Austin, TX (PRWEB) January 28, 2008
Compliance Spectrum, a leading provider of IT governance, risk, and compliance (GRC) solutions today announced an expansion of Spectra, its flagship compliance product, to include more sophisticated risk management capabilities and enhanced real-time reporting.
This new risk assessment and analysis capabilities provides senior management, compliance professionals and auditors a quick and easy method to identify and resolve the highest areas of risk, and to estimate the associated cost to remediate the risk. Risk levels are tracked over time and are fully integrated into Spectra's policy, audit and task management capabilities and real-time dashboards.
Spectra calculates a "risk rating" based on the criteria of "business impact", "probability of occurrence" and the "estimated cost to remedy". A new set of reports have been included to provide management guidance based on any or all of the three risk rating criteria. To assist management with better insight and decision making, a new OLAP analytics capability has been included that enables drill-down and ad-hoc analysis of objectives/controls with respect to risk.
"The addition of these advanced risk management and reporting features allow our customers to integrate risk management into their compliance and governance lifecycle programs. Risk assessment and analysis is critical to financial markets and is rapidly becoming a fundamental requirement for other markets", said Colleen Murphy, Vice President of Development, and Compliance Spectrum.
Also new to Spectra is the addition of the Federal Financial Institution Examination Council (FFIEC) examination checklists. These include:
FFIEC Audit - A well-planned, properly structured audit program is essential to evaluate risk management practices, internal control systems, and compliance with corporate policies concerning IT-related risks at institutions of every size and complexity. Effective audit programs are risk-focused, promote sound IT controls, ensure the timely resolution of audit deficiencies, and inform the board of directors of the effectiveness of risk management practices. An effective IT audit function may also reduce the time examiners spend reviewing areas of the institution during examinations. Ideally, the audit program would consist of a full-time, continuous program of internal audit coupled with a well-planned external auditing program.
FFIEC BC - Business continuity planning is the process whereby financial institutions ensure the maintenance or recovery of operations, including services to customers, when confronted with adverse events such as natural disasters, technological failures, human error, or terrorism. The objectives of a business continuity plan (BCP) are to minimize financial loss to the institution; continue to serve customers and financial market participants; and mitigate the negative effects disruptions can have on an institution's strategic plans, reputation, operations, liquidity, credit quality, market position, and ability to remain in compliance with applicable laws and regulations. Changing business processes and new threat scenarios require financial institutions to maintain updated and viable BCPs.
FFIEC Information Security - Information security is the process by which an organization protects and secures its systems, media, and facilities that process and maintains information vital to its operations. On a broad scale, the financial institution industry has a primary role in protecting the nation's financial services infrastructure. The security of the industry's systems and information is essential to its safety and soundness and to the privacy of customer financial information. These security programs must have strong board and senior management level support, integration of security activities and controls throughout the organization's business processes, and clear accountability for carrying out security responsibilities. This checklist provides guidance to examiners and organizations on assessing the level of security risks to the organization and evaluating the adequacy of the organization's risk management.
These three checklists, as published by the FFIEC, are fundamental to a sound compliance and risk management program for financial organizations. These FFIEC checklists can be purchased stand alone or integrated into a compliance lifecycle program automated by Spectra.
"Our goal is to save our customers time and money while building an end-to-end GRC program," says Doug Pushard, CEO of Compliance Spectrum. "By incorporating the FFIEC checklists into Spectra, our customers are able to immediately access these checklists and evaluate the regulatory posture with respect to existing controls; thus saving time and money in monitoring and managing the FFIEC regulation examination handbooks as well as reducing the time required to determine if overlapping controls are already in place."
Spectra is a complete compliance lifecycle management solution that reduces the complexity of the compliance process and lowers the risk of non-compliance through best practice workflow automation. Spectra provides CSOs, CFOs, CCOs, CIOs -- and their teams -- a framework to continuously monitor, measure and report on compliance status.
Spectra is a hosted solution and licensed as a service for a subscription fee which includes software maintenance and automated content updates to ensure regulatory content is up-to-date and accurate. There is no need for a large capital expenditure to purchase a perpetual license and no requirement for IT to get involved with installation. To get started today, contact Compliance Spectrum sales at sales @ compliancespectrum.com or 1.866.206.5602.
About Compliance Spectrum:
Compliance Spectrum offers commercial IT governance, risk and compliance software solutions that empower highly regulated and complex organizations to address the complete lifecycle of compliance. Compliance Spectrum's flagship product, Spectra, provides an automation framework that streamlines the compliance process, lowering the cost of compliance while reducing the business risk of non-compliance. Compliance Spectrum has won numerous industry awards for its first generation product, Command Center. The company is headquartered in Austin Texas with offices in Houston, San Diego, Fairfax Va., and London England. For more information, visit http://www.compliancespectrum.com.