MaRisk – Mindestanforderungen an das Risikomanagement

Solution & Benefits Lifecycle Related Regulations

MaRisk (Mindestanforderungen an das Risikomanagement) Compliance Lifecycle

The MaRisk (Mindestanforderungen an das Risikomanagement) compliance lifecycle includes the following steps, all automatically enacted by the ProcessGene™ GRC Software Suite:

Lifecycle step MaRisk activity
MaRisk context establishment
  1. Definition of MaRisk compliance related business processes
  2. Delineation of process diagrams (optional)
  3. Definition of assets within the MaRisk scope
  4. Standardization and documentation of MaRisk regulations, policies and procedures
Risk identification
  1. Risk description, identification of risk stakeholders
  2. Risk classification and determination of heat-maps
  3. Risk assessment and measurement
  4. Determination of Key Risk Indicators (KRIs)
  5. Risk tolerance determination
Control determination
  1. Definition of controls to mitigate identified MaRisk risks
  2. Assignment of MaRisk control owners
  3. Scheduling and monitoring MaRisk control execution
  4. Assessment of residual risk levels
MaRisk audit and remediation
  1. Definition and scheduling of MaRisk audit plans
  2. Definition of mechanisms for testing ongoing MaRisk compliance
  3. Collection, analysis and storage of MaRisk audit results
  4. Remediation plan definition, execution and follow-up
MaRisk related incident management
  1. Incident recording
  2. MaRisk related incident handling (using scheduled workflows)
  3. MaRisk related incident analysis and reporting
  4. Incident monitoring and follow-up
MaRisk (Mindestanforderungen an das Risikomanagement) certification
  1. Hierarchal MaRisk certification process determination
  2. Establishment of an automated MaRisk certification process
  3. Monitoring and reporting MaRisk certification status
  4. Archiving MaRisk certification history
Multi-Org management
  1. Determination of a global MaRisk compliance baseline with mandatory components
  2. Establishing a workflow for examining local (subsidiary) variants
  3. Enforcement of enterprise guidelines, regulations and frameworks within subsidiaries
  4. Control MaRisk compliance level both locally (per subsidiary) and globally from a central HQ cockpit

The ProcessGene™ MaRisk Software Users

The ProcessGene™ MaRisk compliance software provides value to the following users:
  1. C-level management (CEO, CFO, CIO, CRO, COO)
  2. Board of directors
  3. Compliance officers
  4. Internal auditors
  5. MaRisk compliance managers



Continue to: Related Regulations >