Understanding the StratexPoint Framework

Monitor compliance. Manage risk. Execute strategy.

Understanding the Stratex FrameworkSeptember 2016

Purpose

Purpose

The purpose of this presentation is to provide a detailed understanding of the Stratex framework and how to maintain it.

Topics covered Concepts behind the framework Content types Global vs Local Creating a new item in the framework Alignment Matrix configuration Cascade Matrix configuration RACI - Accountabilities and Governance Copy & Move


Concepts behind the framework

StratexPoint was designed to support a integrated GRC approach

Performance

Management

Risk Managem

ent

Strategy Managem

ent

Appetite

What are we trying to achieve?

Are we on track?

What is our Risk Appetite?

Are we operating within appetite?

Governance & Communications

Culture

5

The Stratex Framework is based on a conceptually sound data model

Lega

l

Business Objective

s

KPIs Actions Key Risks

KRIs Issues Assessment

Key Controls

KCIs Actions Assessment

Events

Certification

Risk Appetite

Business Entity

Business Drivers

Checklists

Checklists

Checklists Tests

Issues

Actions

IssuesGovernance Commentary Notifications

Build a strategy focused, risk aware culture

Workflows

Benchmarks Dashboards Reporting Templates

Processes Initiatives Systems

Relationships People

Operational & Compliance enablers are aligned to strategy

Assets

Products Audits

RulebookCompliance

Roles

Regulation

Policy Standards

6

The Stratex Framework supports strategic and operational management

Lega

l

Business Objective

s

KPIs Actions Key Risks

KRIs Issues Assessment

Key Controls

KCIs Issues Assessment

Events

Certification

Risk Appetite

Business Entity

Business Drivers

Checklists

Checklists

Checklists Tests

Issues

Actions

ActionsGovernance Commentary Notifications

Build a strategy focused, risk aware culture

Workflows

Benchmarks Dashboards Reporting Templates

Processes Initiatives Systems

Relationships People

Operational & Compliance enablers are aligned to strategy

Assets

Products Audits

RulebookCompliance

Roles

Regulation

Policy Standards

The framework is available under each of the

Operational & Compliance enablers

7

The Stratex Framework supports Item Alignment and Cascade across an organisation

Business Entity

Business Objectives Key Risks Key

Controls

Processes

Initiatives

Systems

Relationships

People & Roles

Assets

Business Entity

Key Risks(Strategic

Level)

Key Risks(Operational

Level)


Level)

Corp

orat

eDi

visi

onDe

part

men

t

Business Entity

Key Risks(Strategic

Level)


Level)


Level)

Business Entity

Key Risks(Strategic

Level)


Level)


Level)

8

Item Alignment enables firms to align and focus operational & compliance activities to strategic value creation

Item Alignment

Many organisations find it challenging to understand and communicate how operational and compliance items support its strategic items (objectives, risks and controls) and add value to the organisation.

Using the Item Alignment Matrix within StratexPoint enables a many-to-many relationship to be defined between the operational and compliance level to the strategic. These relationships can be defined between different content types.

Additionally, via the Item Alignment Matrix the strength of these relationship.

Business Entity

Business Objectives Key Risks Key

Controls

Processes

Initiatives

Systems

Relationships

People & Roles

Assets

9

Item Alignment Usage Scenario

The ‘classic’ usage scenario for the Item Alignment Matrix is to show the relationship between a set of business objectives and a portfolio of projects and processes.

The Item Alignment Matrix can be used to show; Which objectives do not have an initiative(s) or process(s) in place (the assumption

been, if we don’t have an initiative or process in place the objective will not be achieved)

Which initiative(s) or process(s) are in place, consuming resources etc but not contributing to the achievement of an objective (the assumption been, that if you are using resources on a initiative(s) or process(s) which are not aligned to the achievement of an objective(s) then you are wasting resources and should stop doing the initiative(s) or process(s).

The most critical initiative(s) or process(s) from the perspective of achievement of objectives and delivering the business plan. This can be assist in decision-making around resource allocation, particularly when restructuring and/or cost cutting.

10

The Stratex Framework supports Item Alignment and Cascade across an organisationItem Cascade

Many organisations want to be able to manage, monitor and report on a small number of items at a strategic level but want to cascade of these items through the organisation. For example, reporting the ‘top 20’ strategic risks to the board but have a clear cascade of these 20 through the organisation.

Using the Item Cascade Matrix within StratexPoint enables a one-to-many relationship to be defined between the strategic level down to the operational and compliance level. These relationships can be defined between same content types.

Business Entity

Key Risks(Strategic

Level)


Level)


Level)

Corp

orat

eDi

visi

onDe

part

men

t

Business Entity

Key Risks(Strategic

Level)


Level)


Level)

Business Entity

Key Risks(Strategic

Level)


Level)


Level)

11

Item Cascade Usage Scenario

A common usage scenario for the Item Cascade Matrix is to support and validate a ‘Top-down’/Bottom-up’ approach to enterprise risk management.

The ‘Top-down’ part of the equation might be the at the top of the firm (enterprise level) we may have a ‘Top 20 Key Risks’ that are reported to the board. However, to support the assessment of these risks, the firms wants to be able to understand how each of the ‘Top Risks’ relate to ‘Down-up’ risks and risk assessment data.

The Cascade Matrix enables the firms to create a relationship from the ‘Top 20 Key Risk’ to the ‘bottom-up’ risks at the division level, and have these cascaded to the department, team level etc.

This is sometime referred to as the ‘Risk Chain’ or the ‘Golden Thread’.

The StratexPoint solution support Audit Management

Objectives

Key Risks

Key Controls

Risk Appetite

Entity

Business Drivers

Audit Calendar

Tasks

Initial Audit Issues & Actions

Audit Manifest

Generate Audit

Manifest

Audit Points to 1st Line

Manage interaction btw 1st and

3rd line

Audit MIAudit MI

13

RACI Accountabilities & Governance model built in

Go beyond ‘owner’ and leverage our full accountabilities and governance model built into our framework.

Accountable

“The buck stops here”Those with Yes/No authority related to the objective, risk or control.

Responsible(s)

“The doers”Those people working on delivering the objective, managing the risk or applying the control.

Updater(s)

“The data providers”Those people who provide data and actually update manual data.

Inform

“Keep in the picture”

Position(s) that need to know about decision or action related to the objective, risk or control.

Consult

“Keep in the loop”

Those involved prior to decisions or action related to the objective, risk or control.

Approver(s)

“The Approvers”Those people who approve major changes, such as closing initiatives etc.

RACI

Risk Event Responsbile(s)

“The Risk Event doers”Those people working on managing and resolving risk events.

Extended RACI

14

Architectural overview

Ease of user adoption and reporting/dashboards are at the heart of how we designed our solution.

StratexPoint Portal

Stratex Reporting Database

Production Reporting

(Reporting Services)

Production Dashboards

(Power BI)Excel ExportAd hoc analysis

(Stratex Query)

Reporting and Dashboards

Interface, Business logic and workflows etc Business Intelligence data

15

Regulatory Risk Taxonomy A three level taxonomy based

on the standard Basel classification of operational risk (See Appendix A).

Designed to support regulatory reporting and compliance.

Business Risk Taxonomy A multi level taxonomy based

on leading management methodologies, including the Risk-Based Performance Management methodology.

Designed to support strategic and operational decision-making & execution.

The StratexPoint solution is designed to support two risk taxonomy within its ‘Framework’

Regulatory Risk Taxonomy(Supported by the Stratex framework)

Level 1 Classification

(Master within StratexPoint)


(Major within StratexPoint)


(Minor within StratexPoint)

Risk Group

Risk Type

16

1.7 Execution, delivery and process management

1.7.1 Transaction capture, execution and maintenance

1.7.1.3 Non-conformance with Policy or procedure

Key

Operational

Example

Taxonomy

17

Business Risk Taxonomy (Inherent within the Stratex framework)

Strategic Risk

Busin

ess M

odel

Risk

Busin

ess E

xecu

tion

Risk

Busin

ess A

lignm

ent R

isk Operational Risk

Proc

ess R

iskPr

ojec

t (Ch

ange

) Ri

skTe

chno

logy

Risk

Peop

le R

iskVe

ndor

(3rd P

arty

) Ri

skIn

form

atio

n As

sets

Phys

ical A

sset

s

Finan

cial A

sset

s

Compliance Risk

Lega

l Risk

Prod

uct R

iskRe

gula

tory

Risk

Qual

ity R

iskBu

sines

s As

sura

nce

Risk

Conduct Risk

Busin

ess M

odel

Ri

skBu

sines

s Ex

ecut

ion

Risk

Proc

ess R

iskPr

ojec

t Risk

Tech

nolo

gy R

iskPr

oduc

t Risk

Peop

le R

isk

Reputational Risk

Stra

tegi

c Ri

skOp

erat

iona

l Risk

Com

plia

nce

Risk

Cond

uct R

iskPe

ople

Risk

Busin

ess

Assu

ranc

e Ri

sk

Cultu

re &

Acc

ount

abili

ties


Adding/Editing Items within the Framework

About the Stratex Framework (“the framework”)

The Stratex framework (the framework) is the central repository for your organisational structure and GRC framework.

By default, there is a link to the framework under the Quicklinks or Administration on the Left Navigation pane or at this location

<Site url>/Lists/StratexFramework/AllItems.aspx

20

Adding Items to the Stratex framework

Adding Items to the frameworkItems can be added by two methods.

1) Add a new Item from the Ribbon

2) Add a new Item from the ‘Actions’ menu

A – This option enables ‘child’ Items to be addedB – This option enables an Item of the same content type at the same level in the framework to be added.

Add Item Menu is context sensitive

A B

From Actions menu; an example of a Add Item

Menu (under Risks)

From the Ribbon; an example of a New Item

Menu (under Entity)

A. This option enables ‘child’ Items to be added from the ‘Actions’ menu

B. This option enables an Item of the same content type at the same level in

the framework to be added

21

Editing Items to the framework

Editing Items within the framework

Use the Edit icon to open the Edit form (right)

The edit icon can be accessed via the ‘drop-down’ menu


Adding Items to the Stratex framework – Step by step

23

Define an Entity (Organisational Structure)

What is it about?• Enabling the definition of an ‘n–level’

organisational structure.• For each organisational entity, objectives,

initiatives, processes, systems, drivers, risk, controls, indicators and actions can be defined.

• Entities can also be used to define multiple scorecards per entity, CEO Scorecard, Board Scorecard etc.

Steps1.Click the Stratex Framework link on the left

navigation menu.2.Navigate through the Framework to the level

where the new entity is to be added.3.Click the New Item button on the top menu,

select Entity.4.Complete the form with the details required to

define the Entity.5.The RACI model is used to define the

governance and ownership of items in the framework.

• Accountable is the only mandatory field.

24

Defining a Template

What is it about?• Enabling the creation of structures that can

be replicated across the framework and applied to the majority of content types, for example, a IT Risk & Controls framework for each major global entity or a supervisory risk model (used by regulatory customers)

Steps1.Click the Stratex Framework link on the

left navigation menu.2.Templates are only available at the top level

of the framework.3.Click the New Item button on the top

menu, select Template.4.Define the template name and mandatory

fields5.Complete the form with the details required

to define the Template.• The Available for CType field allows you to define

which content type to set the template to and so attach the template to that specific content type in the framework.

25

Defining a Driver

What is it about?• Enabling the definition of an unlimited

number of drivers per entitySteps

1.Click the Stratex Framework link on the left navigation menu.

2.Navigate through the Framework to the level where the new driver(s) is to be added (below an entity).

3.Click the New Item button on the top menu, select Driver.

4.Use the Framework Cascade Control to select a pre-defined ‘Global Driver’ or define a new item.

• The Framework Cascade Control enables Drivers to be cascaded through the organisation, from the Driver's parent or peer.

5.Complete the form with the details required to define the Objective.

• The Key Driver to option allows you to define which driver to use when assessing risks underneath a parent item (e.g. risks related to objectives).

26

Defining an Objective

What is it about?• Enabling the definition of an unlimited number

of drivers per entity• Drivers are the critical success factors that will

determine if the entity is successful or not. • Within StratexPoint we use drivers as part of the

risk assessment process to capture impacts.Steps


2.Navigate through the Framework to the level where the new driver(s) is to be added (below an entity).

3.Click the New Item button on the top menu, select Driver.

4.Use the Framework Cascade Control to select a pre-defined ‘Global Driver’ or define a new item.

• The Framework Cascade Control enables Drivers to be cascaded through the organisation, from the Driver's parent or peer.

5.Complete the form with the details required to define the Objective.

• The Key Driver to option allows you to define which driver to use when assessing risks underneath a parent item (e.g. risks related to objectives).

27

Defining a Process


number of processes per entitySteps


2.Navigate through the Framework to the level where the new process(s) is to be added (below an entity).

3.Click the New Item button on the top menu, select Process.

4.Use the Framework Cascade Control to select a pre-defined ‘Global Process or define a new item.

• The Framework Cascade Control enables Processes to be cascaded through the organisation, from the process’s parent or peer.

5.Complete the form with the details required to define the Process.

28

Defining an Initiative


number of Initiatives per entity

Steps1.Click the Stratex Framework link on

the left navigation menu.2.Navigation through the Framework to

the level where the new initiative (s) is to be added (Below an entity).

3.Click the New Item button on the top menu, select Initiative.

4.Use the Framework Cascade Control to select a pre-defined ‘Global Initiative’ or define a new item.

• The Framework Cascade Control enables Objectives to be cascaded through the organisation, from the initiative’s parent or peer.

5.Complete the form with the details required to define the Initiative.

29

Defining a System


number of systems per entity



the level where the new system(s) is to be added (below an entity).

3.Click the New Item button on the top menu, select System.

4.Use the Framework Cascade Control to select a pre-defined ‘Global System or define a new item.

• The Framework Cascade Control enables Systems to be cascaded through the organisation, from the system’s parent or peer.

5.Complete the form with the details required to define the System.

30

Defining an AnalysisGroup

What is it about?• Enabling the definition of Analysis Groups per

entity, one entity and many analysis groups. Ad-hoc analysis capabilities. Ability to do benchmarking between entities on the fly.


left navigation menu.2.Navigation through the Framework to the

level where the new initiative (s) is to be added (Below an entity).

3.Click the New Item button on the top menu, select AnalysisGroup.

4.Use the Framework Cascade Control to select a pre-defined ‘Global Analysis group’ or define a new item.

• The Framework Cascade Control enables Analysis Groups to be cascaded through the organisation.

5.Complete the form with the details required to define the Analysis Group.

31

Defining an Asset


number of Assets per entity• Assets can be any ‘Assets’ that you wish

to managed with a risks and controls framework. These could included but are not limited to• Physical Assets• Information (Cyber) Assets• Financial Assets• Other tangible and non-tangible assets



level where the new asset (s) is to be added (Below an entity).

3.Click the New Item button on the top menu, select Asset

4.Complete the Asset Add/Edit form.

32

Defining an Audit


number of Audits per entitySteps


2.Navigation through the Framework to the level where the new asset (s) is to be added (Below an entity).

3.Click the New Item button on the top menu, select Asset

4.Complete the Audit Add/Edit form.

33

Define a Audit Issue


number of Audit Issues within the framework


the left navigation menu.2.Navigate through the Framework to

the level where the new Audit Issues (s) is to be added (Below an Audit).

3.Click the New Item button on the top menu, select AuditIssue.

4.Complete the form with the details required to define the AuditIssue.

34

Define a Audit Action


number of Audit Actions within the framework



the level where the new Audit Actions (s) is to be added (Below an Audit).

3.Click the New Item button on the top menu, select AuditActions.

4.Complete the form with the details required to define the AuditActions.

35

Defining a Relationship


number of Relationships per entitySteps


2.Navigate through the Framework to the level where the new Relationship(s) is to be added (Under Entities).

3.Click the New Item button on the top menu, select Relationship.

4.Complete the form with the details required to define the Relationship.

36

Defining a CompliancePlan


number of Compliance Plans per entity



the level where the new Compliance Plan(s) is to be added (Below an entity).

3.Click the New Item button on the top menu, select CompliancePlan.

4.Complete the form with the details required to define the CompliancePlan.

37

Defining a Product


number of Products per entity



the level where the new Product(s) is to be added (Below an entity).

3.Click the New Item button on the top menu, select Product.

4.Complete the form with the details required to define the Product.

38

Defining a Rulebook


number of Rulebook per entity



the level where the new Rulebook(s) is to be added (Below an entity).

3.Click the New Item button on the top menu, select Rulebook.

4.Complete the form with the details required to define the Rulebook.

39

Define an Regulation


number of Regulations per entity



the level where the new Regulation (s) is to be added (Below a Rulebook).

3.Click the New Item button on the top menu, select Regulation .

4.Complete the form with the details required to define the Regulation.

40

Define an Standard


number of Standards per entity



the level where the new Standard(s) is to be added (Below a Rulebook).

3.Click the New Item button on the top menu, select Standard.

4.Complete the form with the details required to define the Standard.

41

Define an Policy


number of Policies per entity



the level where the new Policies(s) is to be added (Below a Rulebook).

3.Click the New Item button on the top menu, select Policy.

4.Complete the form with the details required to define the Policy.

42

Define a Risk


number of risks per objective (or initiative, process and systems)



the level where the new risk(s) is to be added (below an objective, initiative, process or systems).

3.Click the New Item button on the top menu, select Risk.

4.Use the Framework Cascade Control to select a pre-defined ‘Global Risk’ or define a new item.

• The Framework Cascade Control enables Risks to be cascaded through the organisation, from the risk’s parent or peer.

5.Complete the form with the details required to define the Risk.

43

Define a Control


number of controls per risk


the left navigation menu.2.Navigate through the Framework to the

level where the new control(s) is to be added (below an risk).

3.Click the New Item button on the top menu, select Control.

4.Use the Framework Cascade Control to select a pre-defined ‘Global Control’ or define a new item.

• The Framework Cascade Control enables Controls to be cascaded through the organisation, from the control’s parent or peer.

5.Complete the form with the details required to define the Control.

44

Define a Checklist


number of Checklists per entity



the level where the new Checklist(s) is to be added.

3.Click the New Item button on the top menu, select Checklist.

4.Complete the form with the details required to define the Checklist.

5.Save the Checklist.6.Re-open the Checklist to add Checklist

steps to the Checklist.

45

Define a Key Performance Indicators (KPIs)


number of KPIs per Objective (or Initiative, Process, System)



level where the new KPI(s) is to be added.3.Click the New Item button on the top

menu, select KPI.4.Use the Framework Cascade Control to

select a pre-defined ‘Global KPI’ or define a new item.

• The Framework Cascade Control enables KPI’s to be cascaded through the organisation, from the KPI’s parent or peer.

5.Use the threshold calculator to get the correct baseline and thresholds for the KPI’s

6.Complete the form with the details required to define the KPI.

46

Define Key Risk Indicators (KRIs)


number of KRIs per Risk.


left navigation menu.2.Navigate through the Framework to the

level where the new KRI(s) is to be added.3.Click the New button on the top menu,

select KRI.4.Use the Framework Cascade Control to

select a pre-defined ‘Global KRI’ or define a new item.

• The Framework Cascade Control enables KRI’s to be cascaded through the organisation, from the KRI’s parent or peer.

5.Use the threshold calculator to get the correct baseline and thresholds for the KRI’s

6.Complete the form with the details required to define the KRI.

47

Define Key Performance Indicators (KCIs)


number of KCIs per Control



level where the new KCI(s) is to be added.3.Click the New button on the top menu,

select KPI.4.Use the Framework Cascade Control to

select a pre-defined ‘Global KCI’ or define a new item.

• The Framework Cascade Control enables KCI’s to be cascaded through the organisation, from the KCI’s parent or peer.

5.Use the threshold calculator to get the correct baseline and thresholds for the KCI’s

6.Complete the form with the details required to define the KCI.

48

Defining an Issue


number of Issues within the frameworkSteps


2.Navigate through the Framework to the level where the new Issues (s) is to be added (Under all ‘Parent’ items)

3.Click the New Item button on the top menu, select Issue.

4.Complete the form with the details required to define the Issue.

49

Define an Action


number of Actions within the framework



the level where the new action(s) is to be added (below any item, except for indicators, causes and consequences within the framework).

3.Click the New Item button on the top menu, select Action.

4.Complete the form with the details required to define the Action.


Configuring the Alignment and Cascade Matrix

51

Configuring the Alignment Matrix

What is it about?• Defining an Alignment relationship between Items of

DIFFERENT types across the framework.

Use case• A firm may have ‘20 Key Risks’ defined at the

‘Corporate’ level and want to define which operational processes, initiatives and systems are aligned to those Key Risks and support the management of those risks.

Steps1. Select the Entity where the Items to be cascaded

are.2. Select the Item Type (one of the tabs – Objectives,

Risks or Controls). You will see the Items within the Objective structure (strategic) along the top and Items within the Enabler structure (Operational).

3. Select the Item at the top and find the item(s) which you want to cascade to on the left.

4. At the interaction between the Item on the Top and on the Left, select the strength of the relationship (0% to 100%) – The Higher %, the stronger the relationship.

52

Alignment Matrix

53

Configuring the Cascade Matrix

What is it about?• Defining a Cascade relationship between Items of

the SAME type across the framework.

Use case• A firm may have ‘20 Key Risks’ which are reported

to the board however the firms want to see how these 20 Key Risk relate to however level risks across the firm.

Steps1.Select the Entity where the Items to be cascaded

are.2.Select the Item Type (one of the tabs). You will see

the Items within the Objective structure (strategic) along the top and Items within the Enabler structure (Operational).

3.Select the Item at the top and find the item(s) which you want to cascade to on the left.

4.At the interaction between the Item on the Top and on the Left, select the strength of the relationship (0% to 100%) – The Higher %, the stronger the relationship.

<siteurl>/SitePages/cascadematrix.aspx

54

Cascade Matrix


Using the Copy & Move webpart

56

Copy & Move webpart

PurposeEnable the Stratex framework to be developed and maintained quickly.

Items and part of the framework structure can be copied and moved within the framework.

Items can be copied & moved as a single item or ‘with structure’ meaning the selected item and all the items below within the framework structure.

Warning – use this functionality with care as copying or moving a large number of items within the framework can impact on performance of the solution.

Location<siteurl>/Lists/WebPartPages/advancedcopymove.aspx

https://uat.stratexlive.com/tenants/simplebank/Lists/WebPartPages/advancedcopymove.aspx





57

Copy & Move webpart overview

Source Destination

1 2

3 4

58

Copy & Move webpart detail

1

2

3

4

This is the source framework which reflects the current Stratex framework.

Items are copied or moved from the Source framework to the destination.

This is the destination framework where Items are copied or moved to.

When modifying the framework structure the options are;Copied – the selected item in the source framework is copied to the destination.Copied with structure – the selected item and its underlying structure in the source framework is copied to the destination.Move with structure – the selected item and its underlying structure in the source framework is moved to the destination.

This ‘icon’ shows if there are copy or move operations to be processed. If there is an operations to be processed, the icons will be coloured.

When pointing your mouse to this icon, hover text appears to display the number of operations in the queue to be processed.


About Ascendore & StratexPoint

60

About Ascendore

We believe that risk management and compliance must enable strategy execution and value creation, not simply tick

regulatory boxes.

Who we are

We are a technology firm that understands Governance, Risk and Compliance (GRC) and how to embed cultural change and accountabilities.

What we do

We provide the leading SharePoint based Governance, Risk and Compliance (GRC) solution to financial services firms and their regulators.

How we do it

We manage the delivery of our solution as a business change project not as a technical software implementation

Our Values

Ambitious Accountable Aligned Agile

We wrote the book on integrating strategy and risk management

Our conceptually sound framework and change roadmap is based on a proven methodology.

61

Typical problems we solve with our customers

Embedding the right risk and compliance culture

Establishing a single repository of risk and

compliance data

Reducing the time and complexity associated with using spreadsheet-based

risk and compliance registers

Ensuring each of the three lines of defence play the

correct role, and have the tools & data to do so.

Automating risk and compliance activities and

processes, including reporting and dashboards

Demonstrating to regulators (and the board) that risk and compliance

are at the heart of the firm’s decision-making

62

Our solution - StratexPoint

StratexPoint is an Integrated GRC (Governance, Risk & Compliance) software solution built on SharePoint.

Strategy and Risk Appetite are central

Built on the world’s leading collaboration platform

Incorporating a proven Governance model - ‘RACI’

Built around a conceptually sound

data model

Delivering world-class risk reporting, plus enabling the

‘right risk culture’

An Integrated GRC solution

63

Our solutions

We provide Integrated Governance, Risk & Compliance solution(s) built on familiar, office platforms.

Our solutions deliver

High ROI High User Adoption High Levels of assurance that your

business is operating within appetite

StratexPoint

Built on the ubiquitous SharePoint platform

Supports each of the Three Lines of Defence

Comprehensive in nature but modular in deployment

StratexCloud – our Azure cloud platform.

Stratex365* – our Office 365 app

StratexStudio* – our mobile app

* Available end of 2016


Appendix ABasel Operational Risk classification

64

65

Basel Operational Risk Classification

0. Unassigned1.1 Internal Fraud1.2 External Fraud1.3 Employment practices & workplace safety1.4 Clients, products & business practises1.5 Damage to physical assets1.6 Business disruption and systems failure1.7 Execution, delivery and process management

0. Unassigned1.1.1.1 Transactions performed without delegated authority1.1.1.2 Transactions performed beyond delegated authority1.1.1.3 Deliberate misrepresentation, deceit, deception1.1.1.4 Computer crime1.1.2.1 Theft, robbery, misappropriation of assets1.1.2.2 Fraud (other than forgery)1.1.2.3 Destruction of assets1.1.2.4 Forgery1.1.2.5 Bribes / inducements1.2.1.1 Theft, robbery1.2.1.2 Forgery1.2.2.1 Hacking1.2.2.2 Theft of information1.3.1.1 Compensation, benefit, termination issues1.3.1.2 Organised labour activity1.3.1.3 Lack of suitable employees, loss of key personnel, other personnel issues1.3.2.1 Failure to comply with legislative requirements1.3.2.2 Failure to comply with the organisations rules1.3.3.1 Discrimination of all types1.4.1.1 Suitability / disclosure (e.g.KYC)1.4.1.2 Breach of confidentiality (except data protection matters)1.4.2.1 Market manipulation, improper trade / market practices1.4.2.2 Insider trading, unlicensed activity1.4.2.3 Money Laundering1.4.3.1 Product defects1.4.3.2 Model errors

1.4.4.1 Failure to investigate client1.4.4.2 Exceeding client exposure limits1.4.5.1 Disputes over provision of inappropriate advice1.5.1.1 Natural disaster losses1.5.1.2 War, changes in law, political risk1.5.1.3 Terrorism, vandalism1.5.1.4 Theft & Robbery of physical assets1.5.2.1 Inadequate maintenance of physical assets1.6.1.2 Major IT systems failure – other (Hardware, software, telecommunications utilities)1.7.1.1 Miscommunication1.7.1.2 Data entry, maintenance or loading error1.7.1.3 Non-conformance with Policy or procedure1.7.1.4 Non-compliance with statutory / legal obligation1.7.1.5 Non-compliance with regulatory obligation1.7.1.6 Model / system mis-operation, delivery failure1.7.1.7 Accounting error1.7.1.8 Other task mis-performance1.7.1.9 Inappropriate behavior1.7.1.10 Collateral management failure1.7.1.11 Ineffective change management1.7.1.12 Failure to realise project objectives1.7.2.1 Failed regulatory reporting obligation1.7.2.2 Failed statutory reporting obligation1.7.3.1 Customer authorities missing1.7.3.2 Legal documents missing / incomplete1.7.4.1 Unauthorised access given to customer / client accounts1.7.4.2 Incorrect client records1.7.4.3 Negligent loss or damage of client assets1.7.5.1 Non-client counterparty mis-performance1.7.5.2 Non-client counterparty disputes1.7.6.1 Failed / ineffective outsourcing arrangements1.7.6.2 Vendor disputes

Level 1(Master Category within

StratexPoint)Level 2

(Major Category within StratexPoint)Level 3

(Minor Category within StratexPoint)

0. Unassigned1.1.1 Unauthorised Activity1.1.2 Theft & Fraud1.2.1 Theft1.2.2 Systems Security1.3.1 Employee relations1.3.2 Safe Environment1.3.3 Diversity & Discrimination1.4.1 Suitability, disclosure and fiduciary1.4.2 Improper business or market practices1.4.3 Product flaws1.4.4 Selection, sponsorship and exposure1.4.5 Advisory activities1.5.1 Disaster & other events1.5.2 Maintenance of Physical Assets1.6.1 Systems1.7.1 Transaction capture, execution and maintenance1.7.2 Monitoring & Reporting1.7.3 Customer intake & documentation1.7.4 Customer / client account management1.7.5 Trade counterparties1.7.6 Vendor & suppliers


Understanding the Stratex FrameworkSeptember 2016

Understanding the StratexPoint Framework

Business

Transcript of Understanding the StratexPoint Framework