Upload
trinhphuc
View
218
Download
0
Embed Size (px)
Citation preview
LEADINGWITHGRC
CaseStudyofIntegratedGRCMarketAxess
GRCforHighPerformers
Agenda1.Introductions2.OrganizationOverview:Vision,KeyFactsandNeeds3.GRCFootprintacrossMarketAxess4.GRCFramework5.GRCProgramChallenges6.GRCProgramRoadmap&Rollout7.DecidingwhentoImplementGRCTool8.KeyBenefits9.KeyLearningsandBestPractices10.AudienceQuestionsandDiscussion
2
GRCforHighPerformers
Introductions
JosephMonks
Audit&ChiefRiskOfficerMarketAxess
- Prior:HeadofOperationalRiskCitibank,NorthAmerica.
- ManagingDirector,JapanChiefAuditoratCiti;ExecutiveDirectorandChiefAuditorJapanatMorganStanley.
- GlobalRisk,InternalAudit,BankingandSecurities,TechnologyControls,SOXandRegulations.
MandarSoman
Audit&RiskManagerMarketAxess
- Prior:ManagerofOperationalRiskDivisionatKPMG
- Experienceinadvisoryservicestoinvestmentmanagementandbankingclients
- Experienceinenterpriseriskmanagement,managementconsultingforbankingcapitalmarkets
ParulJain
Audit&RiskAssociateMarketAxess
- Prior:InformationAuditAnalyst
- Experienceininternalaudit&externalauditwithbankingclientsinIndia
- MastersinInformationSystems,CISA(Examcleared)
3
GRCforHighPerformers
MarketAxess- OverviewOverview:MarketAxessistheleaderinelectronictradingofglobalcreditproductsoperatingintheregionsofNorthAmerica,EuropeandAsia.Ouraward-winning,patentedelectronicplatformenablesfixedincomemarketparticipantstosourcecompetitiveandexecutablebidsoroffersinthebroadestrangeofcashcreditandcreditderivativesforover1,200globalinstitutionalinvestorsandbrokerdealers.MarketAxessbringsoveradecadeofunparalleledtrading,marketdataandtechnologyinnovation,shapingthefutureofthecreditmarkets. MarketAxessoperates“OpenTrading”onitselectronicbondtradingplatformwhichallowsinvestmentmanagers,broker-dealersatinvestmentbanksandothermarketparticipantstotradedirectlywithoneanotherelectronicallyonananonymousbasis.Oursuiteoftradingprotocols,whichincludesMarketLists,foranonymousall-to-allinquiries,andPrivateAxes,whereusersanonymouslymatchblockorders,providinggreaterdiscretionandcontrolwhentradinginlargersizes,areseamlesslyintegratedintoMarketAxess’well-establishedRFQplatform,resultinginsingle-screenaccessforallmarketliquidity.
Vision:Ourvisionistoshapethefutureofthecreditmarkets.Ourgoalistobecometheglobalelectroniccreditmarketplaceofchoice.
Mission:MarketAxesswasfoundedin2000withasimplemission:togiveinvestorsasingletradingplatformwitheasyaccesstomulti-dealercompetitivepricinginawiderangeofcreditproducts.Tenyearslater,wearetheleadingelectroniccredittradingplatformforcorporatebondsandCDS.InnovationisattheheartofwhatwedoatMarketAxess,andthebestisyettocome.
GRCforHighPerformers
GRCFootprintacrossMarketAxess
SOX/Audit
• InternalAudit• OperationalAudits• Financial&SOXAudits• ITComplianceAudits
ISM
• Routeforreview,updates,andapproval
• LinktoRisks,controls,Audit,pastissues,regulationsetc.
• LinkactionplanstoIssues• Robustreporting
VRM
• SupplierInformation,On-boarding
• SupplierRisks• SupplierPerformance
OperationalRiskManagement
• EnterpriseRisk• OperationsRisk• Risk-ControlAssessments• Heatmaps,KRI
Tableau
• AnalysisofGRCdata• RobustReporting• IntegratedGRCdataatone
place
IT-GRC(NotImplementedyet)
• Incident management• ITAuditManagement• Threat&Vulnerability
Management• ITRiskManagement
GRCforHighPerformers
GRCFrameworkandProgramComponents“genericpicture”- Tobe“rightsized”toMarketAxess
ComprehensiveRisk,ControlsandComplianceCoverage
Busine
ssStrategy
KeyBusinessRisk
StrategicRisk
Operations
Financial
Compliance
RiskandControlActivities
AssessRisk
ImproveEffectivenessofControls
MonitorControls O
peratio
nsand
BusinessU
nits
Man
agem
entA
ssuran
ceFun
ctions
Inde
pend
entA
ssuran
ceFun
ctions
Oversight
LineofDefense
GRCSolutionComponents
Accounting & Finance
Record to report
Human Resources
IT
Payroll
LegalDevelopment
Infrastructure
Internal Audit
Other Risk Functions
External Audit
Executive Management
Board
Audit Committee
Risk Committee
FirstLineofDefense
SecondLineofDefense
ThirdLineofDefense
Oversight
ContinuousControlMonitoringComplianceManagementRisk/AuditManagement
DashboardReportsKPI/KRI
GRCforHighPerformers
GRCProgramChallenges
People
•GettingExecutiveSponsorsinplaceforeachsolution.
•BuildingStrongStakeholderRelationships(Audit,Legal,Finance,ITSecurity).
•GovernanceModelfortheGRCprogram.
•Dedicateresourceformanagingtheplatformandadministrationforallthebusinessareas.
Process
•AgreementonRiskdefinitiontoallowstreamliningofGRCreportinginthefuture.
•Replacingmultiplesysteminuseofbusinessfunctions.
• CommittedSubjectmatterexpertstoviewtheendgoal.
Technology
•Buildingasustainableteamforamulti-yearinitiativetoimplementtheGRCtool.
•Gettingaccesstoexpertsattherighttimeintheprocess.
• SecurityControlsinplacetoin-housetheconfidentialdata.
• Customizationofchartsandgraphsforgreaterimpact.
GRCforHighPerformers
GRCProgramRoadmapandRolloutRoadmap:
• ImportanceofPreparing“Roadmap”fordeployment• FoundationalActivities:Libraries– EnterpriseRiskThemes• DependenciesbetweenInitiatives
ImplementationRolloutStrategyandTactics:• LifeAfterUAT:BuildEnthusiasmandApplicationUserAdoption• OrganizationChangeManagement• Communications• ContinuousImprovement
GRCforHighPerformers
FY15 FY16 FY17
PMO – GRC Program Governance, Management and Communications of Progress, Organizational Change
GRC Program Plan
GRC Initiatives: Workstreams
Infolet Integrations: Data feedsGRC Intelligence Content Feeds
PROGRAM
PROCESS
&
TECHNOLOGY
MetricStream Platform and GRC FoundationRisk and Control Framework, Risk Reporting, Analytics and Governance
GRC Organization Hierarchy. Asset Integration
InternalAudit
IT-GRC
ISM
SOX
VRM
GRCProgramRoadmapandRollout– MarketAxess
FastTrack
Tableau
Metrics
GRCforHighPerformers
DecidingwhentoImplement- CapabilityMaturityModelforGRCSoftware ToolImplementation
INITIAL OPTIMIZEDMANAGEDDEFINEDREPEATABLEDefinegoalswithsuccesscriteria;Initialstagecommunicationistypicallyhappeninglessfrequently.
StartingelementsforaGRCtool;communicationmayexistthroughspreadsheets/email.
Atthisstage,aGRCtoolmakessense,andiswelldefinedasbusinessprocessescontinuetomature.
Typically,thisorganizationisalreadyleveragingGRCtools.
Toolsareperformingatahighlevelofefficiency.
Beginning to adopt Likely adopted
GRCforHighPerformers
GRCJourney- KeyBenefitsq MAKEBETTERDECISIONS,LOWERRISKS:Manageitsmosturgentbusinessrisksacrossthesilosof
finance,legal,compliance,operationsandIT/Security
v KeyBenefit:ReduceRiskbygainingvisibilityandcontext
q IMPROVE PERFORMANCE AND GAIN EFFICIENCIES: Collaborate, through a federated governance model,with other major programs in place or being implementing – bringing all the key stakeholders togetherthrough a common risk and control framework
v Key Benefit: Gain efficiencies and lower costs by streamlining processes and leveraginga consistent risk and control framework, collaboration and overall methodology
q OPTIMIZEREPORTINGandGOVERNANCE:Reporttherightinformationtotherightpeople,attherighttime
v KeyBenefit:ClearunderstandingoftheinformationandanalyticsrequiredfortheBoard,Regulators,Leadership,ExternalandInternalstakeholders
GRCforHighPerformers
KeyLearningsandBestPractices
• TobuildoutasuccessfulGRCprogram,therightpeople,processes,andtechnologyneedtobealignedtogether.
• GetthebusinessinvolvedquicklytoidentifywheretheyneedtotakeresponsibilityandaccountabilitywithintheGRCprogram
• Trainingoftheenduserisimportanttobetterunderstandtheobjectiveoftheprogram
• Togainthebusinessvalueoftheprogramsooner,Implementinphasedapproach
• Enhancereportingcapabilitiesformanagement
• Streamlinetheworkflowprocesstosimplifythesolution
• Definenewrolestoallowbetterreportingandcontinuetoadjustnewreportingneeds
• Changesshouldbemadetoadoptchangingriskwithinthecompany
GRCforHighPerformers ©GRCSummit2017|AllRightsReserved
Q&A
ThankYou!
©GRCSummit2017|AllRightsReservedGRCforHighPerformers
Continuetheconversationonline#GRCSummit