The Avanon System employs a 3-tier web architecture, the industry standard paradigm for software. This enterprise nature of such a platform allows it to scale solutions from the smallest department to the largest multi-national organization.

While each of functional modules can be licensed and deployed individually, the complete system is delivered to clients: new capability is simply activated by license key, thereby giving clients maximum flexibility.

Please click on each module below to learn more about Avanon Audit.

Global Data

This module forms the core of the entire product, both technically and from a business logic perspective. It is delivered at no charge with purchase of at least one other module and includes all functionality to set-up and maintain global data. All global data and settings are shared in real-time with all other modules. Core settings have only to be captured once, so forming a unique, easily managed repository of key information.

 

Key Features include

• Capture and centrally manage the firm's entire organizational structure
• Manage user accounts, profiles, permissions, roles and languages
• Bundle user privileges to user roles
• Build and manage the process structure of the firm
• Create generic process steps
• Define all products
• Manage Business Lines of any type
• Map organizational Business Lines
• Map structure to processes and products
• Define locations and countries
• Maintain currencies, rates and validity ranges
• Manage Audit Trail
• Log all actions and messages
• Synchronize with LDAP 7 Active Directories
• Define insurance policies and related data

Data Collection

This module delivers all required functionality for enterprise-wide collection and management of losses, incidents, deficiencies etc., including non-monetary losses and “near misses”. Events (causes) and effects (impacts) can be assigned to any or multiple organizational unit(s).

 

An intuitive workflow feature supports the structured and clean collection and analysis of this data. This valuable information can also be linked to internal management accounting.

 

Key Features include

• Capture and classify events / issues / deficiencies
• Manage and monitor events via fully auditable workflow(s)
• Capture and classify effects / impacts
• Allocate effects to bearers based on management accounting
• Allocate effects to bearers based on capital allocation
• Confirmation workflow for effects / impacts
• Set bagatelle limit for effects without a workflow
• Attach supporting documentation (files)
• Advanced search for events and effects
• Display entire history log of events and effects
• Default Reports for quick access to information
• CSV export via for further analysis in e.g. Excel, Access etc.
• Capture and maintain currency rates with defined validity ranges

Global Assessments (Qualitative and Quantitative)

This module supports central definition and maintenance of questionnaires/forms to identify and assess risks, performance and controls of any type, both qualitatively and quantitatively. It can equally well be used for any type of question-based survey on topics such as business continuity, governance, audit, SOx, IT/Project, Compliance, Legal, etc.

 

The assessment process is based on and draws from the same core organization, process, risk, controls structures (hierarchies) defined in Global Data Administration. This enables direct comparison of results with risk monitoring and the loss data per area. Results can also be seamlessly integrated into the quantification process.

 

In the language of ERM, this module is used to support risk identification, capture and maintain risk inventories, categorize and assign along any dimensions, capture root causes, triggers, events, and dynamically link to risk mitigation and control activities via the Action Management Module.

 

A centralized workshop approach can be used, or the process can take the form of fully workflow-controlled decentralized assessment. Evaluation of all results is handled by freely definable scoring formulas.

Key Indicators (Risk, Performance, Controls)

Enterprise-wide surveillance and early-warning capability is provided for in this module. It features flexible aggregation of all identified key risk, control and performance indicators and a dynamic reporting structure.

 

Reporting functionality provides for drill-down from a broad view of the firm-wide risk down to the single business units, processes and indicators to investigate the causes of risk. On request, clients will be provided a set of predefined indicators.

 

Operational risk exists in various forms in the different areas of the firm. Because the information related to operational risk is often subjective, incomplete, incorrect or not reliable, the module KRI uses an intelligent system technology based on fuzzy logic. This technology was developed by Avanon for this such conditions.

 

Features

• Define company-wide and specific indicators
• Set ranges and critical values
• Calculate moving averages for indicators
• Define aggregation logic using Fuzzy Logic or artithmetic formulas
• Simulate and test aggregation logic
• Aggregate indicators with different observation frequencies
• Transform the data to a daily observation frequency
• Manage aggregation logic
• Workflow support
• Audit trail
• Define graphic reports of risk aggregation and drill-down
• Manual data entry with confirmation workflow
• Automatic data entry using XML standards

Action Management

To actively manage and mitigate risks, deficiencies, issues the basic question must be answered: who should do what to avoid or mitigate it? This module comprises all functionality needed to define, assign responsibility, maintain and monitor completion of action plans and report on them.

 

Support is given for central and de-central definition of action plans and monitoring of progress, tasks, deadlines, responsibilities etc. Action Plan libraries serve to organize the activities, with automatic recommendations whenever pre-set thresholds for performance, control and audit (e.g. 'overdue' items) have been exceeded.

 

Action Plans assigned to a particular department consists of one or n tasks. Each task can be assigned to individual users. Monitoring current performance (handling of the defined Action Plan) is completely supported via individual and global reporting, as well as alerts based on any criteria. The entire process is workflow controlled by way of defaults provided or adjusted to individual requirements by configuration.

 

Using powerful search features any required criteria can be specified by parameter setting to monitor status and performance of action plans. Integrated reporting supports full analysis, and reports can be shared with other users (made ‘public’) for their own reporting and dashboards. Examples are:

 

• Action Plans / Activities by Organizational Unit
• Action Plans / Activities by Risk, Control, Performance Type
• Action Plans / Activities by Workflow status
• Action Plans / Activities by Priority
• Assigned investments, etc.

Reporting & Dashboards

It is often the case that vendors relegate the task of reporting to an external, '3rd-party' tool and offer to build an interface to ensure all data is made available for reporting. Inevitably, such an approach has trade-offs, especially when considering rights, control and visibility of data, and the ongoing support for a custom interface.

 

Early into the development of its product, Avanon made the choice to invest in a reporting solution that is internal to the system, requires no interfaces, in which reports, once defined, are automatically adjusted when changes are made the structures, to computed results, to user permissions etc.

 

As a result, this area of the system's features, to visualize, analyze and monitor specific and global risk-related information is easy, low maintenance, and highly forward compatible.

 

Users can capture and save personal and public reports intuitively via a selection of fields, filters and search criteria, all dynamically updated whenever changes are made.

 

As with all other modules, the reporting capabilities are tightly integrated with the Administration Module, ensuring that visibility and control of all data respects any pre-defined roles and rights. Such depth of functionality is decisive, as it removes the need for complex and costly integration to or with external reporting packages.

 

A corporate risk information / management dashboard can be defined using rich graphical features to provide a consolidated overview of all data for the entire firm.

 

Full support is given for drill-down from a broad views of risk down to single business units, processes and/or indicators in order to rapidly investigate the sources of risk, and trigger immediate remedial action.

 

All result data can be exported with ease to standard Word, Excel, PDF formats. Beyond this, a 'reporting universe' can be activated for clients who wish to integrate the data with a 3rd-party reporting architecture (Cognos, Business Objects, SAS, Hyperion, Crystal...)