IMPACT ERM can help an organization manage and execute management system components more effectively. Classic management system framework, such as the COSO internal control, consists of several interrelated components such as Control Environment, Risk Assessment, Control Activities, Information and Communication, and Monitoring. The sections below demonstrate the Mapping of a Classic Management System Framework and its components to IMPACT Functionality.
Control Environment
The control environment takes in to account non-tangible aspects of an organization such as integrity, ethical values, management style, delegation, communication and more. It also includes HR processes for managing and developing people within an organization.
- Enable collaboration between leadership and the workforce, ultimately, forming a culture of open risk communication via Email notifications and Dashboard / Scorecard
- Enable management review of risks and Route incidents to pertinent parties based on various criteria such as consequence type, risk level, department and more
- Control edit and viewing access to specific information (even down to the field level) for a given status and responsibility
- Facilitate and Communicate meetings and trainings as required to manage and develop people
- Configure client-specific Work Processes and much more
Risk Assessment
Risk assessment helps determine how risk should be managed based on established objectives. Therefore, risk assessment engages the identification and analysis of relevant risks so to achieve recognized objectives.
- Capture and Prioritize risk in Reactive situations using IMPACT’s tracking functionality for Incidents, various Consequence types (environmental, financial, etc.) and Investigations
- Capture and Prioritize risk in Proactive situations using IMPACT’s prevention functionality for Action Items, Assessments, Findings, Meetings, High Learning Value Events (HLVE) and unlimited user-defined requirements
- Conduct risk assessment to determine “residual” risk and more
- Prioritize actual and potential risk
- Analyze patterns in data and Identify potential risk across the enterprise using full web-based and/or client-based reporting
- Analyze and Report on actual risk across the enterprise
- Analyze and Assess data in real time
- Enable Risk Assessments to be completed prior to processing to “Next Status”
Control Activities
Control activities are the policies and procedures designed to help ensure the fulfillment of management directives and that necessary actions are taken to address risks so to achieve established objectives. Control activities occur throughout the organization, at all levels and in all functions and include a range of activities from approvals, authorizations, verifications, reconciliation's, reviews of operating performance, security of assets and other related activities.
- Assign priority levels, target dates, status and task owners
- Enable an Action Item workflow step to Verify Action Items
- Configure minimum number of Approvals required to approve a workflow
- Enable management review of risks and Route incidents, action items, assessments, etc. to appropriate managers for “Approval”
- Enable verification of action item closure based on level of risk
- Reject a status and return to a previous state or skip statuses
Information and Communication
Information systems and effective communication play a key role in internal control systems from producing reports for operational, financial and compliance-related objectives to ensuring that information flows down, across and up the organization to external parties such as customers, suppliers, regulators and shareholders.
- Route First Report to appropriate responsible parties via Email and Dashboard
- Notify responsible parties of an incident, consequence, assessment, audit, etc.
- Enable Change Log and Notifications for changes made
- Automatic Email Notifications, Reminders, Approvals, etc. for action items
- Capture Observee, Feedback and Comments on assessments
- Auto-Spawn HLVE’s from incidents to ensure Key Lessons are acted on throughout the enterprise
- Produce analysis and reports for compliance-reporting and monitoring.
- Schedule reports and charts to generate and distribute automatically
- Prioritize actual and potential risk and Notify responsible parties needed to resolve risk.
- Enable management review of risks and Route incidents to pertinent parties based on various criteria such as consequence type, risk level, department and more.
Monitoring
Another important component of controls is monitoring and assessing the quality of the system's performance over time. Monitoring can be accomplished through ongoing activities and/or evaluations to observe the management system and detect internal control deficiencies through these activities, report these upstream, and issue corrective actions to ensure continuous improvement of the system.
- Tie Action Items directly to proactive and reactive processes (i.e. assessments, findings, incidents, consequences, investigations, etc.).
- Maintain Accountability & Workflow with Corrective Action
- Track to Closure
Downloadable Brochures
Register for a FREE Financial IMPACT Analysis of Your Enterprise Risk
Review IMPACT Enterprise, feature by feature
Download the NEW Syntex Solutions brochure (PDF 1.5mb)
Download an Immediate IMPACT brochure (PDF 347kb)
Download an IMPACT Enterprise Custom Edition brochure (PDF 434kb)