HOPEX GRC Common Features
About the GRC Manager Desktop
Accessing the GRC Desktop
The GRC Documentation
GRC Functional Administration
Reusing Regulation Data
Managing Teams
Managing Currencies
Configuring Time Sheets
Managing Campaign Calendars
Managing Steering Calendars
Administrating Key Indicators
Managing Indicator Categories
Managing Indicator Interpretation logics
Managing Indicator Statuses
Indicator status formulas
Managing Aggregation Periods and Methods
Managing Key Indicator Value Computation Logics
GRC Environment
Organization
Managing Entities
Managing Process Categories and Processes
Managing Business Lines
Managing Applications
Managing Sites
Financial Environment
Strategic Environment
Risk Environment
Control Environment
The Compliance Environment
Managing your Regulatory Environment
Managing Business Policies
Defining Applicable Regulations and Business Policies
Defining the Scope of Regulations and Business Policies
Responsibilities (RACI)
Key Indicators
Accessing Key Indicators
Defining Key Indicators
Key Indicator Categories
Detailing Key Indicators
Key Indicator Overview
Defining Measurement Frequency and Notifications
Viewing the Indicator Graph
Assessment Campaigns
Accessing Assessments by Profiles
Accessing Assessment Templates
Preparing the Assessment Environment
Starting an Assessment Campaign
GRC Reports
GRC Report Availability
Key Indicator Reports
Indicator comparator
Multi-Indicator Gauges
Multi-Indicator Graph
Action Plan Follow-up Reports
Action Plan Follow-Up (Dashboard)
Action Plan Follow-up Report (Dashboard)
GRC Solution Workflows
Risk Workflows
Testing Workflows
Action Plan Workflows
Incident Workflow
Campaign Workflow
The GRC Contributor Desktop
Presentation of the GRC Contributor Desktop
Viewing your Environment
Dashboard and Widgets
Managing Incidents
Managing Action Plans and Actions
Managing Recommendations
Managing Questionnaires and Check-lists
Creating Risks and Controls
Managing Key Indicators
Performing a BIA (Business Impact Analysis)
Taking Part in Business Continuity Plans
Appendix - Computation Rules
Risk Control Level
Inherent risk
Residual Risk
RTO (Recovery Time Objective) Computation
Business Impact Computation
GRC Glossary
HOPEX Internal Control
About Control Management
Internal Control Process
Control Management Profiles
Managing Controls
Creating Controls
Control Characteristics
Control Overview
Responsibilities concerning Controls
Browsing a Control Environment
Accessing Controls
Contextualizing Controls
Assessing Controls
Control Assessment Types
Pre-requisites to Control Assessment
Control Assessment by Entity
Control Assessment by Entity and Regulatory Framework
Control Direct Assessment
Assessment Control Results
Displaying the Results of Control Assessment
Assessment Result Computing Mode
Executing Controls
Preparing Control Execution
Make Control Steps Reusable
Creating Control Steps from an Existing Template
Continuous Control Assessment Template
Creating an Execution Campaign
How an Execution Campaign Works
Completing Control Execution Check-Lists
Managing Execution Check-Lists
Check-List Results
Control Execution Reports
Managing Compliance
About Unified Compliance Framework
Managing the Regulatory Environment
Using UCF Import
Defining the Applicable Regulatory Content
Managing the Compliance Register
Viewing Regulatory Frameworks
Viewing Regulation Articles
Viewing Control Directives
IT Regulatory Compliance Reports
Regulatory Compliance by Entity
Control Directives Implementation by Regulatory Framework
Compliance by Regulatory Framework
Regulatory Compliance Overview
Regulatory Compliance Progress
Control Testing
Preparing Control Testing
Preparing Tests
Creating Test Plans
Planning Tests
Creating a test
Defining test properties
Viewing a test dashboard
Creating "template" tests
Selecting tests to be executed
Selecting tests to be integrated in the test plan
Planning tests using a Gantt chart
Assigning resources to tests
Sending the Notification Letter
Validating tests
Preparing Tests
Assigning activities
Reviewing the Work Program
Validating work programs
Executing administrative tasks
Executing Tests
Consulting the Work Program
Executing Tests on Samples
Assessing Controls
Managing Time and Expenses
Management of issues and action plans
Supervising Tests
Concluding Tests
Test Follow-Up
Implementing Action Plans
Test Plan Follow-Up
Testing Dashboard
Managing Issues and Action Plans
Managing Issues
Managing Action Plans
Accessing Action Plans
Creating an Action Plan for Testing
Characterizing Action Plans
Managing Actions
Action Plan Workflows
Indicating Action Plan Progress
Action Plan Follow-up Report (Dashboard)
Control-Related Reports
Control Environment Report
Control Impacts Report
Control Register Reports
Control Identification (Dashboard)
Control Execution Reports
Consolidated Execution Results
Following Up Execution Sessions
Control Testing Reports
Testing Coverage
Plan Synthesis
Other Reports
Issue-Related Reports
HOPEX Enterprise Risk Management
Managing Risks
Risk Management Profiles
Creating a Risk
Risk characteristics
Risk Overview
Risk Responsibilities (RACI)
Analyzing Risks
Viewing Audit Recommendations Connected to a Risk
Browsing a Risk Environment
Listing Risks
Risk Workflow
Assessing Risks
Risk Assessment Types
Prerequisites to Risk Assessment
Risk Direct Assessment
Direct Risk Assessment Templates
Creating a Direct Assessment on a Risk
Assessing Multiple Risks Simultaneously
Viewing and Analyzing Risk Assessment Results
Risk Mitigation and Remediation
Mitigating Risks
Remediating Risks
Risk-Related Reports
Risk Environment Report
Risk Impacts Report
Risk Type Impact Breakdown
Bow-Tie Analysis
Risk Profile Analysis by Context
Aggregation Reports
Residual Risk by Risk Type
Inherent and Residual Risk Heatmap
Inherent and Residual Risk Heatmap by Context
Risk Assessment by Context
Overall Risk Level by Process
Overall Risk Level by Entity
Aggregation Report
Risk Follow-Up Reports
Action Plan Follow-up Report
Session Statistics Report
Risk Management Effectiveness Reports
Risk and Incident Analysis
Coverage & Risks Matrix
Risk Trend
HOPEX LDC
Collecting Incidents
Connection Profiles to Hopex LDC
Managing Incidents
Specifying Incident Characteristics
Recording Incident-Related Amounts
Accessing Incident Financial Analysis
Entering Losses
Defining the Scope of a Loss
Entering Gains
Entering Recoveries
Entering Provisions
Viewing Incidents Computed Amounts
Filtering Incident-Related Amounts
Analyzing Incidents
Incident Qualitative Analysis
Incident Scope
Incident Impact Analysis
Managing Macro-Incidents
Incident Management Process
Incident-Related Reports
Loss Analysis Reports
Incident and Loss Breakdown
Incident and Loss Evolution by Month
Incident and Loss Evolution by Risk Type
Back Testing Reports
Losses by Risk (Back Testing)
Incident X Risk Level by Risk Type (Back Testing)
Incidents X Risk Level by Business Line (Back Testing)
Capital Calculation Reports
Loss Distribution Matrix
Basic Indicator Approach (BIA)
Standardised Approach (TSA)
HOPEX Cyber Resilience
Introduction to Hopex Cyber Resilience
Building Cyber Resilience
Steps in the Cyber Resilience Process
Managing the ICT Environment
Identifying Critical IT Processes and Resources
Assessing the Cyber Resilience Framework
Planning the Cyber Resilience Initiative
Managing Cyber-Related Incidents
Monitoring Cyber Resilience
ICT Vendors
ICT Risks
Prerequisites to ICT Risk Assessment
Launching an ICT Risk Assessment
Cyber Resilience Reports
ICT Service Providers and Contracts
Gantt of ICT Service Provider Contracts
Vendors' Contracts (MS Word) Report
Incident Monitoring
Incident Impacts
Major Incident Report (MS-Word)
Incident Bow-Tie Analysis
Process Impacts
Process ICT Impacts Overview
Risk Dashboard by Risk Type
Process Criticality and Supporting ICT Assets Table Overview
Vendors Overview by Process
Critical ICT Assets (from Process/Entity)