Reporting

Knowledge is one of the key factors used to maintain an effective control framework.

The interpretation of data is key to the management of risk and compliance.

Various types of reporting should exist within a firm to provide management with a complete view of the risk and compliance landscape.

From detailed logs, exception reporting, individual user compliance reporting to management metrics, knowledge enables management to make strategic decisions that can impact the whole firm.

Assessment Reporting

Management firstly need to define the level and category at which an assessment is targeting, secondly, what is the objective of the assessment and lastly what decisions need to be taken as a result of the assessment.

Detailed control assessments can be used to support audit type requirements and are generally executed at a detailed level. Resulting actions are then dependent upon the way in which results are reported. If results for many assessments point to similar weaknesses in control a global solution may be recommended. If however, results are used in isolation, the remediation may resolve the identified problem but in may not address an inherent problem across the firm.

Real-Time Monitoring

Once key controls, success and failure criteria have been identified a mechanism can be put in place to provide management with a view of a firms control framework. When setting up such monitoring, the maturity of controls and change management play a major part in ensuring the stability of the environment.

Weighting

It is important to understand what’s important.

What processes are key to the business? What applications support the key business controls?

When assessing risk to a firm and looking at key controls, it’s important to identify what’s really important and focus on that. By using a weighting mechanism for processes and assets (applications) firms can produce a comprehensive risk profile. A consistent method of assessment can be employed, however individual weightings should be developed. At first it may be easier to employ a simple method, grouping similar processes and assets and assigning weightings. Payment systems and processes will obviously have a greater weighting for example than canteen menu systems and processes.

Compliance Reporting

This can take many forms, from employee compliance to policies to a firm’s compliance to government regulations.
PlayBooksSolutions have provided clients with the means to compare existing controls and policies to regulatory requirements, standards and methodologies.