HOPEX OPERATIONAL RISK MANAGEMENT Provide visibility into your risk profile and support regulatory compliance with a 360° view of all risk management processes HOPEX OPERATIONAL RISK MANAGEMENT HOPEX Operational Risk Management helps streamline the risk management process - from risk identification to reporting - which results in actionable data and metrics to support business growth and profitability. HOPEX ORM helps operational risk management teams: Ensure compliance with financial regulations Enter incidents and losses, identify and assess operational risks, manage action plans, and calculate capital allocations to meet requirements such as Basel III and Solvency II. Regulatory reports with incident and loss matrices are automatically generated. Improve ORM quality and effectiveness Set up and manage a structured risk library where risks are categorized by objective and type, and associated with the relevant business processes and business units. All changes are tracked in a shared repository, helping to facilitate audits. Out-of-the-box reports and dashboards improve follow up on your action plans. Automate consolidation and communication of risk exposure Leverage a variety of reports and dashboards to monitor risk status, compliance, and the implementation of appropriate controls. An advanced aggregation engine calculates consolidated risks for each business unit or business process. BENEFITS • Easily assess high priority risks through key risk indicator (KRI) tracking • Eliminate silos and redundancies by leveraging a central repository to store all risk, process, and compliance data • Protect against future losses and negative business impacts through scenario analysis • Ensure compliance by embedding key financial regulations, such as Basel III and Solvency II, into business processes • Reduce response time through automated assessment campaigns, alerts, reminders, and workflows • Deliver actionable reports and analyses for process optimization and governance Event Report Powered by H PE X Risk Measurement Reports KEY FEATURES Based on MEGA’s HOPEX platform, HOPEX Operational Risk Management supports the risk management process from end-to-end and seamlessly integrates with other components of MEGA’s GRC solutions. Incident Management and Risk Quantification Phase: Managing incidents and calculating capital allocations Collecting incident data •Incidents are entered manually or imported from a third-party application •Losses, provisions, and recoveries can be associated with each incident •Incidents can be linked to types of events, business lines, and risks Calculating capital allocations •Capital-at-Risk (CaR) is calculated using three approaches: BIA, TSA, and AMA •For AMA, a capital model is built based on the incident and loss matrix •Value-at-Risk (VaR) is estimated based on past losses using Monte Carlo simulations, as well as advanced statistical analysis methods such as log-normal, Weibull, and Poisson distributions Risk and Control Self-Assessment Phase: Identifying, measuring, and consolidating risks Identifying and assessing risks •Supports bottom-up or top-down identification processes •Risks are mapped in relationship to their context using graphical risk mapping capabilities •Indicators, as well as analytical and summary reports, are generated to facilitate risk library management •Risks are assessed by experts or an Own Risk and Solvency Assessment (ORSA) Consolidating risks •The different measurements for a given risk are aggregated, and exposure to the risk is automatically calculated for each business process, business unit, and type of risk •Future risk exposure is forecasted based on measurements from previous years and the implementation of action items Risk Treatment Phase: Monitoring risks and following up on action plans Monitoring risks with appropriate controls •The response to each risk is determined: accept as-is, reduce, provision, or insure •Appropriate controls and action plans to reduce the risk are defined and implemented Following up on action plans •Reports are generated to facilitate tracking progress on action plans •The effectiveness of action plans is measured by comparing inherent and residual risk exposure LEVERAGING SYNERGIES BETWEEN DEPARTMENTS MEGA’S GRC SOLUTIONS www.mega.com @mega_int © MEGA International 2014 With MEGA’s four Corporate Governance solutions, risk managers can work within an enterprise-wide governance framework, giving executives a 360° view of their operations. The solutions also allow for action plans to be shared, creating powerful synergies between risk management, compliance, internal audit, and internal control activities. •Control testing and assessment results can be integrated into the RCSA process •Compliance risk assessments can be reviewed to check the coherency of risks throughout the enterprise •When a weakness is detected by internal audit, a high priority recommendation can be made on a risk to either trigger a re-assessment or a re-test of this risk