Scenarium

 

New audit standards for enterprise risk management

As of 2021 updated auditing standards IDW PS 340 n.F. in Germany which require listed companies to increase their internal risk management capabilities in terms of:

 

  • Early detection of risks (DE: “Risikofrüherkennung”) and active management of risks
  • Countermeasures to be defined that remediate substantial risks to the resilience of the company
  • Risk aggregation and interdependencies to be considered since not only single events but the combination of various risks might pose a risk to the resilience; this also includes consolidation of risks across various legal entities, subsidiaries etc.
  • “Net risks” (DE: “Nettorisiken”) to be considered; defined as gross risk after countermeasures whereas risks have to be probability-weighted

 

 

What does it practically mean?

  • Hereby the “system” of risk identification and management will be audited, i.e. the quality and effectiveness of concept, implementation, application and documentation of the three above
  • It is not being audited however, whether the countermeasures are effective, relevant or useful
  • Without an adequate risk management framework in place as defined above, an auditor might not be able to confirm the going concern hypothesis
  • This means, is it important to have a conceptually sound, well implemented and regularly applied system and processes in place that identify and analyse risks in a structured manner

Our solution: Scenarium – Risk quantification

  • Scenarium provides risk modelling and quantification features encapsulating complexities into a user friendly and highly adaptable process, and producing the required risk metrics: detection and correct evaluation of risks, risk aggregation in consideration to dependencies, use of risk capacity measurement, impact of existing and new countermeasures on the gross and net risk profiles
  • Thereby monetary-value-based risk metrics are generated that can be translated into actionable measures for management
  • There is an end-to-end governance integrated (audit trail, user control, etc.) with state-of-the-art track record quantification software for 100% compliance with the IDW PS 340 n.F. requirements
  • Scenarium provides multiple features to efficiently engage your organization and to perform the risk detection and generation of corresponding metrics with minimum additional workload for your organization

Our solution provides the following features and modules in a user-friendly, intuitive, and audit-proof integrated tool:

Step/Module 1: Structured risk detection and evaluation

  • Workflow engine with invitation sending, reminders, answer review, chatting facility and other features for engaging the organization
  • Across the following risk categoriesz/span>

― Business Risk
― Brand/Reputation Risk
― IT/Cyber Risk
― Operational Risk
― Conduct/Compliance Risk
― Can integrate the outputs of other risk engines such as Market VaR
― Other categories can be added, as needed

 

Step/Module 2: Input quality assurance and efficiency

  • Rigorous risk assessments for robust Monte Carlos simulation</
  • Cognitive bias mitigation
  • Interdependencies modelling (Correlations)
  • Insurance policy optimization and NPV of mitigation actions
  • Efficiency tools to expediate results without the need of significant additional efforts: automatic reports, workflow, notifications
  • Scientific validation of all risk metrics
  • Governance: exhaustive audit trial, roles and activities segregation, quality controls, validations and approvals, and highest IT security standards

 

Step/Module 3: Aggregation and Monte Carlo

  • De-central data across the Group is being automatically aggregated based on pre-defined rules that consider intra-Group relationships
  • Modelling risk assessments using AI techniques or allowing user a detailed selection of assumptions
  • The Monte Carlo methodology maximises the quality/credibility of the analysis to determine statistically sound results
  • Produces metrics to comply with IDW PS 340 n.F. requirements:

― Risk bearing capacity and monitoring given risk profile, based on different thresholds and soft and hard limits and linked to liquidity, solvency and risk appetite

― Diversified risk profile resulting from the aggregation of risks

― Monetary cost of risk and its allocation/consolidation of risks across various legal entities, subsidiaries etc.

― Economic value added and NPV of mitigation plans and risk transfer ― Optimization of insurance policies

― Identification of major sources of value volatility

Step/Module 4: Output metrics and counter measures

  • The software provides a series of market best practice metrics that can be further customised and integrated/ automatically compared to a risk appetite framework
  • Results can be translated into P&L effects and be compared against operational and/or investment costs of mitigating actions
  • Dashboards permitting detailed analysis and deep diving into more granular sources of risk
  • Automatic reports

Credentials

  • Scenarium is being used by the largest international institutions for detection, modelling and countermeasures assessment
  • We have alliances with top GRC vendors for GRC Analytics
  • Top awarded vendor 2016-2021
  • We are thought leaders in the risk industry and have made significant contributions to the advancement of the GRC Analytics industry

¡Let’s set your demo up!

Please fill out this form, fields with * are not optional.