Stone Arch
Managing Risk Just Got Easier
There’s bad news and good news. The bad news is that, according to a recent study by AMR, over 69% of compliance costs are labor related, spent on things like internal staff and consultants. The good news, according to the same AMR study, is that on average, most companies can save 25% or more on risk management compliance through the use of labor saving technologies like software. Perhaps the best news of all is that with StoneArch Software realizing these benefits just got easier.
Where We Can Help
StoneArch Software is designed to meet the needs of all of your enterprise-wide risk management and compliance initiatives and can be deployed as part of broader enterprise-wide risk management strategy that includes addressing common risk management initiatives such as:
  • Internal Audits
  • Financial Controls Management
  • IT Audits
  • Security Management
  • Enterprise Risk Management Programs
The $515 Million Financial Controls Failure
The cost of compliance failures can be staggering. Consider the case of Bristol Myers Squibb and the $515 million the company paid to settle a probe into illegal kickbacks:
Bristol Myers Squibb will pay US $515 Million to settle a probe into illegal kickbacks… Government investigators alleged that BMS had paid illegal remuneration to physicians and other health care providers to induce them to purchase BMS drugs.  The company agreed in principle to [the] settlement and to implement a five year corporate integrity agreement. ” Big News Network, 10/1/07
As a result, corporations seem to be getting message; implement sustainable financial controls or be prepared to face severe consequences. In general, it is not uncommon for corporations experiencing financial, internal or security controls failures to experience one or more of the following:
  • Fines
  • Criminal penalties
  • Lost contracts
  • Work stoppage
  • Lawsuits
The StoneArch Difference
StoneArch’s enterprise solutions are easy to install, easy to use and have a lower total cost of ownership. Our software has been designed to manage and automate each step in the risk management process to save time, automate repetitive tasks and reduce errors. 
The Risk Management Process
Gaining visibility and control on the multitude of internal and external risks is one of the top priorities of corporations today. With a recent jump in regulatory mandates and increasingly active shareholders, many organizations have become increasingly sensitized to identifying areas of risk in their business; whether it is credit, regulatory, or operational risks. These risks are no longer considered the sole responsibility of specialists. Executives and boards demand visibility into exposure and status so they can effectively manage the organization’s long-term strategies. As a result, companies are looking to systematically identify, measure, prioritize, and respond to all types of risk in the business, and then manage any exposure accordingly.

StoneArch provides an integrated and flexible risk management framework for assessing and prioritizing risks, defining controls, managing audits, identifying issues and implementing recommendations and remediation plans. The risk management system includes powerful tools for risk analysis and monitoring such as reports and dashboards that alert executives when risks reach critical thresholds and require attention. In addition, StoneArch Software includes a document management system and workflow tools that were designed with these steps in mind; to automate the entire risk management process. Processes include:
Documentation: The first step in the process is defining the key processes and controls. Processes and controls are revised and edited as necessary. Documents are approved by the appropriate person(s) and become available to distribute throughout the organization.  StoneArch’s software manages this process as described by the Committee of Sponsoring Organizations (COSO) framework to enable collaboration yet maintain strong document controls.
Publishing: All compliance documentation is stored in a single, centralized repository allowing process owners, executives and auditors access through an easy to use, secure, web-native interface. Only the latest, approved versions are accessible reducing time and duplication of effort.
Assessments & Certifications: It is necessary to validate that the organization is in compliance with risk management controls on a regular basis. This is accomplished through risk assessment and compliance certification testing. If certification tests fail, issues and improvement plans need to be documented and tracked through the process.
Reporting Tools: The status of the organization’s compliance must be available at any time. Reports and dashboards provide full and complete information on the status of all compliance tasks throughout your organization. Provided are macro-level views of any step in the risk management process with the ability to drill-down to specific details in seconds.
Workflow Automation: An embedded workflow engine automates the movement and tracking of content, allowing tasks to be prioritized, distributed and handled by multiple workgroups and individuals for completion. Processes are supported with event triggers to facilitate document reviews and test activities. It tracks and notifies where you are in the compliance risk management process with activities, improvement plans and remediations; all necessary to meet your audit deadlines.
Audit Trails: Audit trails are available for all events including editing, approvals, accessing documents, and checking documents out of the system. This information is accessible by any authorized user.
Security: All access is performed using web-based protocols.  A strong security layer that protects all information is held within the database.  Because of this, all information can be securely accessed using an Internet connection and controlled using the administration tools available within the solution.
Why Automate?
Customers tell us there are a host of reasons to automate including saving money, eliminating mundane, repetitive tasks and reducing the risk of compliance failures. With manual systems, too many things are left to fall through the cracks. In short – you need to have sustainable risk management processes.  Common problems include:
  • Tracking issues
  • Inconsistent certification testing
  • Unresolved compliance failures
  • Using unauthorized documents
  • Policy and control distribution
  • Lack of clear, defensible audit trails
  • Document security and change control
  • Cumbersome reporting
  • Critical errors due to inaccurate data
  • Wasted time using inefficient manual processes
Make Your Life Easier. Talk to StoneArch
Are you ready for an easier way to manage risk? Call StoneArch to find out how you can reduce effort, shorten compliance cycles, increase accuracy, reduce risk management compliance failures and lower your company’s exposure.
Privacy / Legal © StoneArch Software 2010. All rights reserved