HOPEX IRM Common Features
About the IRM Manager Desktop
Accessing the IRM Manager Desktop
Profiles used in IRM solutions
IRM Profiles/Solutions Summary
The IRM Documentation
IRM Functional Administration
Reusing Regulation Data
Converting regulation data
Managing Teams
Creating controllers
Creating skill types
Creating skills
Creating skill levels
Viewing user skills
Managing Currencies
Defining Central Currency
Defining local currencies available to users
Specifying your local currency
Managing Exchange Rates
Configuring Time Sheets
Managing Campaign Calendars
Creating schedules
Creating calendar periods
Connecting a calendar to an audit or test plan
Managing Steering Calendars
Administrating Key Indicators
Accessing Indicator Administration Features
Defining Indicator Categories
Defining Indicator Interpretation logics
Defining Indicator Statuses
Creating indicator statuses
Computation of indicator statuses
Indicator status formulas
Defining Aggregation Periods and Methods
Aggregation periods
Aggregation methods
Creating aggregation periods or methods
Defining Key Indicator Value Computation Logics
Creating a computation logic
Computation logic via query
Exporting and Importing IRM Objects
Exporting IRM Objects
Using the export wizard from the main menu
Exporting IRM objects from a list
Importing IRM Objects
Managing your IRM Environment
Organization
Managing Entities
Accessing organization entities
Creating an entity
Creating a sub- entity
Defining entity general characteristics
Specifying responsibilities within an entity
Scoping an entity
Managing Processes
Accessing processes
Process hierarchy
Specifying process characteristics
Specifying process scope
Specifying process responsibilities
Specifying sub-processes
Managing business continuity
Other sections of a process
Managing Business Lines
Accessing Business Lines
Connecting entities and processes to a business line
Defining risks and incidents that impact a business line
Entering gross revenues for incident management
Managing Applications
Accessing applications
Specifying application scope
Financial Environment
Accounts
Characteristics of an account
Connecting controls to an account
Products
Gross Incomes
Strategic Environment
Risk Environment
Describing Risk Environment
Defining the Environment of a Specific Risk
Risk types
Creating a risk type
Analyzing the impacts of a risk type
Risk Factors
Risk consequences
Control Environment
The Compliance Environment
Managing your Regulatory Environment
Using UCF Import
Creating Regulatory Content Manually
Managing Business Policies
Creating business policies
Defining Applicable Regulations and Business Policies
Regulatory content applicability
Reviewing regulatory frameworks after UCF import
Selecting the regulatory content applicable to your organization
Defining the Scope of Regulations and Business Policies
Responsibilities (RACI)
Responsibility levels
Specifying Responsibilities
Managing Key Indicators
Accessing Key Indicators
Defining Key Indicators
Creating a Key Indicator
Specifying the Aggregation Period and Method
Example of a Key Indicator
About Key Indicator Categories
Description of Key Indicator Categories
Relation between Indicator Category and Interpretation Logic
More Key Indicator Characteristics
Editing Key Indicator Parameters
Defining a Measurement Unit to be Displayed in Reports
Activating / Deactivating a Key Indicator
Specifying the Indicator Scope
Specifying Action Plans
Connecting Risks
Consulting the Key Indicator Dashboard
Indicator Status
Default statuses
Information about indicator status computation
Time to Failure
Last Measurement of the Key Indicator
Key Indicator Value
Defining Measurement Frequency and Notifications
Specifying Measurement Frequency
Managing Notifications
Entering Periodic Key Indicator Values
Entering a key indicator value manually
Parameterizing automatic value entering
Viewing the Indicator Graph
Managing Assessment Campaigns
Accessing Assessments by Profiles
Accessing Assessment Templates
Preparing the Assessment Environment
Prerequisites to Risk Assessment
Pre-requisites to Control Assessment
Starting an Assessment Campaign
Creating Assessment Campaigns
Creating an Assessment Session Manually
Completing Questionnaires
Following up assessments progress
Consulting Session Results
Viewing assessment campaign results
Validating Assessment Questionnaires
Asking a respondent to modify answers
Viewing assessment campaign reports
Reassigning questionnaires
Consulting Assessment Results
IRM Reports
IRM Report Availability
Key Indicator Reports
Indicator Comparator
Multi-Gauge chart
Multi-line chart
Action Plan Follow-up Reports
Action Plan Follow-Up
Access path
Result
Gantt report
IRM Solution Workflows
Risk Workflows
Testing Workflows
Test Plan/Audit Plan Workflow
Test Workflow
Test Activity Workflow
Expense Sheet Workflow
Action Plan Workflows
"Bottom-up" Action Plan Workflow
"Top-down" Action Plan Workflow
Action Workflow
Incident Workflow
Campaign Workflow
Assessment Campaign Workflow
Execution (Automatic) Campaign Workflow
The IRM Contributor Desktop
Presentation of the IRM Contributor Desktop
Accessing the IRM Contributor Desktop
Features Available to the IRM Contributor
Home Page
Dashboard
My Tasks
Environment
Risks
Controls
Incidents
Viewing your Environment
Business and organizational processes
Applications
Business lines
Entities
Dashboard and Widgets
Widgets for Action Plans
Widgets specific to IRM
Widgets specific HOPEX Internal Audit
Managing Incidents
Creating incidents
Accessing incidents
Managing Action Plans and Actions
Context for action plan creation
Accessing action plans
Connecting an issue to an action plan
Indicating action plan progress
Managing actions
Managing Recommendations
Accessing recommendations
Implementing recommendations
Viewing recommendation widgets
Managing Questionnaires and Check-lists
Accessing Questionnaires
Answering a Questionnaire
Completing Assessment Check-lists
Creating Risks and Controls
Creating risks
Creating controls
Managing Key Indicators
Accessing Key Indicators
Enter a key indicator value
Submitting an action plan on a key indicator
Performing a BIA (Business Impact Analysis)
Taking Part in Business Continuity Plans
Viewing BCPs tested by ongoing exercises
Viewing BCPs triggered by ongoing crises
Appendix - Computation Rules
Risk Control Level
Context
Computation method
Computation example
Inherent risk
Computation method
Possible values
Residual Risk
Computation method
Possible values
RTO (Recovery Time Objective) Computation
Business Impact Computation
IRM Glossary
HOPEX Internal Control
About Control Management
Internal Control Process
Control register definition
Control Execution
Control Assessment
Issue and Action Plan Management
Control Management Profiles
Managing Controls
Creating Controls
Control Characteristics
General characteristics
Code
Key control
Status
Owner
Control nature
Execution mode
Operational cost
Description
Control Dashboard
Last assessment
Last compliance rate
Open issues
Control level
Responsibilities concerning Controls
Responsibility levels
Specifying control responsible users
Scope of a Control and Associated Risks
Regulatory and Business Policy Enforcement
Action Plans for Controls
Reports Related to Controls
Accessing Controls
Listing Controls
Accessing Orphan Controls
Accessing Controls by Incidents
Contextualizing Controls
Assessing controls
Control Assessment Types
Direct Assessment or by Campaign
Direct assessment
Evaluation By Campaign
Available Assessment Templates
Pre-requisites to Control Assessment
Control Assessment by Entity
Assessment contexts
Prerequisites
Respondent definition logics
Specifying respondents
Control Assessment by Entity and Regulatory Framework
Assessment contexts
Prerequisites
Possible use
Control Direct Assessment
Direct Assessment Context
Assessing a Control
Assessing Multiple Controls Simultaneously
Assessment Control Results
Displaying the Results of Control Assessment
Analyzing Control Assessment Results
Instant reports
Dedicated analysis reports
Assessment Result Computing Mode
Executing Controls
Preparing Control Execution
Defining Questions on Controls
Defining Steering Calendars on Controls
Specifying a control steering calendar
Modifying a steering calendar after campaign creation
Defining the Total Population and Sample Size
Defining Respondents
Connecting Controls to Entity Processes
Continuous Control Assessment Template
Respondents
Check-lists sent
Answer computation
Aggregated results
Creating Execution Campaigns
Defining scope via a tree
Displaying the Execution Campaign Summary
General information (Overview)
Contexts
Respondents
Assessed objects
How an Execution Campaign Works
Control Execution Periodicity
Examples of Session Automatic Launch
Consulting Execution Campaign Schedule
Defining Reminders
Modifying reminders provided as standard
Deactivating reminders
Closing Check-lists
Completing Control Execution Check-Lists
Accessing Execution Check-Lists
Completing a Check-List
Transferring a Check-List
Managing Execution Check-Lists
Accessing Check-Lists
Reassigning Check-Lists
Check-List Results
Control Execution Reports
Detailed Execution Results
Access path
Parameters
Result
Consolidated Execution Results
Access path
Parameters
Result
Following Up Execution Sessions
Access path
Availability
Parameters
Result
Managing Compliance
About Unified Compliance Framework
Main UCF Concepts
Authority Documents
Citations
UCF Controls
Links between UCF concepts
Building a Shared List
Mapping between UCF and HOPEX Concepts
Managing the Regulatory Environment
Using UCF Import
UCF Import Prerequisites
Parameterizing UCF Import
Importing Data from the Common Controls Hub
Defining the Applicable Regulatory Content
Regulatory content relevance
Reviewing regulatory frameworks after UCF import
Selecting relevant content for your organization
Managing the Compliance Register
Concepts Used in the Compliance Register
Accessing the Elements of the Compliance Register
Displaying elements as a list
Displaying control directives in a tree of regulatory frameworks
Displaying business policies in a tree
Viewing Regulatory Frameworks
Accessing regulatory frameworks
Regulatory framework overview & description
Content of a regulatory framework
Viewing Regulation Articles
Accessing regulation articles
Connecting or viewing objects subjected to a regulation article
Enforcement of a regulatory article
Connecting Business Documents
Viewing Control Directives
Accessing control directives
Viewing articles associated to a control directive
Supported and supporting directives
Enforcement level of control directives
Viewing HOPEX controls implementing a control directive
Attaching business documents or external references
IT Regulatory Compliance Reports
Regulatory Compliance by Entity
Access path
Parameters and Launch
Example
Regulatory Framework Implementation
Access path
Parameters
Results
Compliance by Regulatory Framework
Access path
Parameters
Results
Regulatory Compliance Overview
Access path
Parameters
Results
Regulatory Compliance Progress
Access path
Parameters
Report example
Control Testing
Preparing Control Testing
Defining Test Sheet Questions
Defining Testing Methods
Preparing Tests
Creating Test Plans
Planning Tests
Creating a test
Accessing tests
Defining test properties
Viewing a test dashboard
Creating "template" tests
Selecting tests to be executed
Selecting tests to be integrated in the test plan
Planning tests using a Gantt chart
Assigning resources to tests
Sending the Notification Letter
Validating tests
Publishing tests
Preparing Tests
Work program creation prerequisites
Work program content
Creating work programs automatically
Completing the work program manually
Assigning activities
Reviewing the Work Program
Validating work programs
Executing administrative tasks
Executing Tests
Consulting the Work Program
Executing Tests on Samples
Creating workpapers
Specifying or modifying the sample size
Generating the test sample
Defining test sheet questions
Completing the generated test sheets
Assessing test activities
Assessing Controls
Generating questionnaires
Responding to Questionnaires
Managing Time and Expenses
Managing Expenses
Entering Vacations
Completing a Time Sheet
Management of issues and action plans
Managing issues
Managing Action Plans
Supervising Tests
Test check reports
Time Sheet Follow-up Reports
Test expenses reports
Concluding Tests
Test assessment reports
Generating test reports
Assessing tests
Terminating tests
Closing tests
Test Follow-Up
Implementing Action Plans
Accessing action plans
Implementing actions
Action plan implementation follow-up
Action Plan Follow-Up
Test Plan Follow-Up
Displaying test plan follow-up reports
Closing a test plan
Testing Dashboard
Managing Issues and Action Plans
Managing issues
Creating Issues
Scoping an Issue
Remediating Issues
Following-Up Issues
Viewing remediated / non-remediated issues
Generating issue follow-up reports
Managing Action Plans
Accessing action plans
Creating an Action Plan for Testing
Characterizing Action Plans
Action Plan Dashboard
General characteristics
Responsibilities
Financial assertion
Success Factors and Outcome
Scope
Progress history
Milestones
Attachments
Managing Actions
Creating actions
Action Plan Workflows
"Bottom-up" approach
"Top-down" approach
Action workflow
Indicating Action Plan Progress
Action plan follow-up reports
Access path
Result
Reports Related to Controls
Control Environment Report
Access path
Report parameters
Creating a control environment report
Example
Control Register Reports
Control Identification
Access path
Parameters
Results
Example
Control Location Matrix
Access path
Parameters
Example
Control Execution Reports
Detailed Execution Results
Access path
Parameters
Result and example
Consolidated Execution Results
Access path
Parameters
Result
Example
Following Up Execution Sessions
Access path
Availability
Parameters
Result
Control Assessment Reports
Campaign Result Tree
Access path
Parameters
Campaign Result Matrix By Entity
Access path
Parameters
Example
Aggregation Report
Access path
Parameters
Control Assessment Follow-Up Reports
Session Follow-Up
Access path
Parameters
Result
Session Statistics
Access path
Parameters
Result
Report example
Failed Controls
Access path
Parameters
Result
Report example
Control Testing Reports
Testing Coverage
Plan Synthesis
Access path
Result
Example
Other Reports
Test plan follow-up reports
Test follow-up report
Action plan report
Issue-Related Reports
Issue Follow-up Report
Access path
Result
Example
“Issues by Impact” Report
Access path
Result
HOPEX Enterprise Risk Management
Managing Risks
Risk Management Profiles
Creating a Risk
Risk characteristics
General characteristics
Risk Dashboard
Risk Responsibilities (RACI)
Defining the Scope of a Risk
Analyzing Risks
Risk types
Risk factors
Risk consequences
Viewing Audit Recommendations Connected to a Risk
Accessing risks
Accessing All Risks
Accessing Orphan Risks
Accessing Materialized Risks
Risk Workflow
Risk validation steps
Validating or rejecting a risk
Assessing Risks
Risk Assessment Types
Direct Assessment or by Campaign
Available Assessment Templates
Prerequisites to Risk Assessment
“Risk Assessment by Entity and Process” Template
“Risk Assessment by Application” Template
Assessing risks directly
Direct Risk Assessment Templates
Assessed characteristics
Respondents
Questionnaire
Creating a Direct Assessment on a Risk
Assessing Multiple Risks Simultaneously
Viewing and Analyzing Risk Assessment Results
Displaying Risk Assessment Results
Generating Reports on Assessments
Instant reports
Generating dedicated reports
Risk Mitigation and Remediation
Mitigating Risks
Risk Mitigation Strategies
Specifying Risk Appetite
Implementing Controls
Remediating Risks
Risk-Related Reports
Risk Environment Report
Access path
Report parameters
Creating a Risk Environment Report
Risk Type Analysis Breakdown Report
Bow-Tie Analysis
Access path
Example
Incident Identification Reports
Risk identification
Access path
Report parameters
Report example
Aggregation Reports
Net Risk by Risk Type
Access path
Example
Risk Heatmap (Aggregated)
Access path
Report parameters
Content of the heatmap
Heatmap by Environment
Access path
Report parameters
Report example
Assessments per Context
Access path
Report parameters
Example
Overall Risk Level by Process
Access path
Report parameters
Report example
Overall Risk Level by Entity
Access path
Report parameters
Report example
Aggregation Report
Access path
Report parameters
Report example
Risk Follow-Up Reports
Session Statistics
Access path
Parameters
Report example
Result
Risk Management Effectiveness Reports
Risk Context Synthesis
Access path
Parameters
Report content
Risk Reduction
Access path
Report parameters
Report example
Coverage & Risks Matrix
Access path
Matrix content
Trend Analysis
Access path
Report parameters
Report example
Result computation
HOPEX LDC
Collecting Incidents
Connection Profiles to HOPEX LDC
Managing Incidents
Accessing incidents
Creating incidents
Specifying Incident Characteristics
Recording Incident-Linked Amounts
Accessing Incident Financial Analysis
Entering a Loss
Defining scope of a loss
Entering Gains
Recording Recoveries
Recording Provisions
Viewing Computed Amounts Related to the Incident
Gross Loss
Gross actual loss
Recoveries
Net Loss
Net Actual Loss
Accessing the Incident Register
Viewing open incidents
Viewing all incidents
Viewing macro-incidents
Viewing incidents without impacted elements
Analyzing Incidents
Incident Qualitative Analysis
Risks and controls
Incident priority
Incident Impact
Risk factors
Risk consequences
Incident scope
Incident Impact Analysis
Managing Macro-Incidents
Connecting Incidents to Macro-Incidents
Creating a Macro-Incident
Analyzing Macro-Incidents
Incidents connected to the macro-incident
Macro-incident amounts
Losses evolution report
Incident Management Process
Incident Management Process General Description
Incident Management Process Steps
Submitting incidents
Validating incidents
Closing incidents
Reports Related to Incidents
Loss Analysis Reports
Incident and Loss Distribution
Access path
Report parameters
Incident and Loss Evolution by Month
Access path
Report parameters
Results
Incident and Loss Evolution by Risk Type
Access path
Report parameters
Results
Back Testing Reports
Back Testing Matrix
Access path
Report parameters
Back Testing By Risk Type
Access path
Report parameters
Back Testing by Business Line
Access path
Report parameters
Capital Calculation Reports
Loss Distribution Matrix
Access path
Report parameters
BIA Approach
Access path
Report parameters
TSA Approach
Access path
Report parameters
HOPEX IRM Common Features
About the IRM Manager Desktop
Accessing the IRM Manager Desktop
The IRM Documentation
IRM Functional Administration
Reusing Regulation Data
Managing Teams
Managing Currencies
Configuring Time Sheets
Managing Campaign Calendars
Managing Steering Calendars
Administrating Key Indicators
Defining Indicator Categories
Defining Indicator Interpretation logics
Defining Indicator Statuses
Indicator status formulas
Defining Aggregation Periods and Methods
Defining Key Indicator Value Computation Logics
Exporting and Importing IRM Objects
Managing your IRM Environment
Organization
Managing Entities
Managing Processes
Managing Business Lines
Managing Applications
Financial Environment
Strategic Environment
Risk Environment
Control Environment
The Compliance Environment
Managing your Regulatory Environment
Managing Business Policies
Defining Applicable Regulations and Business Policies
Defining the Scope of Regulations and Business Policies
Responsibilities (RACI)
Managing Key Indicators
Accessing Key Indicators
Defining Key Indicators
About Key Indicator Categories
More Key Indicator Characteristics
Consulting the Key Indicator Dashboard
Defining Measurement Frequency and Notifications
Viewing the Indicator Graph
Managing Assessment Campaigns
Accessing Assessments by Profiles
Accessing Assessment Templates
Preparing the Assessment Environment
Starting an Assessment Campaign
Completing Questionnaires
Following up assessments progress
Consulting Assessment Results
IRM Reports
IRM Report Availability
Key Indicator Reports
Indicator Comparator
Multi-Gauge chart
Multi-line chart
Action Plan Follow-up Reports
Action Plan Follow-Up
Gantt report
IRM Solution Workflows
Risk Workflows
Testing Workflows
Action Plan Workflows
Incident Workflow
Campaign Workflow
The IRM Contributor Desktop
Presentation of the IRM Contributor Desktop
Viewing your Environment
Dashboard and Widgets
Managing Incidents
Managing Action Plans and Actions
Managing Recommendations
Managing Questionnaires and Check-lists
Creating Risks and Controls
Managing Key Indicators
Performing a BIA (Business Impact Analysis)
Taking Part in Business Continuity Plans
Appendix - Computation Rules
Risk Control Level
Inherent risk
Residual Risk
RTO (Recovery Time Objective) Computation
Business Impact Computation
IRM Glossary
HOPEX Internal Control
About Control Management
Internal Control Process
Control Management Profiles
Managing Controls
Creating Controls
Control Characteristics
Control Dashboard
Responsibilities concerning Controls
Accessing Controls
Contextualizing Controls
Assessing controls
Control Assessment Types
Pre-requisites to Control Assessment
Control Assessment by Entity
Control Assessment by Entity and Regulatory Framework
Control Direct Assessment
Assessment Control Results
Displaying the Results of Control Assessment
Assessment Result Computing Mode
Executing Controls
Preparing Control Execution
Continuous Control Assessment Template
Creating Execution Campaigns
How an Execution Campaign Works
Completing Control Execution Check-Lists
Managing Execution Check-Lists
Check-List Results
Control Execution Reports
Detailed Execution Results
Consolidated Execution Results
Following Up Execution Sessions
Managing Compliance
About Unified Compliance Framework
Managing the Regulatory Environment
Using UCF Import
Defining the Applicable Regulatory Content
Managing the Compliance Register
Viewing Regulatory Frameworks
Viewing Regulation Articles
Viewing Control Directives
IT Regulatory Compliance Reports
Regulatory Compliance by Entity
Regulatory Framework Implementation
Compliance by Regulatory Framework
Regulatory Compliance Overview
Regulatory Compliance Progress
Control Testing
Preparing Control Testing
Preparing Tests
Creating Test Plans
Planning Tests
Creating a test
Defining test properties
Viewing a test dashboard
Creating "template" tests
Selecting tests to be executed
Selecting tests to be integrated in the test plan
Planning tests using a Gantt chart
Assigning resources to tests
Sending the Notification Letter
Validating tests
Preparing Tests
Assigning activities
Reviewing the Work Program
Validating work programs
Executing administrative tasks
Executing Tests
Consulting the Work Program
Executing Tests on Samples
Assessing Controls
Managing Time and Expenses
Management of issues and action plans
Supervising Tests
Concluding Tests
Test Follow-Up
Implementing Action Plans
Test Plan Follow-Up
Testing Dashboard
Managing Issues and Action Plans
Managing issues
Managing Action Plans
Accessing action plans
Creating an Action Plan for Testing
Characterizing Action Plans
Managing Actions
Action Plan Workflows
Indicating Action Plan Progress
Action plan follow-up reports
Reports Related to Controls
Control Environment Report
Control Register Reports
Control Identification
Control Location Matrix
Control Execution Reports
Detailed Execution Results
Consolidated Execution Results
Following Up Execution Sessions
Control Assessment Reports
Campaign Result Tree
Campaign Result Matrix By Entity
Aggregation Report
Control Assessment Follow-Up Reports
Session Follow-Up
Session Statistics
Failed Controls
Control Testing Reports
Testing Coverage
Plan Synthesis
Other Reports
Issue-Related Reports
HOPEX Enterprise Risk Management
Managing Risks
Risk Management Profiles
Creating a Risk
Risk characteristics
Risk Dashboard
Risk Responsibilities (RACI)
Analyzing Risks
Viewing Audit Recommendations Connected to a Risk
Accessing risks
Risk Workflow
Assessing Risks
Risk Assessment Types
Prerequisites to Risk Assessment
Assessing risks directly
Viewing and Analyzing Risk Assessment Results
Risk Mitigation and Remediation
Mitigating Risks
Remediating Risks
Risk-Related Reports
Risk Environment Report
Risk Type Analysis Breakdown Report
Bow-Tie Analysis
Incident Identification Reports
Risk identification
Aggregation Reports
Net Risk by Risk Type
Risk Heatmap (Aggregated)
Heatmap by Environment
Assessments per Context
Overall Risk Level by Process
Overall Risk Level by Entity
Aggregation Report
Risk Follow-Up Reports
Session Statistics
Risk Management Effectiveness Reports
Risk Context Synthesis
Coverage & Risks Matrix
Trend Analysis
HOPEX LDC
Collecting Incidents
Connection Profiles to HOPEX LDC
Managing Incidents
Specifying Incident Characteristics
Recording Incident-Linked Amounts
Accessing Incident Financial Analysis
Entering a Loss
Defining scope of a loss
Entering Gains
Recording Recoveries
Recording Provisions
Viewing Computed Amounts Related to the Incident
Accessing the Incident Register
Analyzing Incidents
Incident Qualitative Analysis
Incident scope
Incident Impact Analysis
Managing Macro-Incidents
Incident Management Process
Reports Related to Incidents
Loss Analysis Reports
Incident and Loss Distribution
Incident and Loss Evolution by Month
Incident and Loss Evolution by Risk Type
Back Testing Reports
Back Testing Matrix
Back Testing By Risk Type
Back Testing by Business Line
Capital Calculation Reports
Loss Distribution Matrix
BIA Approach
TSA Approach