THE CERRIX SOLUTION
               OVERVIEW                                 

CERRIX is built on the basis of an integrated vision on GRC. Risk, Compliance and Audit data is shared with all involved parties which have the right access authorization. This GRC community within the organization is able to add review, monitor, evaluate and analyze the GRC information. Pervasive monitoring of risks, controls and improvement actions will intensify the usage of the tool and consequently improve the GRC process. The functionality of CERRIX is grouped into different modules. Each module can be acquired independently. CERRIX consist of the following modules:

Operational Risk Management:
This module holds all functionality for advanced operational risk management. It supports the ORM processes for CRSA, Loss event and Key Risk Indicators. A dedicated workflow eases the processing of subsequent work- and approval steps. Pre-defined catalogues eases the maintenance.

IT Risk Management
This module is an extension on the ORM module and is specially developed for managing all IT Risks. It supports the principles as set by COBIT for process risks, but also the ISO 27002 for information security.

Internal Audit
This module supports the processes for the internal auditor. Findings reports can be generated and linked to the different elements of the risk universe. The resulting improvements actions can be set and monitored easily with workflow and e-mail notifications.

Compliance Management
Legislation can be linked to elements of the risk universe. Compliance objectives and compliance controls can be defined and monitored. A link with external database is optional.

Process Management
Process charts can be defined and designed graphically. Responsibilities are classified via RACI-templates.

Analytics
Integrated GRC data is an ideal source for further analytics. The risk profile can be viewed from different perspectives and end-users can specify their own reporting demands.