SAS® Governance and Compliance Manager

SAS Governance and Compliance Manager enables you to reduce firmwide risk by strengthening risk oversight. It builds trust across your organization through proactive and systematic management of risk exposures, including the development of an action plan to address and track issues – all the way to resolution. You can detect and prevent violations of regulations and policies, and ensure business activities align with your organization’s risk appetite, key stakeholder expectations and external obligations.

Standardize and integrate risk management SAS Governance and Compliance Manager provides an integrated foundation for standardizing and managing strategic and operational risk, as well as consolidating information from all financial risk management systems. Develop an enterprise view of your risk exposure throughout the risk management life cycle – from risk identification to assessment, monitoring, response and resolution.

Visualize and monitor critical risks This solution links to a rich library of visualization tools for management reporting, enabling easy identification and ongoing monitoring of critical risks. A customizable alert engine automates the monitoring of trends in risk exposure and provides earlywarning alerts that enable proactive selection of the most appropriate risk response.

Policy management SAS Governance and Compliance Manager unites multiple processes and systems within a single foundation, which helps you manage compliance costs and prepare for new regulations. An end-to-end, configurable workflow lets compliance officers create standardized policies that document the details, resources, respondents and content for each policy.

Additionally, the solution provides a webbased, self-service policy respondent capability out-of-the box, so you can document whether all employees affected by a policy have received, read and understood it, agree to comply with it or raise any concerns.

Incident management SAS Governance and Compliance Manager captures and continuously monitors information from operational systems across the organization. With the solution, you can: Capture and monitor all governance and compliance-related incidents, including details such as events and their causes, controls that failed, consequences, insurance and noninsurance recoveries, remediation and related actions. Monitor issues and impacts, gauge their severity and link them to risks. Sort out root causes – including multiway combined effects – and distinguish between mistakes, control failures and willful noncompliance.

Audit management SAS Governance and Compliance Manager documents the details, scope, resources and schedule required for each audit. Auditors can document control testing results and send those results through a configurable approval workflow, including: • Prioritization of audit resources by identifying business units with critical risk exposures or control weaknesses. • Definition and management of audit plans and missions. • Manual control testing. • Control testing accommodates use of computer-aided audit tools (CAATs). • Audit point definition and issues. • Approval and monitoring of business unit remediation actions. • Proactive identification of deficient processes, emerging risks and changes to risk exposures across all business units through the definition and monitoring of alerts.

Improve enterprise operational risk management. By offering a holistic and standardized view of operational risks and helping management ensure compliance, you can proactively identify issues and mitigate risk.

Make better decisions. As banks strengthen their governance and compliance initiatives, they need a firmwide view for decision support. Gain a comprehensive, 360-degree view of potential compliance and risk exposures and obligations. Easily view and explore connections among governance and compliance elements, integrate key performance and risk indicators, and monitor strategy execution to improve decision making.

Improve assessments. SAS Governance and Compliance Manager provides control frameworks, which are key to improving assessments. Continually collect active feedback from your risk experts, lines of business and business process managers, and then use this feedback to improve your risk profile, process effectiveness and overall operational risk management.

Increase efficiency and effectiveness. Reduce the chance of duplicate processes by enabling collaboration among risk managers, compliance officers and auditors.

Manage the life cycle of policies. The embedded workflow capability supports the entire life cycle of a policy – from evaluating the need for a new policy through creating, communicating, implementing, monitoring, updating and retiring policies. Compliance officers can also associate policies with governance and compliance objects, such as processes, obligations and objectives.

Manage multiple incidents and action plans. The solution provides early warning signals of emerging operational risks via a comprehensive alert engine and links to potential sources of these issues. It can help you define and monitor multiple action plans to ensure follow-up and resolution, from the initial capture of incidents to ongoing monitoring and resolution.

Plan and manage audits. Audit and compliance management can plan for audits over periodic cycles and capture required actions based on their findings. The solution lets you easily manage and report on milestones. This assures both internal and external stakeholders that core business processes are continuously monitored and audited, and any deficiencies are addressed.