December 06, 2007 08:00 ET

QUMAS Marks New Era for Managing Governance, Risk and Compliance Initiatives

QUMAS GRC Suite Fully Integrates Risk and Compliance Requirements Across the Enterprise for Better Governance and Improved Business Performance

JERSEY CITY, NJ--(Marketwire - December 6, 2007) - QUMAS, the leading provider of governance, risk and compliance (GRC) solutions, today announced the availability of the QUMAS GRC Suite™, the first truly integrated GRC software solution available on the market. QUMAS now enables organizations to comprehensively integrate all of their GRC initiatives through a single, unified solution and delivers a highly scalable and configurable solution based on proven technology.

The QUMAS GRC Suite provides comprehensive risk management integrated with document and business process management, interactive dashboards and advanced reporting capabilities for real-time governance. The QUMAS GRC Suite allows organizations to model and assess their risk environment; actively manage documents and monitor processes in accordance with multiple compliance requirements and regulatory changes; as well as make proactive, risk-based decisions for better governance and improved business performance. QUMAS GRC Suite comprises operational risk measurement elements from FRSGlobal; market leaders in global regulatory reporting solutions.

A New Era for GRC

According to the Open Compliance and Ethics Group (OCEG) 2007 Governance, Risk and Compliance Strategy Survey, released in September 2007, 84 percent of responding companies reported fragmentation of GRC activities and processes and 65 percent indicated that fragmented GRC resulted in serious business problems from duplication of efforts, redundant solutions, higher costs and increased risk.

Today, individual departments across the enterprise address GRC with point solutions crafted to suit their particular need. This siloed approach to GRC leads to an obvious disconnect between inter-related risk and compliance initiatives, as well as the duplication of effort. This ultimately increases the inherent risk to the organization. The QUMAS GRC Suite enables individuals across the organization to seamlessly and efficiently participate in all GRC initiatives through an intuitive, easy to use, Web-based interface.

As an example, consider a global banking organization. The office of the Chief Risk Officer performs a risk assessment and designs controls, supported by policies and procedures, around Know Your Customer (KYC) requirements. In addition to being a requirement for compliance with the USA PATRIOT Act and the Bank Secrecy Act, this assessment also enables the bank to calculate capital requirements based on credit risk assessments and loss data analysis. Policies and procedures are created and distributed in support of the mitigating controls.

An update of KYC policies and procedures may be triggered by events such as:

--  An AML regulatory change, ruling, or guidance that originates from the
    General Counsel's office
--  A Board directive as a result of a publicized money laundering event
    at a competing bank
--  A change in the risk profile following a scheduled annual risk and
    control assessment by business units
--  A scheduled, periodic review of policies and procedures

At the same time, a reassessment of KYC risks and controls may be triggered by events such as:

--  An internal event that results in a loss that exceeds the approved
    risk appetite
--  An external market event such as an extraordinary increase in rate of
    loan defaults
--  A Board directive to recalculate capital requirements (often as a
    result of changes in market risk and credit risk profiles)

This summer's sub-prime mortgage crisis not only clearly illustrates the above example, but also underscores the strong relationship and interdependency between risks, controls, policies and procedures across the enterprise and on a global scale.

Clearly, only an integrated solution suite can realize this fully integrated GRC vision. The QUMAS GRC Suite ensures consistency, coordination and operating effectiveness of all GRC initiatives across the enterprise and provides interactive dashboards to the Board and Executive Management to monitor trends and key performance indicators (KPIs) for the organization.

"Organizations have long understood the need to deliver an integrated GRC framework across the extended enterprise," said Kevin O'Leary, CEO of QUMAS. "But, prior to the QUMAS GRC Suite, they had to settle for disparate point solutions, ill-suited to manage multiple risk and compliance requirements. The QUMAS GRC Suite delivers a unified GRC technology and approach that instills a GRC mindset with employees and standardizes processes across every organizational level."

How It Works

The QUMAS GRC Suite comprises the following proven software applications:


My QUMAS is a single, intuitive, Web-based interface for users to record and perform their specific tasks, as well as monitor their areas of responsibility across GRC initiatives. A lawyer in Corporate Legal can monitor regulatory changes in My QUMAS and require a related policy to be reviewed. A business unit owner, responsible for the policy, may update the policy and invite others to provide edits or comments. A coordinator in HR may publish the final approved policy to all employees and require a Read and Understood (RAU) attestation through My QUMAS. At the same time, the CRO's office may initiate a reassessment of the risks and controls as a result of the policy change. Executive Management may view a dashboard of RAU status in My QUMAS prior to a board meeting.

QUMAS DocCompliance™

QUMAS DocCompliance is a robust content management system that enables organizations to create, manage and securely store all content, reports and records on one platform to ensure complete lifecycle control over compliance-related content. QUMAS DocCompliance includes some of the most advanced capabilities for collaborative editing and reviewing, controlled printing, version management and virtual collections for many types of documents.

QUMAS ProcessCompliance™

QUMAS ProcessCompliance is a flexible business process management system that allows organizations to standardize and automate their unique and specific business processes to manage the collection, analysis and action on information that flows within and across business units in an organization.

QUMAS EnterpriseRisk™

QUMAS EnterpriseRisk is based on FRSGlobal's RiskResolve technology. The RiskResolve system architecture is broken out into 3 interrelated modules: 1) Control Self-Assessment, 2) Oversight, and 3) Loss and Event Assessment, all of which have been fully integrated into the QUMAS GRC Suite.

QUMAS EnterpriseRisk is a complete risk, control, and loss event system to manage the organization's risk and control infrastructure by defining risk objectives, performing assessments and testing, analyzing losses for cause and financial impact. EnterpriseRisk captures the losses that exceed approved risk appetite and provides a remediation structure for reassessment of risks and controls, policy reviews or business process changes.


By consolidating your organization's GRC initiatives onto the single framework of the QUMAS GRC Suite, you can eliminate the risks and costs associated with managing disparate and siloed applications. Additionally, you will be able to:

--  Provide a consistent and extensible framework for managing GRC
--  Achieve transparency in design and operating effectiveness across
    multiple GRC initiatives
--  View business performance across all risk and compliance initiatives
--  Promote adherence and ensure compliance with changes in federal and
    state statutes, regulations and requirements
--  Train entire organizations on a single technology platform for GRC
--  Provide guidance to employees regarding their ethical and legal
    compliance requirements to ensure that they uphold their responsibilities
    and act with accountability
--  Reduce the cost and risk of non-compliance
--  Assure accurate and timely disclosure to all stakeholders
--  Satisfy regulators and auditors with irrefutable evidence through
    extensive audit history
--  Support and protect the company's governance and ethics standards

"Regardless of industry, GRC is becoming more relevant as enterprises struggle to address the myriad of new and evolving regulations," said Kathleen Wilhide, research director at IDC. "Enterprises are forced to deal with these issues, and the margins of error have become slimmer. GRC solutions that can address risk and compliance from a holistic perspective will put enterprises in a much better position to succeed."


QUMAS is the leader in Enterprise Governance, Risk and Compliance (GRC) with more than 250 customer deployments and over a decade of experience helping companies in highly regulated industries. The QUMAS solution facilitates an informed, risk-based response to GRC challenges across your business. QUMAS solutions channel and focus resources, providing better overall governance and predictability of business performance as well as meaningful reporting to stakeholders. For more information visit

About FRSGlobal

FRSGlobal is the leading provider of global risk and regulatory compliance reporting solutions. The firm is solely dedicated to regulatory reporting and supplies financial organisations worldwide with an independent and cost-effective multi-country regulatory reporting platform.

FRSGlobal has more than a decade of industry expertise and currently provides coverage for more than 30 countries. FRSGlobal's solutions are used in over 1,000 financial organisations -- including 41 of the top 50 global banking institutions. 25% of R&D annual expenditure is dedicated to researching regulations and meeting with regulators, which results in an unparalleled Centre of Regulatory Excellence (CoRE) that supports clients by providing up-to-date regulatory information and reports.

FRSGlobal's FinancialAnalytics enables institutions to address major regulatory, compliance and risk requirements globally. FRSGlobal's coverage includes both local prudential and global reporting (IFRS/FiNREP, Basel II/CoREP and MiFID) -- this is done by leveraging a common DataFoundation™ to harness financial intelligence across an enterprise, while maintaining the country-specific requirements of local regulators.

FRSGlobal has offices in North America (Boston, Charlotte and Toronto), Europe (Amsterdam, Brussels, Dublin, Lisbon, London, Luxembourg, Madrid and Paris) and APAC (Hong Kong, Pune and Singapore). Additional information about FRSGlobal is available at

All trade names, trademarks, and service marks are the rightful property of their respective owners.

Contact Information