MERGING THE TRADITIONAL AND BIG DATA APPROACHES

Traditional Approach

Rigid & Repetitive Analysis

Business users

determine what question to ask

IT structures the

data to answer that question

Big Data Approach

Iterative & Exploratory Analysis

IT delivers a

platform to enable creative discovery

Business users

explore what questions could be asked

Monthly sales reports

Profitability analysis

Customer surveys


SAS In-Memory

Situational Monitoring

EVENT STREAM

PROCESSINGDETECTS COMPLEX PATTERNS

Pattern Window

Pattern 1

Pattern 2

Sensors

Health

Location

Environment

Machine

Detect complex

patterns of

interest from

multiple streams

of data

SAS® Event

Stream Processing

Email, SMS, Alerts

Interactive Investigation

16C opyrigh t © 2012, SAS Inst it u t e Inc. All r igh t s reserv ed .C opyrigh t © 2012, SAS Inst it u t e Inc. All r igh t s reserv ed .

SENTIMENT

ANALYSIS

CONTENT

CATEGORIZATION

TEXT MINING

INTEGRATED

ANALYTICS

INFORMATION

RETRIEVAL

Explore textual data to

uncover valuable patterns,

themes, and insights

Automatically identify or

extract content that matches

predefined criteria to more

easily search by, report on,

and model/segment by

important themes

Classify documents and

specific attributes/features as

having positive, negative, or

neutral/mixed tone

Integrate structured and

unstructured data for

enhanced:

• Forecasting

• Optimization

• Predictive Modeling

• Network Analysis

TEXT ANALYTICS TECHNIQUES

SAS® Text

Analytics


FUNCTIONAL ARCHITECTURE OF A GRC SYSTEM

EGRC

Repository

Risk & Control

AssessmentIncident

Management

GRC

Indicators

Policy

ManagementScenarios

Remediation Management (Issues & Action Plans)

GRC Integration

Audit

Management

Control

Testing

GRC Assurance (Continuous Monitoring & Automation)

Operational Systems &

Other GRC Applications

Dashboard &

Reporting

Alerts &

Escalation

Corporate Performance

Management SystemsRisk Analytics &

Modelling

External

Loss Data


REPORTING

REPORTING


REPORTING THE IMPORTANCE OF DATA VISUAL SOFTWARE


REPORTING DASHBOARDS


REPORTING 360 DEGREE DETAIL


REPORTING EXPLORE TRENDS AND RELATIONSHIPS


REPORTING INTERACTIVE DATA EXPLORATION


MAIN BENEFITS

Value to Organization

Enterprise Governance Risk and Compliance

Derive New

InsightsTracking and trending key

topics can help uncover the

root causes of issues,

drivers of risks ,

(dis)satisfaction, or

reasons behind certain

behaviors

Improve Existing

ProcessLess manual effort frees up

resources for higher value

work. And automation

allows you to scale, while

simultaneously removing

human bias and error

Enhance Modeling

and ReportingEnrich data repository with

new information which can

augment other analyses

and visualizations

C o p y r i g h t © 2 01 2 , SAS In s t i tu te In c . A l l ri g h ts r es er ve d . www.SAS.com

OBRIGADO

http://www.sas.com/

http://www.sas.com/

reporte de governance, risk e compliance em ambiente digital

Education