BWise

Audit Software Watch Day Brussels

October 15th, 2014

Marcel Starink, Vice President

2

Nasdaq

guiding principles

2

INTEGRITY Build and maintain trust among the investing public through proper market regulation and ethical market operation.

TRANSPARENCY Provide open market information to traders, investors and regulators alike.

EFFECTIVENESS Maximize market efficiency through technology and innovation.

PASSION Dedicate ourselves tirelessly to our company,

customers, and our partners.

INNOVATION Support capital formation to fund the world’s growth and prosperity.

4

BWISE

INTEGRATED GRC

4

5

Control

+ ROI

Integrated GRC + BWise Software

Architecture

BWise solutions and functionality

Features & Functions, demos, proof of concepts

Boardroom

Silo Managers

Audit

IT

Legal

Ris

k

C

om

plia

nce

Susta

inabili

ty

5

Integrated GRC awareness The Enterprise

6

The 4 levels in Risk Management

7

Common Risk Language

8

Frameworks drive Reporting

9

GRC Journey evolution

9

Level o

f au

tom

atio

n

Au

tom

ate

d

Man

ual

Tim

elin

e: m

ed

ium

-term

(1 –

3 y

ea

rs)

Balanced Risk & Performance Management

Continuous Monitoring and Audit Analytics

Integrated GRC

Silo-Based Automation (GRC Tools)

Manual Processes

Confidential information – Copyright 2012 BWise

10

Gerard Parker

Risk Management (RM)

Michael Bauer

Internal Control (IC)

Jackie McLaren

Compliance &

Policy Mngt (CPM)

Damian Thomson

IT GRC

Kim Lee

Sustainability

Performance

Management (SPM)

BWise® GRC Platform

Ann Green

Internal Audit (IA)

10

11

BWISE

THE BUSINESS CASE

11

12

the Risk landscape

Heathrow Terminal 5: BA apologises for chaos

Travel chaos at Heathrow Airport's new Terminal 5 worsened

today as the chief executive of British Airways admitted

the disruptions will continue until at least tomorrow.

PARIS — Société Générale, one of

the largest banks in Europe, was

thrown into turmoil Thursday after

it disclosed that a rogue employee

executed a series of “elaborate,

fictitious transactions” that cost the

bank more than $7 billion, the

biggest loss ever recorded by a

single trader.

Toxic baby milk shocks China Published: Thursday, 18-Sep

In China's latest food scare 6,000

babies have been poisoned and three

babies have died from drinking baby

milk tainted by the industrial chemical

melamine.

Melamine is a chemical used in plastics

and officials say they suspect it was

added to milk and then sold to

companies that produced infant

formula to possibly give the milk the

appearance of being higher in protein.

JPMorgan Scandal Puts Spotlight

on Operational Risks

Dangers involving people, processes and

systems are now a greater danger to big banks

than credit risk, according to Comptroller Thomas

Curry. The statement may be one of many

knockoff effects of JPMorgan Chase's recent

trading loss.

13

Non-Compliance Financial Consequences

• Siemens: $800M for FCPA violation

• $15.33M BNP Paribas security services for internal fraud by an employee

• $277K fines for 3 US movie theatres for violating US Child Labor regulations

• Examples: http://www.sec.gov/news/press.shtml

• http://www.fsa.gov.uk/pages/about/media/facts/fines/index.shtml.

14

C-Level: Held Personally Responsible

15

C-Level: Why GRC is Top-of-Mind (Forrester)

1. Cost reduction

2. Loss prevention from operations and prevention of fines

3. Easier compliance

4. Balance business performance and risk

• But also….

– Organizational reputation

– Personal reputation

– Personal fines

Tired of balancing?

Risk Management in

Control with BWise

16

Benefits of integrated GRC tools

1. Integrated view on all corporate risks, including risk of non-compliance

2. Efficient assessments in the business, asking questions once and

reusing answers (one version of the truth)

3. Single risk and control framework and risk language throughout the

company and integrated GRC reporting available to everyone

4. Implementation of one platform, not many point solutions, saving costs

5. Saving on external auditing

Companies spend 5% or more of revenue on compliance, saving costs

quickly goes into the millions…

17

BWISE

INTERNAL AUDIT

17

Maintain Audit Universe

Workpaper Management

Audit Reporting

Findings & Issue Tracking

Yearly Audit Plan

Detailed Audit Planning

Audit Analytics

Audit Preparation

The Audit Cycle

19

Audit Dashboard

20

Evolving IIA standards

• “The CAE must establish risk-based plans to determine

the priorities of the internal audit activity, consistent with

the organization's goals”

• “Reporting must also include significant risk exposures

and control issues”

• “The internal activity must assist the organization by

identifying and evaluating significant exposures to risk

and contributing to the improvement of risk management

and control systems”

21

Risk based audit

• Leveraging ERM risk register

• Risk based audit planning

– Based on risk assessment

– Data analysis: risk & control data

– Audit cycles

• Risk based audit scoping

– Based on risk assessment

– Data analysis

• Making use of other GRC domains in the integrated

platform

22

The Future of Audit

22

Data Analytics

Traditional

Auditor

Traditional

Audit Analytics

Continuous

Monitoring

Audit Analytics

23

THANK YOU

23

Audit Software Watch Day

October 15th, 2014

Marcel Starink - Vice President

marcel.starink@bwise.com