Compliance Online
Risk Assessment

Introducing ORA…

The world’s regulators are 100% clear: You need a compliance-related risk assessment.

You can’t get away with just an enterprise risk assessment.

You need an entire risk assessment dedicated to compliance.

What’s more? If you want mitigating credit for your anti-bribery, sanctions (OFAC), or anti-tax evasion program, you need a topic-specific risk assessment in addition to your broader compliance-related risk assessment.

Doing that on your own is hard!

Doing it with the assistance of the Compliance ORA solution makes it easy.

Why a Compliance-Specific Risk Assessment?

Enterprise risk assessments don’t:

➡️ Meet regulatory requirements for mitigating credit, especially around bribery/sanctions/tax evasion risk.

➡️ Don’t allow you to create a truly risk-based approach for your program.

Creating a Risk-Based Program Requires a Deep Risk Assessment

Let’s say you want to give training on an important topic. Your department manages sanctions, anti-bribery, and privacy.

What should you train on? And which employees should receive that training?

Without a proper risk assessment, you won’t know the answer. You can guess. But you might be tackling a low-risk part of the business while the parts on fire sit ignored.

A risk assessment is a bedrock on which the rest of the compliance program is built.

Risk assessments should inform:

➡️ Policies and Procedures: Which ones to focus on and update

➡️ Training: Which teams are high-risk and what topics should be prioritized

➡️ Governance: What should be reported to the executive teams and board

➡️ Monitoring: What needs to be monitored to get data on high-risk activity

➡️ Third Party Risk: What due diligence needs to go to which third parties to manage risk appropriately

How Does Compliance ORA Help?

Compliance ORA is a software platform that enables you to smoothly and easily execute compliance-related risk assessments and track risk levels in real time.

It goes beyond the shallow limitations of enterprise risk to allow you to:

➡️ Meet regulatory obligations.

➡️ Create a truly risk-based and effective program.

With this software, we have targeted several well-known industry issues:

➡️ Built-in Methodology: Many of us are unsure of how to adjudicate risk. The methodology in the Compliance ORA system was developed by world-class experts and is easy to use!

➡️ Advanced Risk Modeling: Compliance ORA allows you to visualize and measure how much risk is mitigated by the actions you may take, focusing resources to maximize impact on risk reduction.

➡️ Automated Assignment of Mitigation: Compliance ORA allows mitigating tasks to be assigned to the business with automatic follow-up. It also creates an iron-clad audit trail for maximum visibility.

Making Risk Assessments Easy and Intuitive

- Manual Risk Assessments Compliance ORA
Scoping The scope is hard to define or limited in nature Scoping is easy and accomplished with the help of experts
Questionnaires Questionnaires are sent by email and not kept centrally Questionnaires are sent automatically, and responses are kept in a central repository available to the whole compliance team
Workshops/Interviews Workshops and interviews must be set individually, and notes aggregated Workshops and interview invitations can be scheduled automatically. Notes are kept in the system along with documents.
Methodology Coming up with a strong and defensible methodology is tricky The expert-created methodology is built into the system and operates independently
Mitigation Modeling Not possible Automatically visualizes the effect of various mitigating action
Mitigation Assignment and Tracking Emailing all of the business leads to assign mitigation, then tracking on a spreadsheet and following up via email Automatic assignment and follow-up with real-time notification of completion
Audit Trail Requires a collection of numerous documents from various sources Automatically-created air-tight, real-time audit log
Reporting Reports must be manually created and updated Reports are automatically generated and are updated in real-time