Client Profile

The client is a leading global reinsurer, providing comprehensive solutions and services to assist insurance companies in risk management. Established in 1970, the company is headquartered in Paris and operates from 38 office locations, extending its presence to 160 countries across Africa, the Americas, Europe, and the Asia-Pacific region. Independently evaluated by reputable rating agencies, the client consistently ranks among the top-rated reinsurance companies worldwide, further affirming its industry reputation and reliability.

Project Overview

The client had already been using a GRC solution that was not well maintained. In its current state, enhancing and customizing the old solution to make it suitable for internal users and meet business objectives was nearly impossible. The client was looking for a new solution and was ready to invest since they aimed to build a strong foundation and prevent potential future losses.

Challenges

The critical challenge for the client was user acceptance. They wanted more and more of their internal users to use the new solution. To make this happen, the client was looking for the following:

A highly versatile tool: The client was looking for a highly adaptable tool to accommodate the methodology tied to their internal controls.

A cross-border solution: They needed a global solution for their teams in all of their locations worldwide.

An intuitive system: The client was looking for a user-friendly system to get more acceptance from the business side of their operations.

Solution

With adaptability as their primary criterion for selecting a solution provider, the client chose the OpenPages with Watson platform to fulfill their requirements. This platform equips business users with integrated functionalities, enabling them to document processes and conduct self-assessments of operational risk. The client was also offered lab services to customize and integrate the solution and provided training on the platform for key stakeholders.

Initially implemented within the risk division, the OpenPages with Watson platform proved beneficial and was subsequently adopted by the compliance division. The client’s fully deployed solution includes the following components:

Operational risk: The IBM OpenPages Operational Risk Management module facilitates assessments, manages internal control processes, addresses data quality management requirements, and documents processes.

Compliance: The IBM OpenPages Loss Event Entry module addresses compliance concerns related to loss events.

Policy management: The IBM OpenPages Policy and Compliance Management module manages the entire lifecycle of internal guidelines.

By leveraging the comprehensive capabilities of the OpenPages with Watson platform, the client enhances their operational risk management, compliance practices, and policy management, improving overall efficiency and effectiveness.

Business Outcome

By implementing the OpenPages with Watson solution, the client accomplished its primary objective of promoting wider acceptance and utilization of the GRC (Governance, Risk, and Compliance) solution throughout the enterprise. Internal users have embraced the solution and are now requesting the deployment of additional tools on the platform. Several benefits have been realized by the client, including:

Reduced repetitive tasks: The new solution significantly decreases the effort required from process owners within the company. Through the OpenPages with Watson platform, more detailed and effective self-assessments related to operational risk are created, leading to a notable reduction in the number of repetitive actions performed by business users.

Decreased manual work: The solution eliminates the need for specific manual tasks, such as labor-intensive data crunching during system entries.

Independent reporting: The client can now independently produce reports, enabling them to add new fields and generate reports based on those fields without relying on third-party assistance as they did previously.

Streamlined governance: The OpenPages with Watson platform greatly streamlines and expedites the efforts of the senior management team responsible for corporate governance. Through IBM OpenPages, the client empowers global function owners with a tool that enables risk management to function as a business enabler.

Seamless rollout of risks and controls: The client’s global function can easily define complete global processes, including the minimum set of risks and controls, and effortlessly deploy them to various locations for adoption by local process owners.

With these advantages, the client experiences enhanced operational efficiency, improved risk management capabilities, and greater autonomy in reporting and governance processes throughout the organization.

Client Profile

Based in Detroit, the client stands as a prominent global automobile manufacturer. With expertise in designing, manufacturing, and marketing a comprehensive array of vehicles, ranging from electric cars to heavy trucks, the client caters to the diverse requirements of drivers worldwide. Operating across five continents, the company has a workforce of 180,000 individuals and proudly produces vehicles under eight distinct automotive brands.

Project Overview

The client’s reputation and financial performance can be significantly affected by various risks, including natural disasters, cyberattacks, regulatory changes, supply chain disruptions, and product recalls. To safeguard against or minimize these risks, clients must maintain constant vigilance over potential business threats and continually adapt their Audit, Risk, and Control activities to address emerging challenges.

Being one of the largest global automotive companies, the client dedicates considerable time and resources to identify, mitigate, and monitor risks. They understand the importance of proactively managing risk to protect their reputation and ensure the stability of their bottom line.

Challenges

The client faced challenges in obtaining a comprehensive overview of their risk portfolio because they relied on four separate systems to support their Audit, Risk, and Control activities. Each department operated with distinct workflows and faced different technical obstacles.

Absence of real-time view: The utilization of separate systems posed difficulties in obtaining a real-time view and comprehending the connections between risks, controls, and issues across the organization.

Understanding inter-division risk relationships: Assessing how risks within one business area might impact other divisions was challenging. The fragmented systems hindered a clear understanding of these interdependencies.

Inadequate systems: The SOX team struggled with a highly adapted system that was complex to manage. The Operational Risk Management team required a robust survey function to facilitate regular risk and control assessments. Meanwhile, the Audit team relied on a system approaching its end-of-life stage.

Solution

To enhance risk management throughout its global operations, the client decided to use IBM OpenPages with Watson to consolidate its Audit, Risk, and Control processes and procedures. The OpenPages software was implemented as a shared platform for the Audit, Risk, and Control groups, enabling seamless data sharing. The implementation process involved the client’s IT department taking the lead after an initial planning phase, with IBM providing technical support as required.

Cost-effective implementation: The client’s primary concern was the cost of implementation. Proof-of-concept projects were executed to demonstrate the ease of building the required system with IBM OpenPages. Setting up a basic implementation with minimal customizations proved to be relatively straightforward. This allowed for a gradual introduction of users to the platform, addressing any issues or adding functionality as the project progressed.

Agile-like approach: The implementation of the OpenPages solution followed an agile-like approach. Beginning with near out-of-the-box pilot environments, the client’s groups were able to develop and refine their business requirements and configuration needs based on their understanding of how the system would look, feel, and perform. This approach resulted in better decision-making, reduced rework, and a more efficient implementation timeline.

Shared data platform: The project’s success relied heavily on data sharing. In the past, the Audit, Risk, and Control departments had varying interpretations of the company’s structure and processes. Implementing OpenPages fostered a shared understanding among these departments, making it easier to investigate risks that affected multiple areas.

By bringing all stakeholders together to improve risk management and control assurance across the organization, OpenPages strengthened support and collaboration between departments. The client standardized the process inventory and established a unified view of the company’s organizational structure.

Business Outcome

The client has attained a comprehensive and detailed understanding of potential business risks by leveraging the OpenPages with Watson platform to facilitate Audit, Risk, and Control activities. Using the platform empowers the client to exercise greater control over risks, leading to enhanced risk management capabilities and the avoidance of reputational damage. This newfound visibility spans across the entire enterprise, enabling the company to effectively manage and mitigate risks, ultimately preventing financial losses.

Reduced costs: IBM OpenPages solution reduced licensing and maintenance costs by consolidating four systems into one.

Improved consistency: The solution helped increase consistency by standardizing the process, risk, control, and issue structures and hierarchies.

Speedy analytics: The IBM OpenPages made quick data analysis possible with a single source of truth for Audit, Risk, and Control data.

Client Profile

Founded more than two decades ago in New York, the client is a leading bank and part of a multinational group. It has 2,500+ branches in 15+ countries, with 700+ branches in six cities in the United States of America. It has more than 200 million customer accounts and employs more than 240,000 people all across the globe.

Project Overview

The client was looking for a solution to reimagine the role of A.I. and natural language processing in an auditor’s workflow. They were looking to scale control testing using more extensive data sets than before to uncover hidden trends and insights. The client wanted to identify anomalies within business monitoring and effectively plan and scope audits using new findings.

Challenges

Introducing any innovation is challenging for the client since it has one of the world’s most significant corporate audit departments.

Reservations in switching to a new platform: Because of its size and importance, switching from the current audit platform to a new one required careful consideration and great trust in a technology partner.

All-in-one unified platform: Another challenge was achieving all the requirements within a unified platform that empowered auditors with more excellent detection capabilities, deep data-driven insights, and enhanced stakeholder engagement and collaboration.

AI-enablement: The new audit platform should have advanced A.I. and analytics features, be easy to use, and be the best in the industry to get all the necessary approval to make the switch and gain the confidence of the required stakeholders.

Solution

The solution was implemented in three phases, leveraging a broad range of available IBM Data and A.I. solutions, including IBM Open Pages with Watson and IBM Cloud Pak for Data.

Tools for analyzing control definitions: In the first phase, auditors were empowered with tools to analyze control definitions and scored them based on various parameters.

Training on Watson Discovery: In the second phase, auditors were trained to use Watson Discovery to save time processing thousands of monthly transcripts between agents and customers.

Utilizing IBM Watson Assistant: In the third phase, IBM Watson Assistant was used to help the auditors identify relevant content within hundreds of audit manuals.

Business Outcome

With the help of IBM OpenPages, the client was able to integrate people, processes, and platforms, saving hundreds of thousands of billable hours.

Continuous innovation: The solution enables the client to keep innovating using Watson on their new auditing platform.

Confidence to switch to a new platform: The IBM OpenPages has helped the client to convince relevant stakeholders to switch to the new audit platform by landing various short-burst proofs-of-concept.

A solution beyond audit transformation: It became the solution of choice not only for audit transformation but also for AI-based innovations.

Client Profile

Florida’s inaugural National Cancer Institute- designated Comprehensive Cancer Center, the institution stands among the top 30 elite cancer centers in the U.S. that are part of the National Comprehensive Cancer Network. The research center is a global leader in the fight against cancer. With its integration of world-class researchers and care specialists working collaboratively, the center is uniquely positioned to revolutionize cancer treatment, elevate care, and save more lives.

Project Overview

With a mission to contribute to the prevention and cure of cancer, the center engages in cutting-edge biomedical research and provides comprehensive patient care. It collaborates with a vast network of third-party vendors, including suppliers of biomedical research tools, IT services, HR applications, and other essential services, to support its multifaceted operations. Additionally, the center recognized potential hidden risks from subcontractors or service providers that their third-party vendors rely on, known as fourth parties. [To gain a deeper understanding of the role of Fourth Parties in Third-Party Risk Assessment, download our eBook.] The cancer research center aimed to improve its risk management processes, particularly for third-party and internal IT applications, while considering the added complexity of fourth-party risks. However, the institution faced significant challenges due to the limitations of its two separate legacy systems, which managed vendor and internal IT risks independently. To address these issues, the center implemented IBM OpenPages with the assistance of iTech GRC, an IBM OpenPages certified and premier partner.

Challenges

The research center faced significant challenges in managing the risks associated with its third-party vendors and internal IT applications due to the limitations of its legacy systems.

Challenge 1: Vendor Risk Management

• Manual Processes: The team was manually generating and sending out questionnaires to assess the risk, cybersecurity threat and regulatory compliance implications of hundreds of vendors. These were sent annually and resulted in a time-consuming and labor-intensive cycle.
• Manual Follow-ups: They had to continually follow up with vendors to ensure questionnaires were properly filled out and submitted. This led to a lot of redundant leading back-and-forth communication that introduced delays.
• Risk Profiling: Vendor responses had to be manually entered into the legacy systems. Using the STRIDE and DREAD metrics, they created risk profiles for each vendor:
  1. STRIDE: This threat modeling framework categorizes potential threats into six types: Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege.
  2. DREAD: This risk assessment model evaluates threats based on five criteria: Damage potential, Reproducibility, Exploitability, Affected users, and Discoverability. Vendors were rated on a scale of 1 to 10 based on these metrics.
• Cumbersome Reporting: The team then analyzed the data and generated detailed vendor risk reports manually, which was a time-consuming and error-prone process.

Challenge 2: Internal IT Risk Management

The team performed annual assessments of internal IT applications, evaluating them based on a set of cybersecurity and risk controls. These assessments were conducted both at the individual application level and across the entire enterprise. For each internal application, the team assessed and rated its risk and control measures manually. They then aggregated these evaluations to assess the overall risk and control environment of the enterprise, using approximately 60 different criteria. After completing the assessments, the team manually generated comprehensive reports.

• Difficult Data Management: The legacy system’s inefficient data export functionalities and non-user-friendly interface made data management cumbersome. This hindered the team’s ability to generate and analyze reports effectively, consuming valuable time and resources.
• Lack of Trending Analysis: Using the legacy system, the team could not compare control and risk ratings over time. This lack of trending analysis made it difficult to gain insights into risk management improvements or emerging threats.

Solution

The cancer research center implemented IBM OpenPages, facilitated by iTech GRC, an IBM OpenPages certified partner. This comprehensive solution addressed their challenges by providing an integrated and automated risk management platform.

Streamlined Third Party Risk Management

1. Automated Questionnaire Distribution and Follow-ups: IBM OpenPages automates the process of generating and distributing questionnaires to vendors. Initially, requests are generated within the system, and surveys are sent out automatically. Vendors then submit their responses directly into the system where required validations are enforced and requisite notifications are sent upon successful submission. This process eliminates the need for manual follow-ups, significantly reducing the time and effort involved.
2. Integrated Risk Profiles: Once the responses are collected, IBM OpenPages consolidates the vendor risk profiles, enabling comprehensive and unified reporting. This integration provides a holistic view of vendor risks across the organization, facilitating better decision-making and risk management.
3. Automated Reporting: The collected data is then used to automate the generation of detailed risk reports. This automation saves considerable time and effort, ensuring accurate and timely reporting. Audit reports can be generated for end users, managers, or their compliance committee and each can include as much detail or data richness as required by the audience.

Improved Internal IT Risk Management

1. Snapshot and Trending Analysis: IBM OpenPages offers snapshot capabilities, allowing the center to capture and compare control and risk ratings over time. During annual assessments, snapshots are taken to enable year-over-year trending analysis. This process provides insights into risk management improvements or emerging threats. For example, they can now take snapshots of GDPR control ratings and compare them annually to identify trends.
2. Enhanced Data Management: IBM OpenPages enhances data management and usability with its user-friendly interface and efficient data export functionalities. As assessments are completed, the team can easily generate and analyze reports, freeing up their time for more strategic tasks. This improvement streamlines data handling, making the process more effective and less time-consuming.

Business Outcome

The implementation of IBM OpenPages resulted in significant improvements for the cancer research center:

1. 1. Unified Risk Management: By integrating the functionalities of the two legacy systems into a single platform, the center successfully retired the separate systems. This eliminated data silos, improved operational efficiency and saved money
   2. Improved Workflow Efficiency: Real-time notifications for vendor responses and streamlined workflows automate questionnaire distribution. This reduced the manual workload and improved the accuracy of data entry.
   3. Advanced Analytics: The snapshot and trending analysis capabilities provides valuable insights into risk management over time. The center now tracks changes in risk profiles and makes informed decisions based on historical data.
   4. User-Friendly Interface: The enhanced UI and data export features of IBM OpenPages has improved the overall user experience. This makes it easier for the team to navigate the system and manage data effectively.

Client Profile

The client develops advanced technologies for transporting individuals and goods. They are a trustworthy partner, serving as an international supplier in the automotive industry, manufacturing tires and providing industrial solutions. They focus on delivering sustainable, safe, comfortable, personalized, and cost-effective transportation options. The corporation established a strong presence with sales amounting to €40.5 billion in 2016. The client has a workforce of over 220,000 individuals across 56 countries.

Project Overview

Being one of the foremost suppliers in the automotive industry, the client acknowledges that the journey toward success is fraught with obstacles and challenges. To ensure that their business overcomes these hurdles and reaches its goals, the company aimed to leverage IBM OpenPages to gain better comprehension and control over various risks associated with finance, compliance, product quality, and more. By identifying potential areas of vulnerability across all their global subsidiaries and developing practical strategies to minimize the threats, the client sought to steer clear of any potential business risks.

Challenges

To mitigate business risk, large corporations are confronted with a wide range of challenges, from currency fluctuations to product recalls and natural disasters. To address this, the client is determined to understand risk exposure across its subsidiaries worldwide and implement effective measures to mitigate these threats.

Inconsistency in reporting: The client faced challenges in reporting consistency and coordination. Their subsidiaries offer extensive products, including tires and automotive components designed for various types of vehicles. The complexity of their product range results in specific departments reporting to different business units, leading to reporting consistencies.

Legacy systems: The client previously relied on different legacy systems and processes to evaluate global risk exposure. Each reporting unit assessed its risks and reported them to a central controlling function biannually. During this evaluation, they identified multiple areas for improvement, particularly regarding efficiency and standardization.

Tools consolidation: Additionally, the client aimed to consolidate their existing tools into a unified solution. Building upon this, their ultimate objective was to enhance their risk management culture by implementing a new solution.

Solution

After carefully evaluating solutions from multiple vendors, the client implemented IBM OpenPages Governance, Risk, and Compliance software. To ensure that essential factors are considered, the client established mandatory risks that all departments must consider and include in their assessments. The controllers perform tests to validate the accuracy of the self-assessments, and if they discover any underestimation of risks, they adjust the scores accordingly.

Pre-rollout feedback: Before the full rollout, the client conducted a pilot phase, during which end-user feedback was gathered and incorporated into the final application.

Customization for special reports: The solution was customized as needed, allowing for generating specialized reports. Furthermore, the client was upgraded to the latest software release before going live.

Dedicated hotline: As the project approached completion, the client conducted training sessions for their global user base on the new solution with the support of IBM. Following the go-live phase, a dedicated hotline was established to capture reports about OpenPages through the client’s general IT ticketing system. This proactive approach helped in promptly resolving any issues that arose.

Standardization in reporting: OpenPages provides a comprehensive risk library that assists users in categorizing risks and submitting reports in a standardized manner, with separate sections for quantitative and qualitative risks. The company continues to rely on bottom-up risk assessments as in the past. Initially, consolidation units such as plants and locations create risk assessments within OpenPages, which are reviewed and approved by a local risk officer.

Five layers of organizational approvals: The assessments from the consolidation units are subsequently sent to the relevant business units, which review and approve the inputs provided by the consolidation units while conducting their risk assessments. This process continues up to five layers of the organizational chart, with each layer given two weeks to complete their tasks.

Finally, the assessments are forwarded to the central controlling function, where the data is compiled and verified. Utilizing the integrated IBM Cognos reporting, the business generates a final report on global risk exposure for senior management. Within a year of deployment, the client successfully developed sufficient internal resources to manage the application independently.

Business Outcome

Opting for a comprehensive solution such as OpenPages proved to be instrumental for the client in effectively managing a wide range of risks encompassing operational, financial, compliance, legal, and quality-related aspects.

The adoption of OpenPages has yielded several significant benefits, including:

Lesser risk factors: A reduction of approximately 60 percent in the number of risk factors that teams are required to report on.

Reduction in irrelevant risk factors: Streamlined risk factor filtering, resulting in a 75 percent decrease in irrelevant risk factors and enabling quicker completion of reviews.

Process consolidation: Consolidating six distinct risk management processes and four different systems into a unified platform enhanced overall efficiency in risk management operations.