Enterprise Risk Management - GOVERNANCE RISK & COMPLIANCE CONSULTING

GOVERNANCE RISK & COMPLIANCE CONSULTING

OPTIMIZING RISK FOR GREATER RETURNS

BIFROST360˚ GRC practice since its inception has been providing advisory and implementation services that enable our customers to meet their governance, risk management, and compliance goals. These services are applicable to a wide variety of industry verticals, including banking and Financial Services, Health care and Life sciences, Retail, Manufacturing, Utilities, Media and Entertainment, Hi-tech etc.

CLIENT CHALLENGES

In the era of stringent corporate governance, new regulatory requirements have increased the challenge of compliance. All organization, regardless of size, are struggling to comply with these regulations as well as effectively managing their enterprise risk. The cost and effort to establish, maintain and prove compliance are very high, and could ideally be devoted to enhancing the growth of the business.

 

WHAT BIFROST360˚ GRC CONSULTING PRACTICE PROVIDES

The BIFROST360˚ GRC practice includes both business domain and technology experts that deliver a unique combination that is essential for successful GRC program in an organization. Our experience working with the customers and our deep domain knowledge have allowed us to develop solutions that help companies meet regulatory compliance requirements, automate GRC processes, and fully leverage the capability of the GRC technology solution.

 

The range of compliance advisory and implementation services span across regulations such as Sarbanes-Oxley, HIPAA, FDA, PCI-DSS compliance, Federal Identity compliance, NERC compliance to best practice implementation approach like Information Security (ISO 27001), IT Governance (COBIT), Enterprise Risk Management implementation (COSO) etc. Over a period of time, the BIFROST360  GRC team has developed a mature framework that has been successfully deployed in various GRC engagements.

BIFROST360˚ GRC Advisory and Implementation Framework

The major focus of the BIFROST360 GRC consulting practice is to provide functional consulting that addresses multiple compliance and risk management challenges along with reducing the costs in meeting these requirements. This requirement is met by specialized GRC management software for effective assessment, recovery and optimization. BIFROST360  GRC practice has collaborated partnership with leading tool vendors for their GRC automation platform to be used as technology solution for implementing and managing GRC programs.

 

The Integrated approach through automated GRC platform enables organizations to meet the following objectives:

 

• Governance: Breakdown organizational, functional and process “silos”. Ensuring that sound governance structure is in place so that the right information is available with right people at right time.

• Risk: Integrate risk management with strategic planning and maintain a 360 degree view of organizational risks and effectively allocate resources to address them.

• Ethics and Compliance: Establish practices and a culture to prevent misconduct inspire desired conduct, detect problems and improve outcomes.

• Finance: Reduce cost and optimize how the capital allocation to GRC is done so that it is better aligned to the business.

• Technology: GRC platform is an enterprise compliance management application, for organizations to streamline their policy management, risk management, and compliance initiatives, include internal audit, and control testing, remediation and ongoing compliance lifecycle management. The central management tracks required tasks and costs associated with compliance. Integrations with continuous control monitoring applications, provides visualization of automated detected and preventive controls.

• Audit: Go beyond financial processes and assess the design and operation of controls for GRC and ethics efforts throughout the enterprise.

• Core Processes: Embed sound GRC practice in all lines of business and core processes so that business owners and operators are accountable for GRC success

 

INDUSTRY VERTICAL AND HORIZONTAL CONSULTING SERVICES

VERTICAL SERVICES

• LIFE SCIENCES & HEALTHCARE

  • FDA
  • HIPAA (Privacy & Security)
     

  ENERGY & UTILITIES

  • NERC
  • FERC
  • EH&S
  • Operational Risk Management
     

• BANKING & FINANCE

  • Basel II, 2.5, III
  • Sarbanes Oxley
  • Anti Money Laundering
  • MIFID
  • SEPA
  • Fair Credit Reporting
  • Patriot Act

• RETAIL

  • PCI-DSS

HORIZONTAL SERVICES

• INFORMATION SECURITY COMPLIANCE

  • ISO 27001:2005
  • Federal Identity Management
  • Segregation of Duties (SoD)
  • Role Based Access Control
  • Asset Management & Compliance
     

• GOVERNANCE, RISK MANAGEMENT & AUDITS

  • SOX Business Controls & IT General Controls
  • COBIT Consulting
  • Enterprise Risk Management using COSO framework
  • Operational Risk Management
  • Internal Audit & Reporting
     

• BUSINESS CONTINUITY & DISASTER RECOVERY

  • Business Continuity Management & Compliance
  • DR drills & coordination
  • BCP Audits

BENEFITS

Key benefits of the BIFROST360˚ GRC ‘advisory' & ‘technology' solution include:
 

• BIFROST360˚ delivers out-of-box solutions that allow organizations to implement a best in class enterprise governance, risk & compliance program.

• BIFROST360˚ provides knowledge and experience from working with many customers. The BIFROST360˚ GRC consultants leverage their deep domain and vertical compliance expertise yielding superior competency in specific areas of GRC, as well as, how to best leverage technology to automate GRC processes.

• BIFROST360˚ proprietary IP content includes predefined process libraries, controls and risk registers for specific compliance and risk management requirements. The BIFROST360˚ compliance content significantly increases the customer's ROI on GRC investments.

• BIFROST360˚ compliance best practices provide organizations a world-class GRC compliance program framework. Customers benefit from a well-defined implementation maturity model roadmap; designed in creating a common, scalable compliance platform for every regulatory and policy driven initiative.

• BIFROST360˚ helps embed sound GRC practice into all lines of business and core business processes, enabling business owners and managers the ability to more effectively manage their compliance initiatives.

• Reduced TCO by offering GRC in managed services model.

BIfrost Tech Sdn Bhd - Penang Based ERM Consultancy Company. Contact us at support@bifrostech.com

A Review of Enterprise Risk Management Practices among Malaysian Public Listed Companies

The risk sphere in business is fast changing and expanding. Almost anything has become a risk factor that will have potent, direct, and far reaching impacts on business. This article examines the intensity of enterprise risk management (ERM) practices among the Malaysian public listed companies. The article spouses a ERM framework comprising fourteen important implementation elements and processes. Results of the analysis
indicate that the intensity of ERM implementation among the respondents is in the ‘good’ category of the semantic scale, which is deemed encouraging vis-à-vis the country’s regulatory regime.

In an age of frequent spates of terrorist incident occurrences, fierce global competition, economic shocks and corporate governance challenges, business risks have never been greater. This adverse environment compounded with an increasing number of high-profile corporate governance scandals have resulted in corporations facing huge amount of financial losses globally. In the aftermath of which have even threatened the solvency of the corporations concerned. A case in point is the recent United States financial meltdown in 2008 triggered by the sub-prime mortgage crisis had seen the tumbling of giant institutions like the Fannie Mae, Freddie Mac, Lehman Brothers, Merrill Lynch, and the American Insurance Group.
The consequences of the crisis were far reaching and crossboundary. Although it started out as the “sub-prime crisis” in the United States in 2007, the impacts mushroomed into a fullblown global recession in 2008 and the remnant effects of which could still be felt in 2010. These incidents have highlighted the urgent need for global corporate entities to put in place a strong and effective risk management mechanism
within their business models to ensure minimum loss and business continuity disruption in the event of similar incidents recurring. The aim of this paper is to examine how public listed companies (PLCs) in Malaysia perceive and manage those risks that emerge in their enterprises by examining the intensity of enterprise risk management practices among the PLCs.

Bifrost Tech - www.bifrostech.com - Malaysia GLC ERM Consulting Company