Case Study | ERMA
ABOUT ERMA
The Enterprise Risk Management Application (ERMA) is a sophisticated platform designed to manage various risk factors across the enterprise, with its primary components being Events and Decisions.
Events, within the context of ERMA, are defined as any occurrences or potential scenarios that might adversely impact Waystone, be it financially, operationally, or from a regulatory or legal standpoint.
These events are meticulously logged by personnel spanning across Waystone’s diverse business units. Upon logging, these events undergo a comprehensive review process by both the Compliance and Risk departments, which contribute their insights for the formulation of appropriate Corrective Actions. Furthermore, these events can be categorized into several types such as pre-emptive (Internal Audit findings), non-events, breaches, or incidents that transpire.
On the other hand, Decisions encapsulate situations where a business unit (BU) necessitates guidance from a pertinent Risk Committee or other control functions. Decisions may pertain to policy and procedure exceptions, establishment of new outsourcing partnerships, data privacy impact assessments, recommendations for existing high-risk clientele, or the introduction of new products, licenses, or business lines requiring a decision from a relevant Risk Committee.
About Waystone
Waystone leads the way in specialist services for the asset management industry.
Partnering with institutional investors, investment funds, and asset managers, Waystone builds, supports, and protects investment structures and strategies worldwide. With over 20 years of experience and a comprehensive range of specialist services to its name, Waystone is serving assets under management in excess of $2Tn.
Waystone provides its clients with the guidance and tools to allow them to focus on managing their investment goals with confidence.
CHALLENGE
As Waystone expanded, the risks the company faced needed to be centrally managed, this made reporting labor-intensive, and data was scattered across various platforms, making it difficult to access and interpret.
A system was needed to provide in-depth insights into the data to create the level of detail required for a control library and audit trail. It had to ensure robust compliance and incident reporting mechanisms across all entities within Waystone.
Waystone selected HST to develop its customized ERM system, to ensure scalability and a simple yet intuitive user interface.
SOLUTION
HST developed a customized software solution (ERMA) to transform Waystone’s previouslytime and labor-intensive risk management processes into a single integrated platform.
ERMA acts as a central hub for various jurisdictions while at the same time segregating data to ensure data security and privacy and simultaneously allowinggroup reporting on them for the region and business unit heads, and the events and decisions logging process can be customized per each jurisdiction’s requirement
Key functionality within ERMA includes risk event or incident reporting and remediation, risk and control self-assessment, risk appetite, key risk indicators, and reporting.
ERMA has various modules:
Events and Decisions
Module
Standardized, detailed, and auditable recording of events occurring and decisions made within Waystone Business Units overseeing each to completion and are required to meet regulatory expectations.
Control Inventory
An inventory of Business Units and Core Functions controls, with a review date (at least annually) and an owner facilitating the tracking of annual reviews. Automated notifications ahead of review dates are sent to the owners.
Risk Dashboard
Provides an overview of the real-time risk impact assessment arising out of events occurring and decisions made within Waystone Business Units is used to guide Risk Register adjustments.
Risk Registers
Inventory of risks identified within eachWaystone Business Unit, whereby the inherent risk rating, mitigants, and residual risk rating for each risk is documented. It also highlights whether the Waystone Business Unitis within risk appetite by comparing the residual risk rating against the risk appetite.
Compliance Dashboard
Compliance ensures that all events that impact regulations or enterprise risk management meet regulatory expectations.
Operational Resilience
The Operations Resilience Module allows Waystone Business Unit and Group to have a full-service catalog that clearly illustrates the dependencies between the regulated service, core functions, outsourcing, GDPR, etc., and all relevant owners. It also houses Crisis Management Protocol for an appropriate response to a severe but plausible incident impacting regulated services.
Reporting Modules
RCSA
This module in ERMA facilitates a self-assessment of controls in place and an attestation as to whether the controls are considered fit for purpose by the Business Units & Core Functions leads. Business Units & Core Functions on a half-yearly basis undertake an assessment in ERMA with definitive deadlines set and results reported to both Business Units and Waystone Group Boards.
Client Risk Assessment
This module contains two risk assessments Jurisdiction and Strategy Risk Assessment.
BURC (Business Unit Risk Committee)
This module contains auditable records of changes made to Risk Registers by Risk Committees quarterly.
Risk Committee Preparation
Facilitates efficient auditable preparation for Risk Committees within Waystone entities.
The Value Add
Identify Emerging Risks And Opportunities
Empowers decision-makers to take quick and confident decisions by linking data from multiple sources into custom dashboards from tools like PowerBI
Comply With Standards And Regulations
Demonstrate compliance to regulators and key stakeholders with a smart and modernized risk management tool.
Seamless digitalization
Without losing anything in translation, Waystone could easily consolidate data from a wide range of digital sources within ERMA.
Organization-wide insights
Central management enjoys holistic views of the entire organization as well as granular views of individual business units.
Improved international collaboration
ERMA has been designed to facilitate linkages between it and other systems to enhance user experience and ease of information gathering on items such as SharePoint and Power BI.
Improved risk controls
Since the right staff members are immediately alerted and kept aware of any issues or outstanding assignments, they can take swift and accurate action – and with an increased understanding of ERMA, they are better placed to identify new risks.
Real-time reports and audits
Using a system or application such as ERMA to house risk assessments will make the decision-making process more efficient and robust as will maintain a full audit trail
Managers can consolidate real-time data from multiple sources and create custom reports for boards, committees, and regulators.
Informing the board
ERMA’s Power BI reporting tool provides Waystone’s Board visibility of dashboards and trackers to stay informed about key actions and themes.
Technology stack:
-
Front End:
.Net Core | Razor | Azure Data factory | Microservices
-
Database:
Azure MS SQL
-
Others:
CSS, jQuery, JavaScript
Contact Us
Tell us about your custom software project.
Let our team
Be your team
Unsure of how to get started? Talk to us. No matter where you are in the process, we can help you. Whether you need us to design and build a prototype, take your project from concept to maturity, or build off the work of another team, we can make your idea a reality. We also step in when it makes more sense to lean on our expertise than to have an in-house team get spread too thin.
Generally, we are able to respond to inquiries within 8 business hours.
Please fill in the form below and we will be in touch.