Escolar Documentos
Profissional Documentos
Cultura Documentos
The Microsoft vision for Risk Management and Compliance culture, environment and infrastructure
Risk Management and Compliance ranks among the top strategic initiatives at most companies. Many companies are reviewing their current and future states of risk and compliance capabilities to better manage their risk exposures and adopt compliance best practices.
The Microsoft approach to simplifying enterprise risk management and compliance is holistic and flexible. It includes best-of-breed partner support and a scalable, cost-effective and integrated platform of software plus services to effectively support risk management and compliance practices. We believe that new efficiency is the way forward as companies seek productive, innovative, and cost-effective ideas to maximise and extend their existing and future investments. Based on industry research, we have compiled a future state checklist as well as emerging trends in this area.
The Microsoft approach building future-state risk and compliance blueprints for the masses
At Microsoft, our vision is to help you build an integrated, efficient and productive risk management and compliance culture, environment and infrastructure with focus on simpler, faster and cost-effective adoption. Microsoft continues to strengthen the focus on people, policies, processes, workflows, data and reporting as the basic building blocks for risk management and compliance initiatives. Risk and compliance in everyday activities Agility and productivity in risk and compliance Efficient last-mile risk management and compliance
Trends in the Risk Management and Compliance world are you prepared for it?
People centric risk management and compliance approach Buy-in and empowerment of risk management and compliance for front line employees across the organisation Productivity and efciency in risk management and compliance for employees Cross company collaboration in risk management and compliance as a key success factor Key role of collaboration in risk management and compliance efforts Managing electronically stored information (ESI) and records for compliance Risk assessment as key element of every business process Emergence of IT compliance as a discipline Risk management and compliance agility as a competitive advantage End user driven data-centric analysis to provide risk and business insight Enhanced risk models and methodologies Manage risk across structured/unstructured business information More strategic and longer term view of risk management and compliance architectural blueprints Embed risk management and compliance in organisational DNA
Ten reasons to choose our capabilities for Risk and Compliance projects
Maximise existing investments and capabilities Familiarity end user ease-of-use and familiarity for reduced cost of training Efciency integrated offerings help in efcient workows and processes Productivity save valuable hours for employees in everyday compliance Last-mile embed last-mile compliance workow at desktop level Everyday activities embed solutions in employees regular daily activities Self-service right information, right time in right format for end users Rich ecosystem of best-of-breed solution providers Total cost of ownership Rapid deployment quick and easy deployment for fast track projects
Our technology game changers and their impact on Risk and Compliance
Advanced visualisation capabilities Risk and compliance analysis will get more visual Business Intelligence (BI) and analytics for the masses Everybody will have access to business insights and analytics Centralised Excel services Centrally host and control business critical spreadsheets High performance computing at desktop High capacity number crunching at ngertips Enterprise content management for the masses Everybody manages business records Spatial technology for images Use of images for risk and compliance Search technology Pattern recognition and discovery Collaborative workspaces Collaboration in risk and compliance
Our principles Microsoft has five principles in our people-centric approach to help companies execute their long-term risk management and compliance vision and blueprints: M aximise existing tools and investments for risk and compliance D rive efciency and productivity in risk management compliance tasks Embed simpler risk and compliance controls in everyday activities Empower risk and compliance culture by focusing on last-mile Automation in current and future state blueprints. Technology changes and impacts on risk management and compliance but with Microsofts new wave of innovative capabilities, we expect to have a positive impact on the current and future state of risk management and compliance blueprints. Buy, build or blend Buy If you prefer to buy, we have a rich ecosystem of industry-oriented, best-of-breed partner solutions. We currently collaborate with more than 100 enterprise-level global and local industry solution providers in the risk and compliance area. These partners provide industry and vertical specific experience, helping simplify the adoption of enterprise risk management and compliance practices. A list of our rich ecosystems is available in our annual risk and compliance partner solutions guide. Build If you prefer to extend or build on your existing framework for risk management and compliance solutions, we can help map your needs to our core technology and capabilities for rapid deployment. For example, Microsoft Office SharePoint Server is an integrated platform with content management, forms and templates, collaboration, BI, and search capabilities. These capabilities lend themselves very well towards rapid deployment of enterprise risk management and compliance frameworks. Blend An alternative approach is to blend elements of the buy and build offerings.
Archive and control panel for email compliance Reputation risk and discovery
Distribution and services Company A UK frozen foods firm Global retail chain in USA Entertainment firm, Brazil Financial services Company Global and US leader in custodian and depository business A top 5 US financial institution Leading US insurance firm Leading US Exchange Global financial group, France Top UK bank Leading financial institution, France A securities and commodities authority, Middle East A leading US financial firm Initiative TARP funds tracking for local governments Enterprise Risk Management/Basel II Centre of Excellence - compliance & document & records management Streamline and speed up exchange audit function Regulatory reporting Risk analytics for structured derivatives Minimise loss of risk data and business continuity Business continuity, virtualisation and cost reduction Analytics Building blocks Windows Vista, Live Meeting, Project 2007, Visio 2007, SQL Server, MOSS 2007 MOSS 2007, Office InfoPath 2007, Office System2007 MOSS 2007 Visual Studio Team System 2008, .NET Framework 3.5 and Office 2007, SQL Server 2005 MOSS 2007, SQL Server 2005 Windows High Performance Computing (HPC) Server 2008 Exchange Server 2007, Cluster Continuous Replication (CCR) Hyper-V, System Center Virtual Machine Manager 2008, Windows Server 2008 Enterprise SQL Server 2008, Reporting Services Analysis Services, SQL Server Integration Services Excel Services, Office Excel 2007 Initiative Information risk management Enterprise monitoring Sarbanes Oxley Building blocks Windows Server 2008 Active Directory Rights Management Services System Center Operations Manager 2007 Dynamics AX
Healthcare Company A top US medical school and practice Leading US based hospital Initiative HIPAA compliance & auditing Compliance with governmental regulations & hazardous incidents monitoring Building blocks SQL Server 2008 Enterprise & SQL Server 2008 Compliance Software Development Kit (SDK) Exchange Server 2007, Office Professional Plus 2007
We believe that new efficiency is the way forward as companies seek productive, innovative, and cost-effective ideas to maximise and extend their existing and future investments
4 Risk Management and Compliance
Manufacturing Company A leading utilities cooperative association Leading utilities services firm in Germany A major worldwide energy - natural gas engineering, procurement, & construction firm Pilot on Chemicals REACH compliance Leading Swiss biotech and life sciences MNC Initiative Credentials Audit Management Germanys Energy Industry Law (EnWG) Technical documentation compliance with document control procedures Chemicals REACH 21 CFR Part 11 document compliance Building blocks Identity Lifecycle Manager 2007 Dynamics CRM Office Basic 2007; Office Excel 2007; Office Word 2007 MOSS 2007 MOSS 2007
adoption by every employee involved. To this end, Microsoft and its rich ecosystem of partners support an integrated enterprise compliance and risk management environment based on organisation-wide end-user familiarity with Microsoft tools and capabilities. This helps organisations to maximise the value of their existing investments and plan their future roadmap. These building blocks from Microsoft fit into an integrated, five-pillar enterprise strategy that incorporates rules, policies, controls, people and business conduct, monitoring and reports, business-process workflows, technology and infrastructure. We also work closely with industry-leading, best-of-breed partners for risk management and compliance to deliver comprehensive solutions for enterprises. Microsoft focuses on five solution areas within risk and compliance: Document and records management Regulatory compliance and controls Risk analytics and reporting Security and privacy Business continuity management.
Integrate with existing line-of-business applications Native compliance Electronic communication storage, retention and retrieval
Capability mapping
Functional need Provide an easy-to-use intuitive operational risk control self assessment tool for the business Report, monitor and compute financial risk exposures Real-time risk exposures for value-at-risk Integrated risk reporting and Basel II economic capital Capability Assessment capabilities, collection of key risk indicators/events, business-friendly forms capabilities, building enterprise-wide repository Consolidated view of the risk management exposures combined with corporate performance management Reduce the computing time of risk analytics and reporting Easy to use risk repository that integrates with existing data warehouses Building blocks SQL Server 2008-based risk repositories, SRS, SARS, Office Excel 2007/2010 and the Excel Services in Office SharePoint Server 2007/2010 PerformancePoint Services 2007/2010 Windows HPC Server 2008, Excel Services in Office SharePoint Server 2007/2010 SQL Server 2005/2008 based Data Warehouses
Firms must continue to maintain a balanced and strategic approach to their security and privacy measures, and take necessary steps to mitigate the various security risks and challenges
Security and privacy
Current regulations such as the Gramm-Leach-Bliley Act and SOX set specific requirements for organisations to ensure the safety and privacy of information as part of an overall technology risk programme. System breaches of personal data and information must be acknowledged publicly, creating public relations problems and potential financial disasters. Global organisations face additional privacy and security requirements from international authorities such as the European Union and the United States. Firms must continue to maintain a balanced and strategic approach to their security and privacy measures, and take necessary steps to mitigate the various security risks and challenges. Microsoft tools and technology can help build the environment needed to maintain data and process integrity and comply with standards for information security and privacy standards.
User Centric Security & Privacy Controls, & Capabilities Data Governance Information Security & Privacy Practices & System
Capability mapping
Functional need User access controls and data integrity Remediate loss of sensitive business records Manage security risk Capability Prevent unauthorised access Encrypt business information techniques Manage security Building blocks Windows Forefront Security Suite, Windows Rights Management Services Windows 7 BitLocker Drive Encryption, a data protection feature in Windows Vista Enterprise/ Windows 7 Enterprise, BitLocker on the Go, trustworthy computing
Microsoft PRMIA Global Enterprise Risk Management Survey 2008 Meeting the E-mail Compliance Challenge with Microsoft Exchange Server 2007 Spreadsheet Compliance in the 2007 Microsoft Office System Compliance Features in the 2007 Microsoft Office System Office Visio SOX Connector FRCP Impact - Study with Osterman Research Inc. The Regulatory Compliance Planning Guide Disaster Planning and Recovery with Office Regulatory Compliance using MOSS Security Compliance Management Toolkit Security Risk Management Guide
For more information, visit the Microsoft compliance web site at www.microsoft.com/grc or the Microsoft Industries web site www.microsoft.com/industry. Please contact your local Microsoft representative or email Sai Sireesh, ssireesh@microsoft.com or Stefan Zimmermann, stefanzi@microsoft.com.
2009 Microsoft Corporation. All rights reserved. Microsoft, Active Directory, Dynamics, Excel, Forefront, Groove, InfoPath, Hyper-V, PerformancePoint, SharePoint, SQL Server, Visual Studio, Visio, Windows, Windows Server are either registered trademarks or trademarks of the Microsoft group of companies. This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY. Readers should take appropriate professional advice before acting on any Risk Management and Compliance issue raised herein.