Last years turbulent behaviour has meant increased awareness of risk management and has lead to late breaking developments in new research, techniques, and theories in the field.

Risk Engineering^® offers a dynamic blend of research, software development and strategic consultancy services to help organizations architecting and building effective and long-lasting strategies. Our expertise in different fields, going from process engineering to software development, from internal auditing to risk analysis, allows us to offer our clients customized solutions meeting their expectations. Clients benefit from our in-depth specialist knowledge, our data interpretation skills and our experience.

JPandora^® - Beta release
Tool for the identification, assessment, monitoring and management of operational risks and for the evaluation of the Internal Control System (ICS)

JPandora is a methodological framework and a software generating reports with multidimensional analyses through which it is possible to obtain the degree of attainment of business targets or the exposure to the main operational risk factors or control system deficiencies at various levels: company, profit centre, process, subprocess or single activities.

Technologies used by JPandora’s platform are the latest ones and completely open source, therefore JPandora itself represents a low cost solution, highly  scalable and extensible, and moreover ease to integrate in any intranet environment.

JPandora has been created with the aim at supporting the management in his compliance program and at establishing a solid operational risk management environment through the construction of a complete loss database which allows to find benchmarks for expected losses and set annual budgets.

JPandora is structured into logical steps to assist management in implementing and maintaining the entity compliance process and support risk management analysis. It follows the Enterprise Risk Management principles (*).

JPandora allows to fulfill reporting requirements set out by the Sarbanes-Oxley Act of 2002 (SOX) and in particular to comply with the internal control over financial reporting (SOX Section 404). The risk assessment and the design of control  cover assertions related to all significant accounts and disclosures in the financial statements. They also include the objectives of internal control over process analysis.

Used techniques cover many fields such as controls and risks self assessment check list, neural network programming, statistical models, graphic support.

JPandora's workflow:

1. Analysis of the entity's business model
2. Understanding of the entity's objectives
3. Assessment of internal control environment and risk management procedures
4. Identification of Processes and Subprocesses and their objectives
5. Identification and Assessment of Risk Scenarios (internal and external) using different sources and neural networks technologies
6. Identification of the related financial statement assertions and COSO objectives
7. Performing processes analysis
8. Identification of controls on identified risks
9. Evaluation of effectiveness of the controls using specific audit programs and check list
10. Estimation of operational residual risk (through qualitative and quantitative analysis) and Financial Misstatement risk
11. Creation of an Action Plan
12. Producing multidimensional audit and operational risk reporting

JPandora leads the user through the different steps. In particular, to set the Neural Network engine, JPandora helps the user to choose which variables would be used as input variables (potential risks and controls, derived from self assessment procedure and Key Risk Indicators calculus) and outputs (residual risks, estimated through testing procedures and loss data base analysis), and to either specify or compute the minimum and maximum value for each variable. Input variables are used by the neural network to make the prediction or classification (the independent variables). Output variables (the dependent variables) contain the results the network are expected to learn in order to rank auditable units (processes/subprocesses/activities).

Neural network techniques are completely integrated in the assessment process and permit to support and reinforce qualitative and quantitative evidences collected by the entity's internal control actors and systems.

The main feature that characterizes JPandora is its capability to process different kinds of data (risks and controls) from different sources apparently not correlated, finding out their relationship. JPandora combines the expertise of the most experienced people in the organization, with historical internal loss data, external risk factors and the computer ability to process thousands of variables simultaneously. The result is an effective and efficient way to gain an higher level of assurance on entity's objectives. The organization where JPandora has been used attained a more accurate and fast method to assess its risk and allocate its capital.

The loss database methodology is based on the relationship between cause, event and effect.

A loss event is defined as the outcome of a process weakness or inadequacy, caused by technical, human, organizational or external factors that are going to directly impact the profit and loss account. The event is based on a specific cause and generates an effect (gross loss amount).

A cause is the activity or series of activities that lead up to the occurrence of the loss event.

The actual direct financial losses are classified as the “effect”. It is anticipated that loss information incorporated within the LDB will be capable of reconciliation to the profit and loss account.

The effects are classified in alignment with the Basel II categories.

It is acknowledged that a loss event can have several sources and effects. In the Loss Database it is possible to capture more than one effect per event, the event has to be allocated to a single risk scenario/risk category. In case several causes apply, the user has to decide which is the most important or main cause that generates the loss.

(*) In 1992, the Committee of Sponsoring Organizations of Treadway Commission (COSO) produced a report titled Internal Control—Integrated Framework. The AICPA Auditing Standards Board amended auditing standards to be consistent with the COSO report.

The COSO report defines internal control as a process designed to provide reasonable assurance that objectives are achieved in

1. reliability of financial reporting
2. effectiveness and efficiency of operations, and
3. compliance with applicable laws and regulations

The COSO report identifies five interrelated components of internal control:

1. Control environment
2. Risk assessment
3. Control activities
4. Monitoring, and
5. Information and communication systems.

In 2004, the Committee of Sponsoring Organizations of Treadway Commission (COSO) produced a new document titled The Enterprise Risk Management (ERM)

Enterprise risk management provides a new framework for management to effectively deal with uncertainty and associated risk and opportunity and thereby enhance its capacity to build value.

The fundamental difference between ERM and COSO is it demands that all risk management processes align with strategy-setting and support and organization's mission.

Enterprise Risk Management encompasses:

1. Aligning risk appetite and strategy
2. Enhancing risk response decisions
3. Reducing operational surprises and losses
4. Identifying and managing cross-enterprise risks
5. Seizing opportunities
6. Improving deployment of capital

The components of this new approach are:

1. Internal Environment
2. Objective settings
3. Event identification
4. Risk Assessment
5. Risk Response
6. Control Activities
7. Information and Communication
8. Monitoring

On the concepts of COSO and ERM, compliance processes to satisfy regulations on Internal Controls and procedures to implement Section 404 of the Sarbanes-Oxley Act of 2002 (“SOX 404”) have been developed.

Italian Version

Partnership Program

Contact Us

Technologies:

Latest News

JPandora® - Beta release Evaluate your Internal Control System, reduce operational costs, acquire transparency and develop a culture of compliance throughout your firm.

 With the deadlines for Basel ll rapidly approaching your firm must implement the Advanced Measurement Approach (AMA) by January 2008. JPandora successfully and effectively models and quantifies operational risk according to Basel ll principles.

“Adoption of Basel ll’s AMA methodology will occur as banks in the US begin to realize that AMA goes well beyond Coso’s assessment of a bank’s internal controls. There is value in capturing data, according to Basel’s loss collection categories, structuring the organization to better manage the losses or potential losses in those categories, and benchmarking with other banks all around the world” Tara Heusé Skinner

 JPandora pursues homogenization of data and concepts and identification of causes and effects of a loss event.

“If operational risk managers can identify the root causes of the incidents and make appropriate recommendations for remedial action to management then loss frequency and maybe even severity will be reduced.” Duncan Wilson

 JPandora helps to successfully and effectively implement relevant, actionable and actively monitored key risk indicators (KRIs).

“Despite the fact that KRI initiatives are more common within large institutions, it is actually the small to medium-sized institution that may benefit the most from them. This is because they tend to have less complex organizations (making it easier to identify key processes) but within which a major operational failure could have potentially fatal consequences. The faster the bank can recognize and respond to a potential event the more likely it is to prevent the event from reaching a critical state or, worse, instigating a chain of events from which the bank may not be able to recover” Eric Holmquist

 JPandora puts processes at the heart of its operational risk management framework judging that properly managing processes contributes to best practice operational risk exposure management. Thereby JPandora allows ORMs to work on process benchmarking across different business units.

“Process improvement is an area closely associated with operational risk management. Processes span departments, territories etc. and it is essential for Operational Risk Managers to design a framework that not only includes all departments and territories but also has an end-to-end view of the processes to be analysed.” Duncan Wilson

JPandora successfully and effectively implements the neural network programming.

“The neural network method has already proved itself in industry and especially in aeronautics. A neural network is a massive parallel-distributed processor that has a natural propensity for storing empirical knowledge and making it available for use. Neural networks with statistical learning functions are able to elaborate forecasting models” Alberto Balestra