Link essential processes to goals and control mechanisms

Specify monitoring types

Plan verification and testing

Record verification results and test iterations

Monitor discrepancies and corrective measures

Create reports and automatic notifications

AdaptiveMFK is a comprehensive tool that supports work in internal control process management using the control function matrix.  It enables you to perform a variety of functions, from maintaining a list of essential processes, setting general and specific goals for them, through negotiating and assigning key control mechanisms, managing monitoring types, all the way to recording verification results and testing, together with recording discrepancies and corrective measures. AdaptiveMFK can organize work for units in three lines of defence.

As Recommendation H began to be implemented, a significant change occurred in the understanding and implementation of internal control systems, first in banks, and then gradually in other areas of the financial market. With the recommendation came requirements making it mandatory to link primary goals of the organization with key control mechanisms (actions, processes) that are to aid in achieving these goals. Additionally, monitoring the use of these mechanisms is required in order to ensure that goals are being pursued.

One important requirement that the recommendation sets is maintaining an active control function matrix in the form of a computer system. This is intentional on the part of the regulatory body, as an IT system can help in maintaining the matrix thanks to multidimensional data storage, the possibility to link information and keep the history of all changes made to any element of the matrix. Oftentimes, the information stored in the matrix is confidential, which further necessitates the use of reliable and tested access control systems.

Linking processes to control mechanisms

According to recommendation H and Minister of Development and Finances regulation of 2017, commercial and cooperative banks must maintain so-called control function matrices, which are descriptions of linking between essential processes and goals of the internal control system as well as key control mechanisms. This approach sets current standards for the functioning of compliance and internal audit departments, which support achieving strategic goals of the organization and minimizing operational risks.

Specifying monitoring types

Once key control mechanisms, such as procedures, duty assignment definitions, operation authorizations, access control and KPIs, have been specified and selected, the next step is to assign independent horizontal and vertical monitoring to each control mechanism. Part and parcel of the monitoring category are verifications, which are monitoring activities performed daily as normal business processes, as well as testing, which is performed periodically to verify whether control mechanisms effectively support/ensure the realization of goals.

Planning and coordinating tests

Among the requirements set by Recommendation H is the obligation to systematically plan activities related to vertical and horizontal testing. In medium and large organizations it may prove a sizeable challenge to plan and coordinate testing, as the number of tests runs into hundreds and testing teams consist of a dozen members or more. AdaptiveMFK substantially aids in this process by allowing you to build operating and strategic plans while taking into consideration the resources if organizational units arranged into three lines of defense.

Recording verification and test results

From the viewpoint of operating capabilities, a key element of maintaining a control function matrix is effective supervision over the recording of test results and current verifications. In this area AdaptiveMFK supports you by monitoring the lifecycles of test iterations. The application allows you to set up substitutes for personnel responsible for performing tests and verifications, record discrepancies and corrective measures, add proof of testing as attachments. In addition, the system allows for quality verification of test/verification results against critical test values or a team member’s expertise.

Monitoring discrepancies and corrective measures

The problem of low effectiveness of the monitoring of discrepancies and corrective measures can be observed in practically all organizations that deal with corrective measures on a large scale or that have no systemic support for this process, but rely, for instance, on a spreadsheet. AdaptiveMFK ensures comprehensive support for monitoring the application of corrective measures through real-time access to information about the status of each recommendation as well as reporting to the individuals involved.

Change approval and reporting

Effective running of a control function matrix based system of three lines of defence requires that all relevant organizational units become involved and take responsibility. This applies in equal measure to business process owners, units involved in the running of the process, second- and third-line units and management as well as boards of directors. AdaptiveMFK helps you to achieve this goal by mirroring the processes of change submission and approval in its electronic document circulation.

Another factor contributing to the clarity and reliability of the process is reporting and the function of data review. AdaptiveMFK gives you access to predefined reports as well as allowing you to export data to Excel spreadsheets or third-party reporting systems.

Coming soon

How to ensure vendor compliance and mitigate risks of 3rd parties

Jan Anisimowicz | C&F

ISACA NA CACS, May 13–15 2019, Los Angeles

find out more

AdaptiveMFK belongs to the AdaptiveGRC product family

What is AdaptiveGRC?

AdaptiveGRC is the first Polish IT system in the field of Governance, Risk Management and Compliance.

It supports managing organizations in the areas of:

corporate governance – by facilitating the application of an appropriate, effective and lean management model.

risk management – by allowing you to identify and effectively manage risks and make informed, conscious decisions about current dangers.

regulatory compliance – by facilitating the monitoring of the level of compliance with relevant legislation and standards.

What makes AdaptiveGRC stand out?

innovative data model – information is synchronised and kept in one integrated system

ability to configure processes inside the system thanks to a common data model

ability to instantly analyse information and create reports tailored to the needs and requirements of each stakeholder

recording events (audit trail) and the use of electronic signatures

About Us

We are a team of passionate people working around the globe. We combine business and process insight with our technology expertise to develop state-of-the-art IT solutions. We specialize in Life Sciences and beyond, with years of GRC expertise spanning across multiple industries where security is of the highest importance.

Request an AdaptiveMFK demo




World`s Best Trust Us