top of page

Search Results

102 items found for ""

  • How To Secure Access To Low-Cost Capital Through ESG Management

    ESG management, like any innovative concept, has sparked its fair share of controversy. Experts and nations engage in heated debates about the approach, the scope, and even the economic value of implementing an ESG management system in business. Amidst the ongoing debates, McKinsey has shed light on a compelling aspect—evidence is emerging that a strong ESG score can lead to approximately a 10% reduction in the cost of capital. Why, you may ask? Well, it all comes down to risk. When your business boasts a robust ESG proposition, it's better equipped to weather the storms threatening its ability to operate. MSCI Research noted that companies with high ESG ratings tend to be less vulnerable to systematic risks impacting the broad equity market or market-like sectors or industries than those with low ESG-rated companies. Credit rating agencies are now factoring in ESG performance when assessing companies; those with lower credit ratings face higher risk premiums. Of course, ESG ratings have their fair share of critics, often lambasted for the inconsistency and opaque methodologies employed by the rating providers. However, financial institutions still rely on these ratings to evaluate the ESG performance of corporations. The alternative of hiring an army of ESG analysts to scrutinize every company in their portfolio is simply impractical. So, if your corporation aims to secure an accurate and positive ESG rating, you must understand the rating methodologies and align your ESG management programs and policies accordingly. Most methodologies assess two critical factors: exposure to ESG risks and ESG risk management. The former primarily revolves around your core business, which may be difficult to change without altering the fundamental nature of your operations. However, the latter is entirely within your control and responsibility. The question then becomes, how can you demonstrate effective ESG risk management? First, ESG efforts need to be seamlessly integrated into your governance structure. ESG risk management should become integral to your company's core operations, flowing through all three lines: from business users to risk managers to assurance functions like internal audit. Motivation plays a crucial role as well. It's incumbent upon management to establish ESG-related incentives for employees or even ESG challenges for individuals or teams. Healthy competition never hurts, especially when it aligns with corporate values, strategy goals, and a purposeful mission. Second, ESG risks must be appropriately managed and mitigated. Common sense dictates integrating ESG risk management into your existing enterprise risk management framework. And most importantly, companies must allocate sufficient resources to their sustainability initiatives, such as investing in technology to integrate sustainability into risk management. This includes investments in technology to integrate sustainability into risk management. Many of today's ESG challenges focus on data collection processes, standardization, and maintaining a dynamic overview of ESG risk management posture. A robust ESG risk management program inherently leads to more consistent operational performance and sustainable long term growth. Archer's ESG solution enables organizations to collect and centralize ESG data into a single platform, evaluate the impact of risks and the opportunities on business strategy, understand 3rd party ESG risks, set ESG goals, and produce auditable reporting all from one integrated platform. If you would like to learn more about how Archer ESG Management can help your organization achieve its ESG goals and objectives, we invite you to our webinar hosted by Verdantix and Archer titled "California's Climate Change Legislation: What Your Business Needs to Know". In this webinar, we will discuss: Gain an understanding of the key provisions of California's new regulations and how they impact your organization's compliance and sustainability reporting. Discover the broader implications of these groundbreaking California laws on corporate climate reporting, accountability, and sustainability programs. Learn about technology that can help you manage and advance your ESG program. We hope you can join us for this informative webinar.

  • Understanding Canada’s Operational Resilience and Operational Risk Management Guideline

    The Office of the Superintendent of Financial Institutions (OSFI) released a draft guideline on October 13, 2023, on the operational resilience and operational risk management requirements of Federally regulated financial institutions (FRFIs) operating in Canada and foreign bank branches authorized to conduct business in Canada. The draft guideline is open to public consultation until February 5, 2023. Key Requirements of the Guideline Identifying the FRFI’s critical operations and mapping the internal and external dependencies (e.g., people, systems, processes, third parties, facilities, etc.) required to support critical operations. Establishing tolerances for disruption in respect of an FRFI’s critical operations. Conducting scenario testing to gauge the ability of the FRFI to operate within its tolerances for disruption across a range of severe but plausible scenarios. Establishing a culture that promotes and reinforces behaviors that support operational resilience and proactively managing culture and behavior risks that may influence resiliency. The design and implementation of the FRFI’s operational resilience approach and operational risk management should be proportionate to the FRFI’s size, nature, scope, complexity of operations, strategy, risk profile, and interconnectedness to the financial system. The Relationship Between Operational Risk Management and Operational Resilience OSFI states that operational resilience (OpsRes) is built on the foundation of operational risk management (ORM). OSFI further asserts that OpsRes emphasizes the end-to-end performance of the FRFI’s critical operations across the organization, and as ORM matures it should also focus on the performance of operations end-to-end. How Archer Can Help The Guideline lists four outcomes FRFIs are expected to achieve related to operational resilience and managing operational risks: The FRFI can deliver critical operations through disruption. Operational risk management is integrated within the FRFI’s enterprise-wide risk management program and supports operational resilience. Operational risks are managed within the FRFI’s risk appetite. Operational resilience is underpinned by operational risk management subject areas, including business continuity management, disaster recovery, crisis management, change management, technology and cyber risk management, third-party risk management, and data risk management. Archer can play an important part in helping organizations build these operational risk management and operational resilience capabilities. For example: Archer Enterprise and Operational Risk Management enables organizations to: Establish an enterprise-wide operational risk management framework. Set a risk appetite for operational risks. Ensure comprehensive identification and assessment of operational risk using appropriate operational risk management practices. Conduct ongoing monitoring of operational risk to identify control weaknesses and potential breaches of limits/thresholds, provide timely reporting, and escalate significant issues. Archer Resilience Management enables organizations to: Identify its critical operations and map internal and external dependencies. Establish tolerances for the disruption of critical operations. Develop and regularly conduct scenario testing on critical operations to gauge its ability to operate within established tolerances for disruption across a range of severe but plausible operational risk events. For more information or to speak to an Archer expert, you can contact us here.

  • Understanding Australia’s Operational Risk Management Standard (CPS 230)

    The Australian Prudential Regulation Authority (APRA) has finalized its Prudential Standard CPS 230 aimed at ensuring banks, insurers, and superannuation trustees can better manage operational risks, build operational resilience, and respond to business disruptions. The standard replaces several existing standards, including CPS/SPS 232 Business Continuity Management and CPS/SPS 231 Outsourcing. The key requirements of CPS 230 are: Strengthen operational risk management through new requirements to address identified weaknesses in existing controls. Improve business continuity planning to ensure organizations are positioned to respond to severe disruptions. Enhance third-party risk management by ensuring risks from material service providers are appropriately managed. An APRA-regulated entity’s approach to operational risk must be appropriate to its size, business mix, and complexity. Latest Updates APRA has released an updated timeline for the implementation of CPS 230. In response to feedback received during the consultation period, APRA intends to: Move the effective date for the new standard to 1 July 2025 Provide transitional arrangements for pre-existing contractual arrangements with service providers, with the requirements in the standard applying from the earlier of the next contract renewal date or 1 July 2026. How Archer Can Help Archer can play an important part in helping organizations manage their compliance with CPS 230. For example: Archer Enterprise and Operational Risk Management enables organizations to: Define risk appetite supported by indicators, limits, and tolerance levels. Assess the organization’s risk profile, including identifying and documenting processes and resources. Ensure internal controls are designed and operating effectively. Provide reporting that enables operational risk oversight at every level of the organization. Archer Resilience Management enables organizations to: Identify and document its processes and resources for critical operations. Document a business continuity plan (BCP) that sets out how the entity would identify, manage, and respond to a disruption within tolerance levels and can be regularly tested against severe but plausible scenarios. Monitor, analyze, and report on operational risks and escalation of incidents and events. Archer Third Party Governance enables organizations to: Manage service provider arrangements. Archer facilitates reporting and notifications to APRA and other stakeholders, including the board, which oversees the entity’s operational risk management, BCP, and management of service providers. For more information or to speak to an Archer expert, you can contact us here.

  • AI Governance: From Buzzwords to Best Practices

    AI will most likely win the buzzword award for 2023. ChatGPT and Google Bard have opened the eyes of millions to the potential benefits of AI. Additionally, AI introduces opportunities for organizations to exponentially increase efficiency and cut costs; unfortunately, AI also introduces new risks to these same organizations. In March 2023, over 30,000 individuals, including well known technology leaders, signed an open letter asking organizations to pause their work on advancing AI beyond the capabilities of ChatGPT-4 for at least six months. In their letter, they called for policy makers and AI developers to work together to accelerate the development of strong AI governance. They claimed governance should include the oversight and tracking of high-risk AI systems, research of watermarking technologies to distinguish reality from fiction, robust auditing systems in place, and to enforce risk management of AI-specific risks. While generative AI has caused quite a stir today, regulations around AI have been in the works for quite some time. The European Union (EU), per usual, arrived first at the scene with their wide-sweeping AI Act. Penalties under this law could cost organizations up to 30M euros or 6% of their revenue for non-compliance. Regulators over the financial sectors in the US and the UK have also declared that AI models need the same level of attention and rigor as any other model undergoing model risk management. In addition, the White House has released an AI Bill of Rights, specifically intended to help policy makers draft effective AI regulations, hinting that more regulations are coming to the AI space. Why AI Governance is Needed In short, the purpose of AI governance is to avoid and mitigate harm by building trustworthy AI. Organizations serious about AI governance should consider taking a “do no harm” oath regarding AI. When AI is used to make decisions that affect humans, harm may befall your customers, employees, community, or society. AI governance needs to address the potential impacts and harm to groups during the entire lifecycle of AI. Trustworthy AI has different definitions based on who you ask, but most have the same general premise. The EU AI Act defines trustworthy AI as “legally compliant, technically robust, and ethically sound.” The National Institute of Technology and Standards (NIST) outlines characteristics of trustworthy AI in the AI Risk Management Framework (AI RMF), such as valid and reliable, safe, secure and resilient, accountable and transparent, explainable and interpretable, privacy-enhanced, and fair – with harmful bias managed. While we’re speaking of NIST, Archer customers should check out the Archer NIST AI Risk Management Framework app-pack on the Archer Exchange. It enables you to utilize the NIST AI Risk Management Framework to assess your AI implementations and determine the posture of your current AI implementation through a comprehensive risk assessment. It helps you design and implement effective risk mitigation strategies to address the gaps from the current implementation to the target implementation. The idea is that building and using trustworthy AI reduces harm. That’s what we are striving for when instituting AI Governance. How to Govern AI at Your Organization If you have been in risk management for a while, you can guess what general steps are required. At a high level, a general framework of AI governance would include identification and documentation of your AI systems, risk analysis and evaluation, implementation and testing of controls, and ongoing monitoring. Let’s break these down. #1 Identification To start managing AI systems, you have to know what AI systems you are using. NIST and EU AI Act provide good definitions of AI. Basically, any system using machine learning, logic-based, knowledge-based, or statistical approaches are considered to be AI. That covers a lot. And that is much more than just ChatGPT. When you document your AI systems, it’s critical you collect and document specific information. Important details include: Context – the intended purpose, benefits, norms and expectations, people involved, settings in which it’s deployed, goals, instructions on use, etc. Development details – methods and steps used to develop the AI system, key design choices, system architecture, data requirements, validation and testing information, etc. Monitoring information – the incident management process, key performance indicators, review cycles, etc. Risks and impacts – identified risks, how risks are managed, potential impacts to consumers, employees, society, communities, organizations, etc. Change management – historical log of changes to the AI system For more information, review the “map” categories in the NIST AI RMF, as well as the EU AI Act section on technical documentation and summary data sheet. #2 Risk Assessment The purpose of assessing the risk of your AI systems is to understand the potential harm it could cause and to know the level of controls you should apply. Typical information system risk assessments prioritize systems based on the data classification housed and processed within the system, as well as the functional importance of the system to the organization. This same thought process applies for AI systems, but organizations should also take into consideration the usage of the system as well. The EU AI Act for example outright bans certain uses of AI, or AI systems that cause specific impacts. Any systems that might exploit vulnerable groups or violates rights in any way are prohibited in the market. Using AI to socially score an individual or perform real-time biometric identification in public spaces is also prohibited. High risk AI systems might include systems that assist with education, like determining which students to admit to your school, which ones get into certain programs, etc. Any system used for hiring or firing would be considered high risk. Systems that determine who gets access to essential services, like determining your future credit score, would be considered high risk. AI systems that don’t make predictions or decisions are generally less risky. For more information, review the NIST AI RMF “Measure” categories, the EU AI Act on risk levels, the NIST Risk Management Framework, or regulations on Model Risk. #3 Implement and Assess Controls It is recommended to put in place strong controls at every stage of the AI lifecycle. This includes stages like design, development, evaluation and testing, deployment, operation, and eventual retirement. Generally, controls should be put in place to respond to and manage identified risks during your risk assessments. The objective is to maximize the benefits of AI, while minimizing the negative impacts. Examples of controls include, but are not limited to: Drafting policies that cover AI values and governance Conducting ethical assessments Keeping up-to-date technical documentation Enforcing data governance Continuously identifying and managing risks and impacts Conducting model reviews, validation, and performance monitoring Creating clear deployment strategies Implementing strong change management Setting clear decommission strategies for AI systems NIST recommends implementing and testing these types of controls based on the risk level of your AI systems. Under the EU AI Act, high-risk AI systems must undergo a conformity assessment to prove that their system has conformed to the highest standard of controls. This conformity assessment covers topics as shown above and more. Without a conformity assessment, you cannot deploy your AI system in the EU market. It’s expected that the US will have similar requirements in future legislation. #4 Ongoing Monitoring Once the risk analysis, evaluation, and control selection has been completed, organizations should continuously monitor their AI systems in production. Ongoing monitoring includes activities like control reassessment, regular reviews, incident tracking and management, and risk identification. Organizations should be proactive in reporting incidents to the proper stakeholders, as there has been greater emphasis on incident disclosure requirements. Trust that it’s better to be ahead of the curve in this space than behind. Organizations should be tracking their own incidents and managing them in an effective way. When logging and reporting incidents, organizations should track things such as the incident summary, reporter, source system, dates of occurrence, impacts of the incident, and the affected stakeholders. These incidents will need to be shared both internally and externally in many cases, so organizations should plan now on their communication strategy. Conclusion Risk managers can leverage current frameworks in place to help govern AI, but will need to adapt to the unique challenges presented by AI. By identifying AI systems, prioritizing them based on risk, applying controls, and monitoring their systems, organizations can build and use more trustworthy AI and avoid negative impacts and harm. Teams working to manage risks posed from AI will also need to be very agile in the rapidly developing regulatory space. For example, the current version of the NIST AI Framework, most model-related regulations, and even the EU AI Act were written to help mitigate risks from traditional AI, not generative AI (GAI). GAI presents its own unique challenges and risks. While these regulations and frameworks have lots of overlap, organizations that don’t adapt to these new AI technologies expose themselves to very large risks. Risk teams need to be looking ahead at what is to come and start their efforts now to institute proper AI governance.

  • What Executives Should Know About Risk Management

    There is much conjecture, guidance, and varied views about what most executives’ role should be related to the approach and direction of risk management in their organization. Executives play a critical role in risk management and need a comprehensive understanding of various aspects of risk management so they can make informed decisions that protect the company's interests and ensure its long-term sustainability. Here are some key things they should know: Risk Types: Executives should be familiar with the types of risks their organization faces. These can include financial risks, operational risks, strategic risks, compliance risks, and reputational risks. This is important so the executive has the context or risks the organization has to deal with. Recognize that external factors, such as economic conditions, geopolitical events, and natural disasters, can pose significant risks to the organization. Stay informed about these external risks. Risk Appetite and Tolerance: They need to define and communicate the organization's risk appetite and tolerance. This sets the boundaries for risk-taking and guides decision-making at all levels of the company. Risk Mitigation Strategies: Be aware of the various strategies for mitigating risks, such as risk avoidance, risk reduction, risk transfer (e.g., insurance), and risk acceptance. Executives should be involved in setting risk mitigation strategies and ensuring they align with organizational and strategic objectives. Crisis Management: Have a clear understanding of the organization's crisis management plan and their role in it. This includes knowing when to activate the plan and how to communicate during a crisis. Cybersecurity Risks: In this digital age, cybersecurity is a significant concern – one of the highest. Executives should be knowledgeable about potential cybersecurity threats and measures the organization has in place to protect sensitive data. Insurance and Risk Transfer: Understand the organization's insurance coverage, what it covers, and what it doesn't. Know when to transfer risk to insurers and when to self-insure. Monitoring and Reporting: Be aware of the key risk indicators (KRIs) that help track and manage risks and how they relate to key performance indicators (KPIs). Regularly review these metrics to stay informed. Risk Culture: Promote a risk-aware culture within the organization. This includes encouraging employees at all levels to identify and report risks, as well as ensuring that risk management is integrated into decision-making processes. Be involved in resource allocation decisions to ensure that adequate resources are dedicated to risk management efforts. Stakeholder Communication: Effectively communicate with stakeholders, including shareholders, employees, customers, and the board of directors, about the organization's approach to risk management and the steps taken to address risks. Continuous Improvement: Emphasize the importance of continuous improvement in the risk management process. Regularly review and update risk management policies and procedures to adapt to changing circumstances. Executives must work closely with risk management teams and the board of directors to ensure that risk management is an integral part of the organization's strategic planning and decision-making processes. It is essential for safeguarding the organization's long-term success and reputation.

  • Understanding California's New Climate & ESG Laws

    On October 7, 2023, California signed into law two new bills that have far-reaching implications for compliance and sustainability owners. SB 253, also known as the Climate Corporate Data Accountability Act (CCDAA), and SB 261, the Climate Related Financial Risk Act (CRFRA), apply to organizations that conduct business in the state of California. These laws are the first of their kind in the United States and are expected to significantly impact corporate climate reporting and accountability policies and programs for organizations that conduct business in the state. The bills mandate reporting of greenhouse gas (GHG) emissions as per the GHG Protocol. It also requires reporting of climate-related financial risks based on the Task Force on Climate-related Financial Disclosures (TCFD) recommendations. These requirements are also referenced in the Securities and Exchange Commission's climate disclosure proposal, the European Sustainability Reporting Standards (ESRS), and the IFRS Sustainability Disclosure Standards. However, the scope of these bills extends beyond the SEC's proposal as they apply to public and private companies meeting revenue thresholds and doing business in California. Scope of Impact SB 253 and SB 261 are designed to increase transparency around corporate climate impacts and financial risks. This information can help investors, consumers, and other stakeholders make more informed decisions about the companies they support. What Organizations Need to Know If your organization meets the revenue thresholds and operates in California, you will be subject to the requirements of SB 253 and/or SB 261. You should start preparing now to comply with the new laws. This includes developing a process for collecting and reporting emissions data or assessing climate-related financial risks. The California Air Resources Board (CARB) and the California Secretary of State have published guidance documents to help organizations comply with SB 253 and SB 261, respectively. What to Do Now To ensure compliance with SB 253 and SB 261, sustainability and compliance owners should take the following actions: Assess the implications. Conduct a thorough assessment of the risks and opportunities presented by the new regulations and identify areas where your company may need to act. Engage with suppliers. Work with your suppliers to ensure they are also aware of the new regulations and are taking steps to comply. Invest in innovation. Look for opportunities to invest in new technologies, materials, and processes that will help your company comply with the new regulations and achieve sustainability goals. Collaborate with stakeholders. Build partnerships with suppliers, customers, and other stakeholders to achieve the goals of the new regulations and maximize sustainability benefits. How Archer ESG Management Solutions Can Help Archer ESG Management solutions can play an important role in helping organizations meet the compliance and reporting obligations outlined in these new laws. Archer ESG Management solutions are designed to address the scope 1, 2, 3 GHG disclosure requirements set forth in these laws and incorporate the TCFD, ESRS, and IFRS Sustainability Disclosure Standards. Archer ESG Management solution represents an integrated approach to managing corporate ESG programs, eliminating the need for multiple point solutions. The solution is comprised of four major use cases that deliver an effective way of managing ESG processes all from one place. Archer’s preconfigured ESG use cases allow organizations to move from manual processes to automated and streamlined ESG management programs. Archer ESG Management Use Cases Archer ESG Management provides enterprise-wide assessment, mapping, monitoring, reporting, and quantification of the organization's ESG programs. Archer Sustainability Reporting is a comprehensive solution addressing the growing demand for transparency in ESG reporting, providing a complete solution that aligns with the TCFD framework and GRI 2 - General Disclosures. Archer Double Materiality Calculator helps you quickly and easily perform a double materiality assessment based on the ESRS requirements. Archer ESG Portfolio Management enables institutional investors to efficiently gather and analyze ESG data across their investment portfolios. Archer’s ESG Management solution enables organizations to collect and centralize ESG data into a single platform, evaluate the impact of risks and the opportunities on business strategy, understand 3rd party ESG risks, set ESG goals, and produce auditable reporting all from one integrated platform. If you would like to learn more about how Archer ESG Management Solutions can help your organization meet its ESG obligations. If you would like to learn more about how Archer ESG Management can help your organization achieve its ESG goals and objectives, we invite you to our webinar hosted by Verdantix and Archer titled "California's Climate Change Legislation: What Your Business Needs to Know." In this webinar, we will discuss: Gain an understanding of the key provisions of California's new regulations and how they impact your organization's compliance and sustainability reporting. Discover the broader implications of these groundbreaking California laws on corporate climate reporting, accountability, and sustainability programs. Learn about technology that can help you manage and advance your ESG program. We hope you can join us for this informative webinar.

  • New Archer Exchange Delivers Enhanced User Experience

    We are excited to introduce an enhanced user experience for the Archer Exchange! The new interface provides Archer customers with an online shopping experience for pre-built app-packs, integrations, tools and utilities, accelerators, and content that provide added value for Archer solutions, and allows customers to easily find the offerings that best fit their needs. The value-add offerings available on the Archer Exchange help each of our customers get their unique risk management program on the right path, right from the start. Customers can leverage value-added offerings to expand their use of Archer into new business processes and address specific industry, geographic, regulatory, or technical requirements. The new Archer Exchange provides Archer customers with everything they need to know at a glance, highlights the latest news, and provides information about new and updated offerings. We invite you to visit the Archer Exchange today to check it out!

  • Building Resilient Supply Chains

    Given the ongoing supply chain disruptions that continue to impact an organization’s operations, supply chain management has never been more critical. According to Gartner*, by 2025 supply chain risk management will be a critical success factor for over 50% of organizations. It is paramount to reduce supply chain risks and enhance resilience. In fact, IDC’s** research reveals that 63% of organizations view a lack of resiliency to be a key supply chain gap. * Gartner: How Supply Chain Leaders Can Prepare for the Next Big Disruption (June 8, 2022) ** IDC, Progressing Supply Chain Resiliency, Simon Ellis Gaining visibility into your supply chain is not only advantageous but imperative. Understanding your complex vendor relationships is essential for identifying vulnerabilities, assessing potential disruptions, and implementing proactive measures to ensure supply chain resilience. When organizations leverage advanced visualization, they can gain valuable insights into the dynamics of their supply chain ecosystem enabling them to make better decisions, become more resilient, and mitigate risk effectively. To learn more, join us for our webinar “Building Resilient Supply Chains: Strategies for Success” featuring GRC 20/20’s Michael Rasmussen and Archer’s Sarah Kassoff to learn: How to enhance your organization's supply chain resilience amid increasing uncertainties Strategies to reduce supply chain risk and ensure uninterrupted business operations The impact and benefits of visualization in tackling complex supply chain challenges Webinar: October 10, 2023 11:00 am Eastern Time Register Now! Visit Archer Third Party Governance for more information. Contact us to speak to an Archer Expert.

  • Visualize the Location of Assets in Comparison to Tangible Risk Events with Archer’s New Mapping Fun

    Everywhere you look today, there are reports on the news about something that could impact your supply chain and your business. It could be a fast-approaching hurricane, an active crime scene causing closure to parts of the city, or a traffic stoppage that halts deliveries of essential supplies. It has become critical to have a supply chain risk management strategy, but creating an effective plan is challenging if you can't anticipate the challenges that will impact your organization to prioritize risks effectively when there are so many different types of challenges that organizations need to be prepared for to mitigate risk and limit impact to the organization. Wouldn't it be nice to be able to anticipate potential disruptions and take action to minimize the impact on your company? We are excited to introduce a new Archer report powered by Mapbox that allows organizations to see their physical locations, assets and third parties on a map, compare them to potential threats that could impact them, and take action to reduce the risk. If your organization – like most – could be impacted by certain threats of disruption or other risks, you'll love the way Archer and Mapbox connect the dots so you can take proactive steps - instead of reacting after your organization has been disrupted. This mapping capability is an essential tool in your efforts to build a more resilient organization. To learn how you can build a more resilient organization contact an Archer expert.

  • How Archer Document Governance Supports Business-Critical Content Changes for Policy Management

    There are several key questions to ask in evaluating how well the content and associated documentation is managed for your use cases (like policy management). Is your change management program well designed? How would you demonstrate that to a stakeholder or outside party? Is the program applied earnestly / in good faith? How do you report on the results of the work done? The Archer Document Governance solution provides tools to manage your policy management’s critical documentation and help strengthen your program around these questions. 1: Key elements to a well-designed program: control and collaboration Policy programs are dynamic, with ongoing updates needed to keep policies and procedures current. A well-designed program will have both the agility and the control needed for ongoing change management. Archer Document Governance can help provide the agility and control you need through: Enabling simultaneous collaboration on documentation changes – no need to lose time emailing versions back and forth or risking lock-out of a collaborator from a shared network file Making teams aware of changes in the approval chain for the documentation they manage Providing a real-time view to where a document may be delayed in the change management process Documenting redlined changes for every published version Enabling quick response to audit inquiries 2. Enabling a strong culture of discipline: reinforcing the positive, removing the barriers In tandem with your leadership communications and targeted performance indicators, the right tool can help simplify and demonstrate diligent application of your policy management program. Archer Document Governance can support your culture of execution through how you manage the creation, governance, and publication of your program’s mission-critical documentation. Document Governance helps by: Simplifying through standardizing the creation, management, and distribution of policies and procedures Configuring your governance workflows and providing transparency into the process Accelerating the review and sign-off of documentation changes Serving as a single system of record for your documentation 3. Demonstrating program results Monitoring and reporting on the results of your policy management program takes both quantitative and qualitative measurements. Archer Document Governance can help you track and demonstrate program results through: Facilitating internal and external audits, providing detailed change logs, and redline comparisons for evidence across published versions Detailed management reporting, showing everything from change management cycle times to analysis where approvals get delayed by document type and team Contact us to speak to an Archer expert about how Archer Document Governance can support your program goals.

  • New Data Center in United Arab Emirates Extends Archer SaaS to Middle East Customers

    To support the growing SaaS needs of Archer customers across the Middle East, we’re pleased to announce Archer’s newest data center in the United Arab Emirates (UAE). In collaboration with Amazon Web Services (AWS), this latest data center enables us to support the explosive growth of Archer SaaS in the region with the increased performance, lower latency, and the data residency our customers require. Our UAE data center offers improved security and compliance, as data will be stored locally and subject to UAE regulations. Additionally, this data center supports our customers who want to leverage the power and scalability of the cloud to help address business risk and global compliance challenges. With the deployment of our industry-leading Archer cloud infrastructure in the UAE, we now have data centers in the U.S., Canada, Europe, Australia, and Asia Pacific, as part of our strategy to provide a regional presence in our highest-demand areas. Archer SaaS enables organizations to leverage the flexibility, availability and scalability of the cloud, coupled with the depth and breadth of the Archer Suite, to comprehensively and proactively manage risk. Offered on the Amazon Web Services (AWS) platform, Archer SaaS offers: · Support for the full set of Archer use cases · A flexible pricing model · SaaS-specific contract terms · Data residency · And much more To learn more about Archer SaaS, contact us or join us for Archer Summit 2023 in San Diego September 11-13.

  • Our Next-Generation Risk Quantification Capabilities

    We have all seen our favorite risk management output – the vaunted risk heat map. These colorful graphs stimulate conversation and are staples of risk reporting. However, we are also very aware of their shortcomings. Unfortunately, qualitative output, even when bounded by scales and ranges, are still subject to interpretation. More importantly, qualitative assessments lack a level of detail that is critical to making the right business decision. Today, we announced our next generation of risk quantification capabilities for Archer Insight and the new Archer Insight Workbench offering. Using Archer Insight, organizations can use quantitative assessments within their enterprise risk management (ERM) programs to calculate financial and non-financial risk exposures and provide critical business insights to better assess, aggregate and report on risk. The new Archer Insight Workbench risk modeling tool is purpose-built for risk analysts and enables them to create their own models to dig deep into risk scenarios. Unlike systems that utilize qualitative risk analysis techniques, Archer Insight is designed to simplify the calculation and aggregation of risk exposure. It enables risk functions to standardize the calculation of financial exposure, differentiate risks in terms of rate of occurrence and magnitude, measure the value of controls, and manage risk based on the relative impact to the business. In short, it replaces qualitative and semi-quantitative scales with two simple questions – what is the general rate of occurrence of a risk? and what is the range of potential impact? Of course, the first question that comes up is “Where do I get the data for these estimates?” The good news is that quantitative assessments take uncertainty into account. Instead of being vague about uncertain inputs (“I think the likelihood is Medium”), shifting to quantitative inputs (“I think the rate of occurrence is 5 times a year”) puts a more tangible estimate into the equation. Then, these estimates can be tracked against real occurrences and shifted to better reflect the risk. In other words, by being more specific about the uncertainty, you are more aware of what you should be monitoring and the adjustments you make in the future are meaningful. This release puts vital tools in the hands of risk teams. The two approaches - quantitative assessments within ERM and risk modeling – provide risk teams with broad capabilities to better analyze and communicate risk. A major benefit of this approach is the agnostic nature of Archer Insight. The quantitative assessment built into Archer Insight can be applied to all types of risks including enterprise, operational, and cyber risks. As risk management teams seek to put the best information in the hands of their decision makers, risk quantification has become a critical element of their strategy. Archer Insight brings exciting new capabilities to your GRC program and takes ERM to the next level. To read our announcement, visit: Archer Introduces Next-Generation Risk Quantification Capabilities for Archer Insight and New Archer Insight Workbench

bottom of page