Challenges

  • Breaking silos and improve communication between the  different legal entities of the group
  • Implementing a modern approach to internal control assessment and risk management
  • Creating a shared repository to ensure visibility on controls and assessments
  • Reducing time of control activities

Results

  • Standardization of risk and control processes
  • Optimization of communication between functions
  • Process automation

The size of Manni Group Holding, with a global presence in several countries, required to have an integrated method for assessing risks and controls. Internal audit activities only began in 2016, replacing what was previously called “management control” and thus creating the Internal Audit function, which did not exist before then. The latter is one of the reasons for which the methodology used by the group presented various difficulties. The approach used for the evaluation of controls was outdated, the assessment was carried out using questionnaires created using different Excel and Word files. 

Breaking silos and modernizing risk assessment activities

The Internal Audit and Risk Management functions were treated as two separate functions, although the work carried out by the two functions was interconnected. The role of the risk manager was to assess risks while the internal auditor was responsible for assessing the maturity of controls. The workflow of the risk manager activities was not automated, all risks were recorded on Excel and each control associated with that risk had to be searched manually for each company group involved. As a result, the different functions worked in silos, which led to costly results in terms of both time and efficiency.

This methodology also entailed many risks related to security of the information stored in the files. This reason and the others mentioned above have led Manni Group to initiate a process of progressive integration between Risk Management, Internal Audit and Internal Control activities. In order to improve processes and obtain a shared visibility of risk management activities, Manni Group had to implement a methodology to:

  • Manage risks in a holistic and structured way
  • Promote a risk-aware culture
  • Reduce time to value
  • Standardize operations
  • Improve communication between different legal entities of the group

An integrated methodology to optimize risk management processes

In 2020, Manni Group realized that they could not achieve a structured and integrated risk management methodology without the modernization, and therefore digitalization, of its business processes.

For the project, Manni Group conducted an intensive search, evaluating all alternatives in order to find the solution that was deemed most inherent to Manni Group workflow. HOPEX Integrated Risk Management (IRM) suited best Manni Group way of working, allowing them to maintain their methodology whilst optimizing their risk management processes.

Given the size of the group, the stakeholders involved in the audit and risk processes interacted with dozens of risk owners each day located in different locations. With the solution, they are able to dialogue with the risk owners through simplified questionnaires to which the different functions had to respond.

Manni Group’s main objective was to have a more integrated and structured system. HOPEX allowed them to have detailed reports of 5 main attributes identified by the client: organization, controls, risks, processes, and management. The solution builds a very dense network that the user can shape, until obtaining a representative description of the organization ecosystem.

The group also had at its disposal applications additional customizations when needed, including duplication of controls to associate multiple questionnaires, which allowed to create a more articulated system.

With this integrated methodology, all the necessary requirements have been met:

  • Ability to have risks, controls, and processes in a single repository
  • A flexible and customizable solution
  • Simplified collaboration between all Risk Management functions
  • Automation of reports generated by the system

“MEGA shows constant development and solution innovation which to me, from a customer point of view, leaves me feeling secured. A team that is committed and passionate, displaying a human side with great added value.”

Michele Breda, Integrated Risk Manager at Manni Group

Standardizing audit processes

Thanks to an agile approach characterized by initial workshops to define objectives and methodologies, the project was implemented during a reduced number of days. In just 6 months, 12 internal audit campaigns have already been created, 100 questionnaires sent out and most of them already answered.

The standardization of audit processes and the structure given to the work has led to time reduction and boost of productivity. Information shared between control functions and risk managers is now structured and functional as a result of communication optimization.

Manni Group now has a holistic and shared view of all the mitigation plans related to the controls that have been assessed - instead of having several Excel files for each session. HOPEX IRM has made it possible to have all mitigation plans on one screen in a shared repository, (e.g open, closed, expired, high priority/low priority) creating a system that allows users to create a network of processes and have a more optimal and efficient structure.

Simplifying Business Processes to reduce risks

The next step of the project is concerned with segregation of duties in which the main user has visibility on all questionnaires and processes of all users in order to ensure a higher security level within the organization. Following this implementation, access will be given also to contributors (users) making the information in HOPEX accessible to all functions according to the security level assigned.

To further ensure risks are mitigated and to improve efficiency, future objectives include integration with SAP Solution Manager for the import of the main KRIs (Key Risk Indicators) into HOPEX, as well as the access of Risk Owners to the system according to a Segregation of Duties logic.

Download the PDF

Next Steps

  • SAP Solution Manager Integration
  • Segregation of duties

Solutions

  • HOPEX Integrated Risk Management
  • HOPEX Business Process Analysis
  • HOPEX Platform
  • MEGA Services Team

Share this with your colleagues!

Talk to an expert!

Reach out to our experts to see how we can best support you to be successful in your project.