Version 6.0
1INTRODUCTION
1.1 Eight Facts of Business Life
1.2 CGC Methodology
1.3 Installation
1.4 Initial Parameters
1.5 Custom Parameters
1.6 Registration
2MAIN MENU
2.1 Dashboard
2.1.1 Controls Working
2.1.2 Overall KRI Status
2.1.3 Control Gap Environment
2.1.4 Remedial Action
2.1.5 Events Status
2.1.6 Compliance Tests
2.8 Dashboard Configuration
3ADMINISTRATION
3.1 Export and Import
3.1.1 Export Entity
3.1.2 Import Entity
3.1.3 Export (Excel)
3.1.4 Export KRI Data (Excel)
3.1.5 Import Events
3.1.6 Entity Backup
3.1.7 Transfer Risks & Controls
3.2 User Management
3.2.1 Groups
3.2.2 Roles
3.2.2.1 Roles – Print
3.2.2.2 Role – Access Rights to Background Processes
3.2.3 User Listing
3.2.3.1 User Permissions
3.3 System Administration
3.3.1 Archive Tests
3.3.2 Archive KRIs
3.4 Security
3.4.1 Unauthorized Login Attempts
3.4.2 Password History
3.4.3 Inactive User
3.4.4 Permission
3.4.5 Audit Log
3.4.6 Entity Log
3.4.7 Password Configuration
3.4.8 Reset Password
3.5 User Settings
3.5.1 Change Language
3.5.2 Change Password
3.6 System Settings
3.6.1 Parameters
Default Financial Impact Levels
3.6.2 Automatic Entity Backup
3.6.3 Register
3.7 Service
3.7.1 Service Status
3.7.2 Service Errors
3.8 Active Directory
4REFERENCES
4.1 General References
4.1.1Asset
4.1.1.1 Asset Hierarchy
4.1.1.2 Appetite Level
4.1.2 Organisation Level
4.1.3 Organisation Hierarchy
4.1.4 Entity Hierarchy
4.1.5 Strategy
4.1.6 Process/Subprocess
4.1.7 Responsible Officer
4.1.8 Currency
4.1.9 Group of Entities
4.1.10 Basel Risk Listing
4.1.11 Risk Category
4.1.11 Control Category
4.1.13 Email Alert
4.1.13.1 Entity Notifications
4.1.13.2 Email Alerts (Consolidated Email Alerts)
4.1.13.3 System Notifications
4.1.13.4 Email Server Settings
4.1.13.5 Departments
4.1.13.6 Deadlines Alert
4.1.13.1 Setting a New KRI
4.1.13.2 KRI value
4.1.13.3 Risk Information
4.1.13.4 Unit Information
4.1.13.5 Process/Sub-process
4.1.15 Dashboard Configuration
4.1.16 COSO
4.2 Event references
4.2.1 GL Account
4.4.2. Employee
4.2.3 Investigation
4.2.4 Discovered & Reported by
4.2.5 Event Category
5 Entity Risk Profiling
5.1 Entity Listing
5.1.1 Adding New Entity
5.1.2 Entity Screen Tabs
5.1.3 Filter
5.1.4 Quick Search
5.1.5 Edit View
5.2 RISK DOCUMENTATION (Capturing Risk Data)
5.2.1 Risk Listing
5.2.2 Adding a New Risk
5.2.3 Risk Screen Tabs
5.2.3.1 KRI
5.2.3.2 Related Controls
5.2.3.3 Diary
5.2.3.4 Linked Diary
5.2.3.5 Substantive Test(s)
5.2.3.6 Related Regulations
5.2.3.7 Working Papers
5.2.3.8 Process/Sub-process
5.2.3.9 Related Events
5.2.3.10 Filter
5.2.3.11 Weakness View
5.2.3.12 Re Number
5.2.3.13 Reports
5.2.3.14 Export
5.2.3.15 Print
5.2.3.16 Edit View
5.3 CONTROL DOCUMENTATION (Controls):
5.3.1 Control Listing
5.3.2 Adding a new Control
5.3.3 Control Screen Tabs
5.3.3.1 Compliance Test
5.3.3.1.2 Email Reminder
5.3.3.2 Audit Tests
5.3.3.3 Diary
5.3.3.4 Rel. Risks
5.3.3.5 Related Regulations
5.3.3.6 Related Activity
5.3.3.7 Working Papers
5.3.3.8 Filtering
5.3.3.9 Re Number
5.3.3.10 Reports
5.3.3.11 Test Schedule
5.4 RISK & CONTROL EVALUATION
5.4.1 Risk Matrix
5.4.2 Internal Audit View
5.4.3 Control Impact Scoring
6 Diary
6.1 Diary Reports
6.2 Diary Listing Filter
7EVENTS
7.1 Event Tracking
7.2 Actual events vs “near misses”
7.3 What is an event?
7.4 What happens if an event is to be recorded but the risk isn’t currently in the system?
7.5 Event Listing
7.6 Adding a New Event
7.7 Event Screen Tabs
7.7.1 Related Controls
7.7.2 Actual Recovery and Potential Recovery
7.7.3 Employee
7.7.4 Diary
7.7.5 Working Papers
7.7.6 History
7.7.7 Basel Risk Category
7.7.8 Related Regulations
7.7.9 Process/ Sub Process
7.8 Filter
7.9 Event Reports – Entity Level
6.10 Event Charts
6.11 Event Reports - Corporate Level
6.12 Loss Prediction Module
6.12.1 Background
6.12.2 Module
6.13 Events Dashboard
6.13.1 Number of Events by Business Line
6.13.2 Value of Events by Business Line
6.13.3 Events Status
6.13.4 Number of Recoveries
6.13.5 Value of Recoveries
6.13.6 Events Caused By (Numbers)shows the Number of events distributed in accordance with the ”cause of events” categories.
6.13.7 Events Caused By (Values)
6.13.8 Event History - Number of Events
6.13.9 Event History - Value of Events
6.13.10 Event History - Losses By Business Line
6.14 Notification/Warning message
Topic 177
8REPORTS AT THE ENTITY LEVEL
8.1 Risk Reports
8.1.1 Ranked Listing (SA)
8.1.2 Risk Report
8.1.3 Risk Weakness Report
8.1.4 Risk Impact Report
8.1.5 Process/Sub-Process Risks Report
8.1.6 Remedial Action
8.1.7 Significant Impact/Probability Index
8.1.8 Substantive Tests
8.1.9 Impact on Objective
8.1.10 Impact on Objective with Related Controls
8.1.11 Entity Risks/Basel Category
8.1.12 Risk and Related Remedial Actions
8.1.13 SA & IA Control Env. Report
8.1.14 Risk Substantive Result Report
8.1.15 Financial Risks
8.1.16 Risk Listing with KRI Status
8.1.17 KRI History
8.1.18 KRIs with related risks
8.1.19 Process /Subprocess Risks and Controls
8.1.20 Appetite of Non-Financial Risks
8.2 Controls Reports
8.2.1 Control Listing
8.2.2 Control Report
8.2.3 Control/Related Risk Report
8.2.4 Control Impact Report
8.2.5 SA Compliance Tests Report
8.2.6 Audit Tests Report
8.2.7 Test Schedule
8.2.8 Compliance Test Form
8.2.9 Assessing (Other Entity) Controls
8.2.10 SA and IA Compliance Test Results
8.2.11 History of IA Tests and Findings
8.2.12 Control Internal Audit Test Result & Findings
8.2.13 Redundant Controls
8.2.14 Control Status by Category
8.2.15 Entity Control/COSO ICF
8.3 Diary Reports
8.3.1 Diary Listing report
8.3.2 Diary Detail
8.3.3 Recommendations and Related Risks
8.4 Entity Reports
8.4.1 Entity Status Report
8.4.2 Workshop Summary Report
8.4.3 Workshop Summary Report (Word)
8.4.4 Workshop Summary Report - Compliance
8.4.5 Entity History Report
8.4.6 Entity Gap Report
8.5 Charts
8.5.1 Risk Profile
8.5.2 Appetite for Risk
8.5.3 Gap by Asset
8.5.4 Entity History
8.5.5 Impact/Probability Chart
9RISK EXPLORER
9.1 Risk Data
9.1.1 Filter
9.2 Control Data
9.2.1 Filter
9.3 Event Data
9.3.1 Filter
9.4 Diary Data
9.4.1 Filter
9.5 Email Alert Data
9.5.1 Filter
9.6 KRI
9.6.1 Filter
9.7 Process Explorer
10NOTIFICATIONS
10.1 Control Gap Environment
10.2 KRI
10.3 Compliance Tests Due
10.4 Remedial Action Outstanding for more than a month
11COMPLIANCE TESTS SCREEN
11.1 Tests Due
11.2 Tests Overdue
11.3 Tests Upcoming
11.4 Tests Last Conducted
11.5 Need approval
12.COMPLIANCE MONITORING MODULE
12.1 Regulations Dashboard
12.1.1 Activity Status
12.1.2 Risk Status
12.1.3 Mandated Controls – Test Results
12.1.4 Mandated Controls – Compliance Activities
12.1.5 Controls Mitigating Compliance Risks – Test Results
12.1.6 Controls Mitigating Compliance Risks – Compliance Activities
12.2 Regulations Register
12.2.1 Levels
12.2.2 Hierarchy
12.1.3 Adding Mandated Controls
12.2.4 Adding Compliance Risks
12.2.5 Assigning Compliance Risks to Entities
12.2.6 Regulatory Revisions
12.2.6.1 Step (1) - New Revision:
12.2.6.3 Step (3) - Add New Regulation:
12.2.6.4 Step (4) - Verify Amendments:
12.2.7 Regulatory Circulars
12.2.8 Replies to Confirmation Requests
12.3 Library
12.3.1 Risk store
12.3.2 Control Store
12.4 Entity listing
12.4.1 Entity Screen
12.4.2 Compliance Risk assessment and Risk related screens
12.4.3 Control Listing and Control related screens
12.4.4 Compliance Risk and control evaluation - Matrix Screen
12.4.5 Diary
12.4.6 Event
12.4.7 Compliance Monitoring Activities
12.4.7.1 Activity Screen Tabs
12.4.7.2 Filter
12.4.7.3 Re Number
12.4.7.4 Re-Assign User Activities
12.5 Compliance Activities
12.5.1 Due
12.5.2 Overdue
12.5.3 Upcoming
12.5.4 Last Conducted Tests
12.6 Compliance Risk Explorer
12.6.1 Compliance Risk Data
12.6.2 Compliance Control Data
12.6.3 Event Data
12.6.4 Diary Data
12.6.5 Email Alert Data
12.7 Compliance Reports at the Organizational Level
12.7.1 Compliance Monitoring Activities and Related Controls
12.7.2 Identified Exceptions
12.7.3 Summary of Regulatory Risks
12.7.4 Summary of Regulations and Related Controls
12.7.5 Process/Sub process Compliance Risks and Mandated Controls
12.7.6 Process/Sub-Process Mandated control
12.7.7 Compliance Risks Monitoring – Bilingual
12.7.8 Compliance Risk Monitoring Summary Report
12.7.9 Mandated Controls not Linked to Regulations
12.7.10 Regulations Revision History
12.8 Reports at the Entity Level
12.8.1 Compliance Monitoring Activities and Related Controls
12.8.2 Identified Exceptions
12.8.3 Summary of Regulatory Risks
12.8.4 Regulations and Related Risks
12.8.5 Summary of Regulation and Related Controls
12.8.6 Regulations and Related Controls
12.8.7 Regulatory Compliance Recommendations
12.8.8 Risk and Related Regulations
12.8.9 Control and Related Regulations
12.8.10 Compliance Activities Tests
12.8.11 Process/Sub-Process Compliance Risks and Mandated Controls
12.8.12 Process/Sub-Process Mandated controls
13CORPORATE GOVERNANCE
13.1 Corporate Risk Business Unit
13.2 Corporate Governance Module
13.4 Corporate Entities
13.3 Rating
13.5 Corporate Processes
13.6 Reports
13.6.1 Distribution Report
13.6.2 Corporate Risk Report
13.6.3 Residual Risk Chart
13.6.4 Entity Status Report
13.6.5 Summary of Related Risk and linked Controls
13.6.6 Process /Sub Process Risks and Controls
13.7 Corporate Governance Dashboard
13.7.1 Overall KRI Status
13.7.2 KRIs Status
13.7.3 Risk Environment
13.7.4 Control Environment
14INTERNAL AUDIT
16.1 Internal Audit Dashboard
16.2 Planning
16.2.3 Risk Evaluation
16.3 Scheduling
16.4 Execution
16.5 Reports Relating to IA module