Q. 1 Some of my users only need access to risk events, or reporting- is it possible to give users access to only the functionality they need?
Yes, as ERIC is module based, we can provide ‘seats’ to users based on the modules and functionality required. For example, you may want to give those users in your Risk and Compliance team access to all modules and functionality, however you may choose to provide some of the users in your business and other functions access to only risk events, audit points and reporting. 1RS will provide you the most cost effective options to support your needs.
Q. 2 My firm has its own secure network, is it possible to host the database within our local network instead?
Yes, although 1RS hosts ERIC in a fully secure and audited cloud network, you have the option to host ERIC in your firm’s local network if you prefer.
Q. 3 How do you manage secure management of the risk and compliance data in ERIC?
User access to the data and functionality is defined by role. All users of ERIC are allocated to the appropriate role at time of set up (which can be amended by the admin function in your firm at any time), e.g. Process owner role, risk owner role, control owner role, control tester, 1st LoD, 2LoD etc. Users can only access the relevant data and functionality for the role they perform.
Q. 4 How easy is it to migrate existing risk and compliance data onto the ERIC database?
Very easy. You can simply upload your existing data from excel CSV file (1RS provide the file format). Couldn’t be simpler. 1RS provide full support during data migration to ensure you get the data into ERIC as quickly and efficiently as possible.
Q. 5 Our existing risk and compliance data needs improvement, how can we get quality data to get the most from the ERIC database?
1RS can provide standard risk and control libraries, with high quality risk and control descriptions for all your business and supporting processes. This will assist you in:
- Identifying your risks
- Identifying the appropriate mitigating controls
- Establishing control testing and monitoring plans
- Focusing resource on the firms key risks and control gaps
- Ensuring quality MI and reporting
Please contact 1RS to find out more about our risk and control libraries.
Q. 6 How can I train my employees to use ERIC database? How quickly we will be able to use all functionaility?
We designed ERIC with the end user in mind and believe ERIC is the most intuitive and user friendly system available. In addition, 1RS provide full expert support to your firm and users both during implementation and an ongoing email and telephone helpdesk. We provide tutorial videos for users to view functionality and troubleshoot.
Q. 7 How can I get the most out of the reporting to assist in my day to day role?
The bespoke reporting dashboards for all users can be configured to show whatever combination of the risk and compliance data you need to see- whether it is the control tests that are due to be performed in the next month, overdue action plans, new risk events that have been input, or all high rated risks, you can configure your dashboard to view what you need on a day to day, week to week, or month to month basis to support your role.
Q. 8 Our firm already has a risk and control assessment methodology in place, do we need to change this?
No, eRIC can be configured to support your firms existing risk and control assessment methodology. So whether you assses impact and likelihood on a 3X3, 4X4, or 5X5 methodology, eRIC will reflect this. If you do not currently have a risk and control assessment methodology, 1RS will provide guidance on the most appropriate methodology for your firm.
Q. 9 Does eRIC have inbuilt workflow functionality for specific actions?
Yes, ERIC has flexible workflow functionality and auto notifications built into the system, where required. Workflow and notifications include:
- Submitting and approving risk events
- Process and control owner certifications
- Control test failure/deficiencies linked to controls
- Overdue audit points
- Overdue action plans
Q.10 Can I use ERIC to perform my regulatory rule gap analysis?
Yes, our regulatory compliance module provides you with the perfect functionality to perform the gap analysis. Simply select the rules (which we have pre-populated in the master list section) that are in scope for your firm, link to your risks and mitigating controls, and any relevant control tests, deficiencies, risk events or audit points within the database and you will be able to obtain the end to end view of your compliance against the rule.
Q. 11 What reporting does ERIC provide?
At the time of implementation, we will set up standard reports of your risk and control data based on our discussions with your firm as to what you would like to see- whether this is heatmaps, risk registers, action plan reporting etc. The reporting can be ‘drag/dropped’ directly into your templates for your risk committees. Additionally, you can create your own bespoke reporting based on any of the data fields in the system, all of which can be downloaded into excel for easy configuration into graphs, pivot tables, charts etc.