Create-Comply - Competitive advantage through control

Create-Comply Limited provides innovative GRC technology which provides an automated environment to enable organizations to effectively meet and exceed Regulators’ and Boards’ expectations for organizational systems and controls.

1. An Introduction to Create-Comply

We provide our clients across the Globe with innovative solutions and the highest levels of industry expertise.

For information in respect of Create-Comply, visit www.create-comply.com.

Alternatively contact:
Create-Comply Limited
31 Southampton Row
London, WC1B 5HJ
E: info@create-comply.com
T: +44 (0)800 783 67 91

2. Create-Comply GRC Technology

Create-Comply GRC technology is an architectural framework that enables all control functions to define, maintain and monitor risks and policies effectively, across the entire organization rather than in silos, which engages with the Businesses operational units, and which enables Board of Directors to see a consolidated view of risk and compliance across the organization.

Key features of Create-Comply GRC include:
• An Entity Reference File to capture and control all information and documentation in respect of Customers, Products and Service Providers
• A Policy Management module with obligations library and adaptable suite of controls and monitoring activities
• Incident Management module including templates for capture and resolution of all business incidents (good and bad)
• An industry standard Risk & Control framework
• An Audit and Risk Assessment framework
• A Document Management module
• Dynamic Dashboard reporting#

An overview of each of these modules is set-out below.

3. Why Invest in GRC

Companies adopt GRC technologies for the following reasons:
• Reactive – to deal tactically or strategically with high priority business issues
• Passive – to ensure regulatory compliance
• Defensive – to prevent regulatory censure
• Active – to deliver competitive advantage through control

Create-Comply GRC supports all of the above.

GRC also enables organizations to respond effectively and efficiently to the challenges of globalization. Board of Directors need to manage complex Regulations in multiple jurisdictions. GRC technology enables them to ensure that all the local Regulations and Policies are captured and managed whilst also ensuring that group best practice is adopted in each locality, with consistent processes and business controls being observed. The ability to see consistent and consolidated reporting across all entities is also key.

Create-Comply GRC: To fight complexity and maximize transparency!

4. Create-Comply Strategic Differentiators

Our strategic differentiators include:
• A single integrated platform – not multiple vendor applications
• Genuinely multi-modular meaning that customers can select which modules they want and which to prioritize
• Extensive content provision
• Available either as an implemented solution or on a hosted (SAAS) basis
• Highly intuitive for end-users
• Low cost-of-ownership
• Extensive integrated reporting capabilities

Create-Comply GRC is sophisticated workflow management technology which features comprehensive security and entitlement functionality and full version control and revision management together with extensive audit trail functionality.

Create-Comply GRC features import and export capabilities as well as a comprehensive API which facilitates full integration with your existing systems.

5. Provision of GRC Content

One of the strategic differentiators of Create-Comply GRC is the extent of expert content that can be made available within the application, or separately.

The availability of content offers clients reduced implementation timeframes, reduced costs and the opportunity of winning early business user buy-in for the GRC application.

The range of content we offer includes:
• Anti-Money Laundering
• BASEL II
• Business Recovery Planning
• Corporate Real Estate
• Corporate Governance
• Counterparty Risk
• Data Protection
• Executive Remuneration Risk
• Fraud
• Health, Safety & Fire
• Information Risk
• I.T. Security
• KYC / AML
• Market Risk
• Operational Risk
• Outsourcing Risk
• Physical Security
• SAS 70
• SOX
• Treating Customers Fairly

6. Create-Comply Consultancy & Training Services

Our Consultancy services include:
• Supporting the development of your GRC Strategy
• Business Process Re-engineering
• Change Management
• Business Analysts
• M.I. Development

We provide extensive training on Risk and Risk Management, including on the following topics:
• Market Risk
• Operational Risk Management
• Outsourcing Risk Management
• Counterparty Risk Management

7. Overview of Create-Comply GRC Application

Document Management
CREATE-COMPLY GRC incorporates best-of-breed document management functionality.

Create, Edit, Review, Approve, Distribute, and Archive your Documents. Automate and control the review, approval, distribution and management of the documents and policy changes throughout your organization.

The Document Management module also comprises audit trail, version tracking and electronic signature. Point-in-Time reporting allows users to view the policies and procedures that were in place at the time an adverse incident occurred.

All of your business policies and documents can be centrally stored and with permissions to manage or view those documents being managed at a business unit or departmental level. Documents can include, for example:

Key business processes and controls can be automated. For example, automate the distribution of policy amendments and the confirmation from business users that they have familiarized themselves with the policy changes. Or automate and control the process for periodic review, updating and filing of documents.

Incident Management
CREATE-COMPLY GRC provides a single point of capture for all incident data across your organization as well as providing extensive incident reporting capabilities. It can replace the numerous incident spreadsheets and databases currently utilized and introduces efficiencies by automating production of all related reporting.

It is a robust, scalable application which includes full audit trail as well as user and role-based access rights and permissions.

Templates are configured to capture the specific information relevant to different incident types and standard workflows are also created to automate the resolution process for each incident type. This can include workflows for incident capture, validation, investigation, escalation, review and resolution, as well as identification and performance of corrective action.

Browser-based, the system can be deployed so that multiple parties in different
locations can be involved in a corroborative manner in the incident resolution process and the handling of incidents can be delegated to subject matter experts at any place within the organization.

CREATE-COMPLY GRC enables users to view incidents by type, date, cause, location, financial impact and other user-defined criteria. Crystal Report is deeply-integrated, thereby providing extensive graphical and detailed reporting to support client, management and regulatory needs. A range of incident reporting is provided as standard.

Risk and Control
Create-Comply GRC provides an industry standard risk management framework. All risks can be captured at a business process level, including operational, legal/regulatory, reputational and financial risk. The controls in place to mitigate those risks can then be assigned against the relevant risks.

Risk and control assessments can then be scheduled and performed within the application. The role-based access rights and permissions structure within the application, means that performance of risk and control assessments can be completely decentralized with self-assessments being performed by individual business units, the results then flowing up to the Risk department.

Risk calculation follows a standard Impact vs. Likelihood approach with both Inherent Risk and Residual Risk (risk after application of mitigating controls) being calculated.

Where the results of risk and controls assessment are not satisfactory, remediation tasks can be created, prioritized and assigned.

Dashboard Reporting
Dashboard reporting provides up-to-date, at a glance, understanding of key risks within the business. Heat–maps allow the impact of risks to be viewed from different perspectives within an organization. For example, reports can be viewed at an operational business unit level, departmental level or group level.

The Create-Comply GRC application demonstrates to Senior Managers and to Regulators that business risks are identified, understood and controlled. Equally, it can improve the understanding within business units of key business risks and how effective business processes and controls can successfully contribute to the reduction of risk.

Policy Management
Create-Comply GRC Policy Management module enables capture of all business obligations as well as the capture of the associated business controls.

Combined with the automated control assessment framework, the module provides assurance that all responsibilities and obligations are properly understood and discharged and enables the demonstration of the same to Managers, Regulators, Auditors and other stakeholders.

The Policy Management module centralizes the capture of all relevant law, regulation, guidance and internal policy. Ownership of obligations can be decentralized to a local business unit level where the obligations may best be interpreted and acted upon.

Create-Comply have partnered with leading research and legal-publishing companies to be able to provide suites of Policy content, including Primary legislation, relevant to different industry sectors.

The Controls that are in place within the organization can also be captured within the application, where they can be matched against the obligations to which they relate. The comprehensive control assessment framework can then automate the scheduling of control assessments and manage the assignment of responsibility for performing these assessments.

The Create-Comply GRC Policy Management module supports the development of consistent business processes across multiple jurisdictions and provides a framework for establishing and accelerating the rollout of best practices on a departmental, company-wide or business-process basis.

Audit & Assessment
Create-Comply GRC features a comprehensive audit and assessment module. This enables the creation, planning, scheduling and performance of audits and assessments, including management of all related resourcing, checklists, documentation and reporting.

The Audit & Assessment Module is integrated with the Risk & Control module meaning that audit scheduling can be based on risk assessment of the related business processes.
Assessment checklists can easily be created and completed within the application and actions can be automatically generated based on responses provided to assessments.

There is full evidencing and audit trail for the completion of all work programs, including notes and document uploads.

The application can be used by Compliance, Risk and Audit departments to manage periodic audits programs. Equally, it can be deployed within Operational business units to replace and to evidence completion of the many operational business processes that are performed on daily, weekly, monthly or annual basis.

The benefits of the Audit & Assessment Module include:
• Streamlined company-wide audit management
• Replace manual work-papers and other multiple checklists
• Centrally manage all related resources
• Ensure assessments are undertaken in a considered, accurate, consistent and fully documented manner
• Ensure actions are fully tracked to resolution
• Automate generation of audit work programs and audit reports
• Real-time reporting on status of audit/assessment planning and findings.

Entity Reference File

Create-Comply GRC features the Entity Reference File.

The Entity Reference File is a centralized repository for all relevant information about customers, products, service providers etc. It replaces a multitude of spreadsheets currently maintained within your organization and can be integrated with your other business systems.

The Entity Reference File is fully integrated with the other modules within the Create-Comply GRC application. Incidents and obligations can be viewed and reported on against the relevant Entities. All relevant documentation can be easily captured and maintained. Assessments can be scheduled and performed against individual Entities and Entities can be risk-assessed and reviews scheduled and resources allocated accordingly.

Dynamic Dashboard Reporting
Dynamic Dashboards ensure that information is delivered directly to the individuals that need it, when they need it and in clear, intuitive and visually engaging formats that make it easy to interpret and rapidly act upon.

Raw data is synthesized to create up-to-the-minute graphs and charts, presented in ways that best suit your specific business processes and metrics and which supports quick action by decision makers when a KPI moves out of a predefined range.

Dynamic Dashboards make finding the right information easy and intuitive. One click drill-down retrieves and displays the underlying charts and detailed data for in-depth analysis.

Create-Comply Dynamic Dashboards are available as an integral component of the Create-Comply GRC application. Equally, they can be integrated with virtually all your business systems to provide consistent dashboard reporting, and all with a single sign-on.

Create-Comply Dynamic Dashboards are compatible with virtually any database, including Microsoft SQL Server, Oracle, Paradox, Microsoft Access, Microsoft Excel, XML (and any OLEDB or ODBC compliance data source).