GRC Information Technologies (IT) governance is the field that collects the concepts of risk control and compliance under its roof. In today’s fast-changing business world, every company has become a necessity (manageable) to manage its strategic and operational risks, enterprise internal controls and compliance with regulatory requirements.
It is not possible to effectively meet these needs without using risk management and compliance, internal control and internal audit tools.
Choosing the right tool is a difficult issue in itself. A product manufactured in consideration of the best practices in the industry, containing standards set by international organizations such as the Institute of Internal Auditors (IIA) and the Open Compliance and Ethics Group (OCEG), and with which you can work in a long-term, healthy and efficient relationship with its manufacturer and / or supplier choosing is the most optimal solution.
With over 15 years of experience, PROYA has joined forces with MEGA International, which has 30 years of experience, and started to offer the Hopex GRC package, one of the most ambitious and comprehensive product families in the field of IRM (Integrated Risk Management)
MEGA’s platform, built on the central repository, ensures that all of your GRC goals are met.
Lack of risk awareness
Managing risks in silos
Risk impact on the organization
Implement an integrated approach with business operations, to shift from a compliance to a risk-aware culture.
HOPEX IRM allows Risk Managers, Auditors, Internal Controllers, Data Privacy Officers, Compliance Officers, CISOs, Legal Counselors, IT teams, and Operational teams to work together towards risk identification and risk control in the most effective and efficient manner.
HOPEX IRM uniquely leverages information managed by IT, Business or Privacy compliance to better understand risk context and their impact on the business.
Combined with other HOPEX solutions, companies can effectively manage risks globally, ensuring employees share a common understanding of the enterprise assets, processes and technologies while ensuring data privacy compliance.
Understanding the context allows to better qualify and quantify the impact of risks
Move to a risk-aware culture
Keep up with constant changes
Managing risks with an integrated approach
Speed-up risk management efforts
Use customizable dashboards to efficiently monitor risk management efforts
With HOPEX IRM, Risk Managers can capture and define Risks:
Risk Managers can create a new Risk, capture all relevant information and set Risk Target & treatment method.
Risk Managers can also define the context of a Risk by specifying which Processes, Entities, Applications and Business Lines are affected.
Risk Manager can monitor the progress of an Assessment Campaigns and report on results.
Widgets for risks are available from the dashboard:
Build a custom dashboard and follow up on the overall progress of risk management efforts.
HOPEX IRM supports Controllers in their mitigating efforts:
Internal Controllers can assess controls directly and analyze the results.
HOPEX IRM allows you to not only capture Incidents, but also to analyze them:
Contributors can declare a new Incident from their dedicated Interface and provide all the relevant information.
A different contributor, previously assigned as Incident Approver, can either ask the Incident Declarer for modification, approve or reject the Incident altogether.
Prior to validating the Incident, a Risk Manager can
Contextualize the Incident by specifying the materialized Risk, the failing Control and other taxonomy related information
Risk manager can analyze Incidents in different manners (breakdown, evolution, relation to risks, financial…)
The solution supports Compliance efforts:
Compliance Officers can create Requirements as part of either a Regulation Framework or the Organization’s own Requirements.
Compliance Officers can specify what parts of the Organization have to comply with the Requirement (processes, entities and applications).
Compliance Officers can analyze the effectiveness of implemented Controls with regards to compliance following a Control Assessment campaign run by an Internal Controller.
Compliance Officers can also identify Risks of non-compliance. These Risks can then be managed by the relevant Risk Managers. Compliance Officers can also analyze information collected during Risk Assessment campaigns.
HOPEX gives you the tools necessary to manage your Internal Audit activities:
Audit Directors can group Audits under one Audit Plan. Resources, skills, availabilities, expenses and timelines can be managed for the overall Audit Plan.
Lead auditor can build a Work program for the Audits they are assigned to. Each Activity can have Workpapers and any background information necessary for the Auditor to carry out his/her tasks. Once ready, the Work program is sent to the Audit Director for review.
If an Audit is recurrent, Lead Auditors can save time by « cloning » an already existing Audit’s Work program thus saving planning time.
Once the Auditor has validated the Work program, Audit Activities are sent to the Auditors they have been assigned to. Auditors can then complete the Activity and any Test Sheets he/she has been given to fill.
A Finding being an Incident discovered by the Audit team, Auditors can create new Risks against their Findings. These Risks will then have to be managed by the Risk managers.
Once the Auditors have completed their Activities, documented their Findings, as well as written and assigned their Recommendations to an Auditee, the Activities can be submitted to the Lead Auditor for review.
HOPEX gives you the tools and the information necessary to keep your Internal Audits aligned to your Organization’s strategic priorities: