CA Clarity™ Risk and Controls Management

Manage risk and compliance more efficiently and effectively.

With today’s increased regulatory responsibilities and stringent overlapping regulations (PCI, SOX, HIPAA, Basel II  State Identity Theft, GLBA etc.), your managers need to turn more of their time and attention to enterprise risk management.  Our Risk and Controls Manager (RCM) provides you with a global repository that easily maps both internal policies, procedures and SLAs and external regulatory requirements to existing or new risks and controls.  This solution allows you to improve the continuous monitoring, managing and reporting of risks and controls throughout your enterprise. A simple dashboard replaces the typical unsustainable mix of multiple systems and ad-hoc spreadsheets, charts and documents. 

Global Repository for All Risks and Controls Across the Organization

Due to Sarbanes-Oxley, your organizations may have already documented your business and IT processes and controls as part of your compliance program. Our Risk and Controls Manager leverages your existing program to move you toward a complete Enterprise Risk Management solution. Its global repository provides you with a solid foundation for continuously evolving your program to greater levels of maturity. Dashboard views streamline your decision-making process, as they give you the visibility you need to continuously monitor, manage and report on all risks and controls throughout your enterprise.  

IT Risk Management Chart


Control Optimization

Our Risk and Controls Manager leverages the control and regulatory mappings provided by the IT Compliance Institute’s Unified Compliance Framework, along with industry standard frameworks such as CobiT, COSO, NIST, and ISO17799:2005, which allows you to report on risk and controls from different perspectives.  With this capability, you can easily identify efforts that support compliance-related activities and rapidly integrate future business and regulatory requirements into your enterprise view.  When the next regulation comes along, there will no longer be a need for another “point solution”. 

Continuous Monitoring and Reporting

Sophisticated tools allow you to report compliance and monitor for policy violations.  You can also report on testing results, remediation plans, risks associated by controls, controls associated with specific regulations and many other aspects of governance, risk and compliance.   As you determine your organization’s risk indicators and the information associated with controls, our solution can provide you with visibility into these metrics.   

Manage Resources Associated with Controls Across the Organization

Our solutions brings you an aggregated/summarized view of human and financial resources associated with controls implementation, testing, remediation and risk assessment, making it easier for you to manage the personnel and project costs of dealing with risks and controls, as well as your compliance initiatives.

Available as a CA Clarity Solution Pack

Risk and Controls Manager is delivered as solution pack, combining CA Clarity software, CA Technology Services implementation services, internal best practices dashboards, templates and workflows, and the IT Governance Institute’s COBIT and the IT Compliance Institute’s Unified Compliance Framework(UCF).  We are leveraging our global alliance partners to help bring this solution to market and customize it to the needs of our customers.

 

Features Benefits
Import Existing Controls Provides you with an easy migration from existing internal risk and control tools.
Create role-based views Allow your users to lock down access to control information
Auditable, flexible and configurable workflow capabilities Facilitate your ability to track and alert of changes that are made to controls.
Capture, score, and prioritize risk based on specific risk management methodologies Offers a highly configurable environment that can tailored to almost any risk methodology. A powerful workflow engine automates Risk Management Assessments across your organization.
Map risks to existing organizational controls Builds risk associations that provide context as to why these controls need to be managed withinyour organization.
Map risks and controls to regulations Using pre-defined mappings of controls to associated external regulations and standard industry frameworks, your organization can associate your own controls to these standards.
Define, measure and report against Corporate Policies, Procedures, Standards, and Guidelines, as well as business requirements such as Service Level Agreements. Translates your policy requirements into control activities and monitors for policy violations across your enterprise. Manages your strategic business relationships through the creation and monitoring of Service Level Agreements or other contractual arrangements.
Create a Best Practice Repository and map these practices to existing controls Tracks and measures your performance against best practices to support continuous improvement efforts within your organization
Document control testing Access control and document management features ensure the integrity of testing work papers and the check-in/check-out system can provide useful information to track who has been accessing what and when.
Manage all aspects of internal and external audits to the resource and document level Fully automates many aspects of a corporate audit function.
Utilize industry-standard control frameworks Supports COSO, CobiT and NIST standards.
Powerful reporting capabilities

 

 Provides you with the “spreadsheet view”, as well as a variety of advanced reporting capabilities. Graphs and views are interactive, and they support drilling down to the information that is relevant to a user's role within the organization.