Reporte de Governance, Risk e Compliance em Ambiente Digital
-
Upload
indeg-iscte-executive-education -
Category
Education
-
view
122 -
download
1
Transcript of Reporte de Governance, Risk e Compliance em Ambiente Digital
C o p y r i g h t © 2 01 2 , SAS In s t i tu te In c . A l l ri g h ts r es er ve d .
REPORTE DE GOVERNANCE, RISK E
COMPLIANCE EM AMBIENTE DIGITAL
MANUEL FORTES
BUSINESS SOLUTION MANAGER
C o p y r i g h t © 2 01 2 , SAS In s t i tu te In c . A l l ri g h ts r es er ve d .
REPORTE
DE GOVERNANCE,
RISK E
COMPLIANCE EM
AMBIENTE DIGITAL
AGENDA
1
2
3
The Need for GRC
Reporting – The Importance of Data Visualization
The Role of Technology in the Digital World
C o p y r i g h t © 2 01 5 , SAS In s t i tu te In c . A l l ri g h ts r es er ve d .
GRC DEFINITION
• “the automation of the management,
measurement, remediation, and reporting of
controls and risks against objectives, in
accordance with rules, regulations, standards and
policies” - Gartner
4C opyrigh t © 2012, SAS Inst it u t e Inc. All r igh t s reserv ed .
Risk• Financial risks (e.g. Credit,
Market, Liquidity)
• Non-Financial risks (e.g.
Operational, IT risks, Information
Security, Strategic, Country,
Reputation)
Governance
Enterprise Linkage
• Strategy definition & execution
• Organisational culture
• Structure & Processes• Policies
C opyrigh t © 2012, SAS Inst it u t e Inc. All r igh t s reserv ed .
Compliance• Laws (e.g. SOX, Tax,
HR)
• Regulations (e.g.
Basel II, Solvency II)
• Policies
Integration
C o p y r i g h t © 2 01 2 , SAS In s t i tu te In c . A l l ri g h ts r es er ve d .
GRC – INTEGRATING MULTIPLE SILOS
Multiple risk & compliance streams are integrating into GRC.
0
Enabling Organization Implement it’s Strategy
Efficiently and Effectively
Common Library of Risk and Controls
Common Business Processes
Common Remediation Actions
Based on
C o p y r i g h t © 2 01 5 , SAS In s t i tu te In c . A l l ri g h ts r es er ve d .
WHY IS SO
IMPORTANT
C o p y r i g h t © 2 01 5 , SAS In s t i tu te In c . A l l ri g h ts r es er ve d .
TRENDS IN GOVERNANCE RISK AND COMPLIANCE
GRC without linkage to Finance and Performance is limited
GRC requires “big data” technologies and “big analytics”
capabilities
Human factor and behavior-based risk management practices are
essential (ex. Conduct Risk)
Major Trends
C o p y r i g h t © 2 01 2 , SAS In s t i tu te In c . A l l ri g h ts r es er ve d .
It is not only important to achieve
your business objectives.
How you achieve your business
objectives is also equally important.
EFFECTIVE GRC PROGRAMS SHOULD DELIVER ON BOTH
C o p y r i g h t © 2 01 5 , SAS In s t i tu te In c . A l l ri g h ts r es er ve d .
GRC
Strategy is the what / Governance is the how
Strategy Management lays out the goals of the organization as well as initiatives for turning those
goals into action.
Governance provides the rules, policies and applicable regulations
that must govern those actions.
C o p y r i g h t © 2 01 2 , SAS In s t i tu te In c . A l l ri g h ts r es er ve d .
FUNCTIONAL ARCHITECTURE OF A GRC SYSTEM
EGRC
Repository
Risk & Control
AssessmentIncident
Management
GRC
Indicators
Policy
ManagementScenarios
Remediation Management (Issues & Action Plans)
GRC Integration
Audit
Management
Control
Testing
GRC Assurance (Continuous Monitoring & Automation)
Operational Systems &
Other GRC Applications
Dashboard &
Reporting
Alerts &
Escalation
Corporate Performance
Management SystemsRisk Analytics &
Modelling
External
Loss Data
C o p y r i g h t © 2 01 2 , SAS In s t i tu te In c . A l l ri g h ts r es er ve d .
So what the role of the
emerging technology
in this environment?
C o p y r i g h t © 2 01 5 , SAS In s t i tu te In c . A l l ri g h ts r es er ve d .
BIG DATA IS EVERYWHERE…
C o p y r i g h t © 2 01 5 , SAS In s t i tu te In c . A l l ri g h ts r es er ve d .
NEW ERA OF
INFORMATION
PROCESSING
MOVE ANALYSIS TO DATA SOURCE
ANALYZE BEFORE DATA IS STORED – KEEP WHAT IS RELEVANT
C o p y r i g h t © 2 01 5 , SAS In s t i tu te In c . A l l ri g h ts r es er ve d .
Brand sentiment
Product strategy
Maximum asset utilization
APPROACH SHIFT MERGING THE TRADITIONAL AND BIG DATA APPROACHES
Traditional Approach
Rigid & Repetitive Analysis
Business users
determine what question to ask
IT structures the
data to answer that question
Big Data Approach
Iterative & Exploratory Analysis
IT delivers a
platform to enable creative discovery
Business users
explore what questions could be asked
Monthly sales reports
Profitability analysis
Customer surveys
C o p y r i g h t © 2 01 5 , SAS In s t i tu te In c . A l l ri g h ts r es er ve d .
SAS In-Memory
Situational Monitoring
EVENT STREAM
PROCESSINGDETECTS COMPLEX PATTERNS
Pattern Window
Pattern 1
Pattern 2
Sensors
Health
Location
Environment
Machine
Detect complex
patterns of
interest from
multiple streams
of data
SAS® Event
Stream Processing
Email, SMS, Alerts
Interactive Investigation
16C opyrigh t © 2012, SAS Inst it u t e Inc. All r igh t s reserv ed .C opyrigh t © 2012, SAS Inst it u t e Inc. All r igh t s reserv ed .
SENTIMENT
ANALYSIS
CONTENT
CATEGORIZATION
TEXT MINING
INTEGRATED
ANALYTICS
INFORMATION
RETRIEVAL
Explore textual data to
uncover valuable patterns,
themes, and insights
Automatically identify or
extract content that matches
predefined criteria to more
easily search by, report on,
and model/segment by
important themes
Classify documents and
specific attributes/features as
having positive, negative, or
neutral/mixed tone
Integrate structured and
unstructured data for
enhanced:
• Forecasting
• Optimization
• Predictive Modeling
• Network Analysis
TEXT ANALYTICS TECHNIQUES
SAS® Text
Analytics
C o p y r i g h t © 2 01 2 , SAS In s t i tu te In c . A l l ri g h ts r es er ve d .
FUNCTIONAL ARCHITECTURE OF A GRC SYSTEM
EGRC
Repository
Risk & Control
AssessmentIncident
Management
GRC
Indicators
Policy
ManagementScenarios
Remediation Management (Issues & Action Plans)
GRC Integration
Audit
Management
Control
Testing
GRC Assurance (Continuous Monitoring & Automation)
Operational Systems &
Other GRC Applications
Dashboard &
Reporting
Alerts &
Escalation
Corporate Performance
Management SystemsRisk Analytics &
Modelling
External
Loss Data
C o p y r i g h t © 2 01 5 , SAS In s t i tu te In c . A l l ri g h ts r es er ve d .
REPORTING
REPORTING
C o p y r i g h t © 2 01 2 , SAS In s t i tu te In c . A l l ri g h ts r es er ve d .
REPORTING THE IMPORTANCE OF DATA VISUAL SOFTWARE
C o p y r i g h t © 2 01 5 , SAS In s t i tu te In c . A l l ri g h ts r es er ve d .
REPORTING DASHBOARDS
C o p y r i g h t © 2 01 5 , SAS In s t i tu te In c . A l l ri g h ts r es er ve d .
REPORTING 360 DEGREE DETAIL
C o p y r i g h t © 2 01 5 , SAS In s t i tu te In c . A l l ri g h ts r es er ve d .
REPORTING EXPLORE TRENDS AND RELATIONSHIPS
C o p y r i g h t © 2 01 5 , SAS In s t i tu te In c . A l l ri g h ts r es er ve d .
REPORTING INTERACTIVE DATA EXPLORATION
C o p y r i g h t © 2 01 5 , SAS In s t i tu te In c . A l l ri g h ts r es er ve d .
MAIN BENEFITS
Value to Organization
Enterprise Governance Risk and Compliance
Derive New
InsightsTracking and trending key
topics can help uncover the
root causes of issues,
drivers of risks ,
(dis)satisfaction, or
reasons behind certain
behaviors
Improve Existing
ProcessLess manual effort frees up
resources for higher value
work. And automation
allows you to scale, while
simultaneously removing
human bias and error
Enhance Modeling
and ReportingEnrich data repository with
new information which can
augment other analyses
and visualizations
C o p y r i g h t © 2 01 2 , SAS In s t i tu te In c . A l l ri g h ts r es er ve d . www.SAS.com
OBRIGADO