For different reasons, there is an increasing focus in compliance to legal and formal regulations. No business wants to face criminal charges for not adhering to the law. The main goal of Regulatory Technology is, to make sure that organizations comply to laws and regulations.
Where there are laws and regulations, there is a need for audits to assess if organizations comply to these and, if not, what the risks are.
An important task for each country’s central bank is, to audit the financial institutions on important areas like security, disaster recovery, liquidity status and many more. The central bank of Curacao and Sint Maarten (CBCS) asked us to design and develop a solution with which the audit department can set up specific surveys (questionnaires) for all or a subset of the institutions.
In close collaboration with CBCS, we created ReCoRS, a survey tool for auditing and risk assessments. The tool is based on Microsoft SharePoint, and a web portal is used for the organizations to fill in the survey.
ReCoRS can be used by all kinds of audit departments (not only central banks) and enables an audit department to design and implement surveys for specific target groups. Using the risk profiles, the department can assess the risk profile of the respondent or the average risk of a sector or branch.
What is it, exactly?
The solution has the following functions
- Create questions
- Compile questionnaires using the questions database
- Invite organizations
- Responses using the web portal
- Assess the responses
We use wizards to create questions and questionnaires and for the invite.
The audit department can create and maintain an extensive set of questions and group these into areas and subareas. Of course, we have the standard answer types: Yes/No, Radiobox, Checkbox, Open question. Also document upload is supported.
Create a questionnaire
It is easy to compile a specific questionnaire or survey for all or a specific target group (size, branche or other defined attributes). The result is:
ReCoRS contains a register in which all organizations can be registered. Specifics of each institution, like area of business, size, and of course name, address and contacts can be registered.
This register is used for the invitations. Simply use the invite wizard to connect a survey to a selection of the institutions and start the invitation. Of course, If your company already has a register of organizations, then we can also connect to that register.
Responses: the Survey web portal
The organizations can respond to the survey using the secure web portal. After a proper login and, if required, a multifactor authentication token, the contact enters a dashboard with all his surveys. He sees the status and can start the survey answering process. If so required, he can also assign parts of the survey areas (e.g. IT security, HR) to other employees.
The web portal also enables the main contact in self-service to add other employees to the organization register and change the general info.
Each survey has a due date and thus it is easy to keep track of the progress and how much time there is left. If and extension of the due date is needed, the contact can ask for it through the website and the audit department can grant (or refuse) this request.
Analysis and risk assessments
We have created a unique solution that combines an automated questionnaire with risk-levels in order to audit organizations fast and efficient. Each area has a specific weight, and each question can be labeled with a specific risk level. Power BI reports are available for risk assessment and of course we can create the specific reports that your company needs.