Summary

This is the most valuable service for ensuring risk-based change is dealt with correctly.  Key features include the generation of heat maps for inherent risk, level of compliance and effort for each new Detail Level Requirement (DLR) across each individual entity, functional gaps in each operating model impacted, details of Processes, Records, Systems and Roles that are impacted, interpretation issues, etc.


Our History with Large Scale Risk Assessments

A great deal of our work over the past two decades has revolved around helping clients understand the risks associated with new regulations. We have covered many different types of regulations in numerous different industries across different jurisdictions and types of businesses. One of our core focus areas has been the financial services sector over this period with a global Fortune 500 Financial Services company as a flagship client for this entire period.

This is one of the most powerful services for driving the digitisation shift by a client to our GRC Standard. There are many data elements designed into this tool that ensure the correct content is generated during the impact analysis for all Future Changes that need to be properly embedded into the existing business models and optimally managed by GRC operations in the company.

The primary objective for us and our clients when dealing with any regulatory change must be sustainability of risk mitigation solutions and ongoing reduction in cost, complexity and risk, and this is what we have designed into our tools and methodology for this service.

Data Protection as a Core Focus

In certain instances we have chosen to specialise on these areas of regulation. Outside our governance, risk and compliance core business, our major field of specialisation that we have spent the past decade becoming highly experienced with is the protection of personal information because of the sheer number of clients needing help to assess their risks with this pervasive type of regulation and the fact that it is a global phenomenon that has opened up opportunities for us to provide ground-breaking solutions to clients as a result of our expertise.

TOSMS Methodology and Tools Are Included

This is one of our earliest services with enabling tools and has been in operation for many years to help clients overcome the challenging task of trying to carry out proper impact analysis and risk assessments of significant regulations when they are using manual spreadsheets that have very limited processing capabilities in key areas such as change control and integration.

We have the skills to tackle any regulation with a unique regulatory change methodology that we apply. We make certain tools available to clients who need to understand the size of the problem space. In most instances, the larger clients we work with cannot process the amount of information that has to be analysed without the use of structured and automated tools so we provide this as part of our service.

GRC-POS-03 that deals with Digitisation of Processes, Records, Systems and Roles (PRSRs) is an example of our Data Inventory Management System that works in conjuction with this service.  In many instances, our clients have to understand the nature of new data types that regulations like DPA, GDPR and POPIA in the UK, EU and SA respectively bring into the risk landscape.

These new data types mean that clients have to first find where this data is being processed as you cannot do detailed analysis of the impacts of such regulations until you have this information – and this is where our DIMS solution kicks in that works in conjunction with this service.

High Level or Detailed Analysis Options

Undertaking reviews of existing, and analysis of new, regulations can be facilitated by using our automated regulatory risk assessment solution.  It provides the option of carrying out a high level, quick turnaround, initial risk appraisal or a more comprehensive detailed analysis.

Key features include the generation of heat maps for inherent risk, level of compliance and effort required to deal with each DLR across the entire organisation and for each individual entity, functional gaps in each operating model impacted, details of PRSRs that are impacted, interpretation issues, financial impacts, etc.

Request for Information

Should you wish to find out more about this or any of our other Portfolio of GRC Services or Solutions, please don’t hesitate to give us a call or email us.  Our details can be found below or under Contact on the main menu.