Governance, Risk, and Compliance (GRC)

Governance, Risk, and Compliance (GRC) - OpenPages

Intended for IBM OpenPages and IBM FIRST Risk Case Studies customers to interact with their industry peers and communicate with IBM product experts.

 View Only
  • 1.  watsonx.ai prompt for OpenPages examples

    Posted Wed April 16, 2025 02:48 PM
    Edited by Christophe Delauré Thu April 17, 2025 07:07 AM

    We have been demonstrating a number of use case with watsonx.ai 

    Here a few short videos posted on linkedin

    https://www.linkedin.com/in/christophedelaure/recent-activity/videos/

    Its now the time to share these prompts 

    These are starting points, and they can improved quite a bit and make more robust

      Use Case Benefit & Business Value Value Impact watsonx Cost/Effort profile
    1 PII Detection
    Detect input of personal identifiable information.
    Prevent potential privacy breach and misuse of data. VERY HIGH watsonx.ai

     

    2 5W Control Analysis Improved quality of control data and downstream processes for control assurance and testing. HIGH watsonx.ai  
    Determine quality of documented controls using 5W model (Who, what, when, where and why)
    3 Issue Summarization and Rewrite Summarize incidents/issues and rewrite for clarity. Simplify reporting of incidents and issues by removing technical risk jargon. HIGH watsonx.ai

    4 Auto tagging
    Automatically add tags to records within OpenPages.
    Aids in creating accurate tags by filter.
    Creates a system where tags become more used due to auto identification
    MEDIUM watsonx.ai  
    5 Emerging Risk
    General potential emerging risk scenarios.
    Proactive, forward looking risk analysis. MEDIUM watsonx.ai

    6 Semantic Data Similarity
    Identify similar instances of data (e.g. incidents, risks, issues) across business units to share learnings and remediations from previous occurrences.
    Learn lessons from previous mistakes and share findings across the business. HIGH watsonx.ai  
    7 Obligation Generation
    Generate obligations on regulatory change.
    Reduce time taken to create an obligation. Simplify obligation language for non-compliance staff. HIGH watsonx.ai ♦ (9.1)
    8 Incident response
    Generate incident response plans based on incident description.
    Proactive incident management. MEDIUM watsonx.ai
    9 Incident Capture
    User guided AI assistant to create new incidents.
    Simplify incident capture.Improve data quality.Reduce review time. VERY HIGH watsonx assistant  
    10 FAQ/Policy
    Virtual assistant within & outside of OpenPages to respond to user questions.
    Improve usability of OpenPages.
    24x7 support for end users.
    Reduce support costs and time.
    HIGH watsonx assistant

    11 Executive summary for complex dataset such as Audit, Risk Assessment In few seconds automatically generate the executive summary for Risk Assessment leveraging information on Processes, Risks, Controls, Issues for Risk Assessment  HIGH watsonx.ai ♦ (9.1)
    12 Same above on watsonx.ai, leveraging other LLM (Open AI, Anthropic, etc) Leveraging the same UI workflows, leverage third party LLM through a Python Notebook HIGH WML + Third party solution ♦ (9.1)
    13  Coverage review / Update
    Obligation/Control or Policy/Obligation, Risk/Control Coverage
    Automatically identify wether 1 activity covers the required related information: Are my controls sufficient for the oblgation mapped? Is my Policy sufficient for the Obligation mapped? Is my Risk covered by the controls, is there any gaps? HIGH watsonx.ai ♦ (9.1)



    ------------------------------
    Christophe Delauré
    Principal Product Manager
    IBM
    Cambridge MA
    6503050530
    ------------------------------



  • 2.  RE: watsonx.ai prompt for OpenPages examples

    Posted Wed April 16, 2025 03:03 PM
    Edited by Christophe Delauré Thu April 17, 2025 05:54 PM

    Use case 1: PII Detection and Redaction

    The idea is to instruct the prompt to identify the PII and change the PII by the relevant "redacted text"

    OpenPages version: 9003, 9004, 9005, 9.1

    Model Definition

    Model Used: Llama 3.3 70b

    Prompt:

    PII types can be: Person Name, Address, Email address, Phone number, IP Address, Account number, Employee number, Social Security Number. 
    Do 2 things:
    1, list the PII Identified 
    2, provide the Redacted Text which should NOT include any of the PII detected and where all the PII detected is replaced as follow:
    Person Name should be replaced by [Name] 
    Address should be replaced by [Address], 
    email address should be replaced by [Email], 
    Phone number should be replaced by [Phone], 
    IP Address should be replaced by [IP Address], 
    Address should be replaced by [Address], 
    Account number should be replaced by [Account Number], 
    Employee number should be replaced by [Employee number],
    Social Security Number should be replaced by [SSN] 
    
    Input:
    Today, Christophe Delaure, with the phone number 650-3050540 has been identified as the main suspect. He was traced by his IP Address 142.24.355.12. He did not know about it
    Output:
     {       "PII Identified":"Name: Christophe Delaure. Phone Number: 650-3050540",
              "Redacted Text": "Today, [Name], with the phone number [Phone] has been identified as the main suspect. He was traced by his IP Address [IP Address]. He did not know about it."
    }
    Input: 
    After the event happened John Ruis and Laurent Smith were identified with IP 106.28.23.187 from his home office, his employe ID is 142643.
    Output:
     {       "PII Identified":"Name: John Ruis, Laurent Smith. IP Address:  106.28.23.187. Employee ID: 142643. Account Number: 5464647777777",
    "Redacted Text": "After the event happened [Name] was identified with IP [IP Address] from his home office, his employe ID is [Employee number] and account at Bank of Madrid [Account Number]."
    }
    
    
    Input: 
    {Text}
    Output in json:
    

    Stop Sequence:

    }

    Example/ Variable Text

    On October 12, 2024, DEF Enterprises uncovered a breach in its integrated accounting system, which forms a crucial part of its Accounting platform. The breach occurred due to a misconfigured database that was inadvertently exposed during a routine software update, leading to unauthorized access to sensitive client data.
    
    During the breach, hackers gained access to the accounting records of thousands of clients. For instance, John Smith, a long-time client, had his bank account 5464647777774 at Bank of America exposed, along with his Social Security Number (987-65-4321). Similarly, Emily Davis, another client, had her Wells Fargo account information and tax identification number compromised. The breach also revealed Laura Williams' credit card information, including her card number ending in 5678 and the expiration date of 11/25.
    
    Cause of the Incident:
    The breach was caused by an error during a software update when a database containing sensitive accounting information was left exposed without proper security controls. This oversight allowed unauthorized individuals to access confidential financial data, such as bank account numbers and tax identification details, for several days before the issue was detected and corrected.
    

    Max token: as needed but suggested: 1000 (as most of the fields are 4000 characters

    OpenPages Configuration

    I ll focus on the output Jsonata 

    List of PII identified

    $eval(results.generated_text)."PII Identified"

     

    Redacted text

    $eval(results.generated_text)."Redacted Text"

    Happy testing! 



    ------------------------------
    Christophe Delauré
    Principal Product Manager
    IBM
    Cambridge MA
    6503050530
    ------------------------------



  • 3.  RE: watsonx.ai prompt for OpenPages examples

    Posted Wed April 16, 2025 03:51 PM

    Use Case 2: Text Summarization

    The goal here is to generate a summary for a long text, so that is could be included in a report (rather then using the full description)

    Bonus: The model will automatically translate in the language used in the prompt/instructions unless asked otherwise :)

    OpenPages Versions: 9003, 9004, 9005, 9.1, ++

    Model Configuration

    Model used: Llama 3.3 70b

    Super simple prompt:

    You are a risk and compliance professional in a large financial institution, please provide me a one paragraph summary of the text below 
    {Text}
    Summary in JSON format {"summary":"summarized text"} only nothing else:
    
    

    Stop Sequence

    }

    Max Token: suggested 250, depending on how short the summary should be 

    OpenPages Configuration

    Jsonata to extract the summary 

    $eval(results.generated_text).summary

    Happy Testing 



    ------------------------------
    Christophe Delauré
    Principal Product Manager
    IBM
    Cambridge MA
    6503050530
    ------------------------------



  • 4.  RE: watsonx.ai prompt for OpenPages examples

    Posted Thu April 17, 2025 05:46 PM
    Edited by Christophe Delauré Thu April 17, 2025 05:53 PM

    Use Case: Privacy Incident triage

    For a privacy incident with PII loss, allow to automatically identify the notification requirement to the regulator, disclosure requirement, potential email template in the language of the jurisdiction

    OpenPages version: 9003, 9004, 9005, 9.1

    Model Configuration

    Model used: Llama 3.3 70b

    You are a Data privacy officer in a large financial institution operating in all countries, you nee to analyze the privacy incident.
    
    The Analysis should be in HTML only, just the content of the analysis, 
    and title start at <h5> and we should have 2 line space <br><br> between each section
    each countries and jurisdiction in <h6>
    Bullets use <ul><li> tags
    
    
    privacy incident:
    {incident}
    
    Analyze the privacy incident and ouput the 2 following sections
    1- <h5>Countries and Jurisdiction</h5>: if there is any notification required to the regulator: time line for each jurisdiction and regulation with the list of all  information needed. along with the potential fines, regulator website, regulator
    2- <h5>Notification templates</h5>: template email by jurisdiction in the language of each jurisdiction for the person impacted in plain text (no html)
    3- <h5>Note</h5>finish with a Note, indicating that this analysis was done based on the information provided and should reviewed by legal***
    
    Here is just the 3 sections stop after the note only of analysis in html format inside: 
    
    
    

    Stop Sequence

    ***

    Text example / Variable

    We lost 1000 customer information (Name and phone number) from customers in California thailand and france and singapore

    OpenPages Configuration

    I ll focus on the output Jsonata 

    Text extraction using Jsonata 

    results.generated_text

    Video demonstration

    https://www.linkedin.com/feed/update/urn:li:activity:7300133691479998464/?originTrackingId=9ve2Ct50TbqC4XM0QM4syg%3D%3D

    Happy testing 



    ------------------------------
    Christophe Delauré
    Principal Product Manager
    IBM
    Cambridge MA
    6503050530
    ------------------------------



  • 5.  RE: watsonx.ai prompt for OpenPages examples

    Posted Mon April 21, 2025 06:30 AM
    Edited by Christophe Delauré Mon April 21, 2025 06:37 AM
      |   view attached

    Use Case 11: Generate an Executive summary for Risk Assessment

    Link to Video: Linkedin

    In this case, we would like to generate a Risk Assessment summary that would analyze:

    • Processes 
    • Risks for each of the processes 
    • Controls mitigating the above risks
    • Issues identified for each controls

    OpenPages Version required: 9.1 (required the ability to use views as input)

    Model Definition

    Model input: Here we build a view specifically for AI input allowing to selectively identify the information to be sent to the model

    The View includes:

    • A few key fields for the risk assessment 
    • Grid: Process with. a few key fields 
    • Grid Risk with a few fields ( including Inherent Risk Rating, Residual Risk Rating)
    • Grid Contorls with a few key fields (including Design Effectiveness and Operating Effectiveness)
    • Grid for Issue with a few key fields

    The challenge was to make the model understand what risks are related to which Process and Which control is related to which Risk, and which issue would be mapped to which controls 

    Leveraging the Auto-naming that provides the name of the parent, we were able to instruct the model to look at the name.id to infer the dependencies

    AI input View: See attached PDF

    Model Used: Llama 3.3 70b

    Prompt:

    Analyze the risk assessment below which include Process, their respective risk, respective controls, and control issues
    
    Try:
    Identify weakness area
    Identify inconsistencies 
    
    
    In your analysis provide:
    1 Overview 
    2 Strength 
    3 Weakness area 
    4 Potential Inconsistencies (if some inconsistencies appear explain otherwise just write: no inconsistencies identified, review and provide final assessment). If a control is rated high but a number of issues are still open this would probably indicate inconsistencies (be explicit by listing or identifying the title of activities)
    5 Recommendations
    
    Risk Assessment information
    {objectJson}
    
    In the json above, processes have risks, risks have controls, and controls have issues. the ID fields provides the ID of the parent allowing to reconstruct the relationship between objects types and allows to spot inconsistencies such a  control that is rated high with issues still open
    as an example to understand dependencies in the data:
    in the JSON data  If an  issue name.id is "ABC Financial Institution_PROC_000550_RIS_0000906_CON_00000596_ISS_002" then it would be related to:
    process name.id that contains "PROC_000550"
    risk name.id that contains "PROC_000550_RIS_0000906"
    control name.id that contains "PROC_000550_RIS_0000906_CON_00000596"
    
    The Analysis should be in HTML only, just the content of the analysis, 
    and title start at <h5> and we should have 2 line space <br><br> between each section
    Bullets use <ul><li> tags
    object title are in bold using <b> tags only
    
    End the analysis after the recommendation section with <br><br>"Note: The analysis is based on the provided information and may not be comprehensive or exhaustive. Additional information and context may be necessary to provide a more detailed and accurate analysis." in bold text using <b>
    
    Analysis:

    The prompt has a few section

    • Context
    • Instruction on how to analyze the content 
    • Json Variable - when using a input view the variable is hardcoded {ObjectJson}
    • The instruction to understand the dependencies
    • Instruction for HTML output
    • Instruction on how to end 

    Stop Sequence : 

    </h3>·
    
    

    Variable example {objectJson}:

    NOTE:In order to get the actual view you will need to go into the Debug Log for Machine Learning) to get the exact example you would get

    {
      "Process, Risk, Control information ": {
        "Issues": {
          "relationshipType": "descendants",
          "objectTypeName": "SOXIssue",
          "relatedObjects": [
            {
              "Status": "Open",
              "Impact": "Significant",
              "Description": "Finance Employee Circumvents Approval Workflow, Leading to $750,000 Fraudulent Vendor Payment\n\nIssue Description:\nA recent internal audit uncovered that an employee in the Accounts Payable department exploited a loophole in the Vendor Payment Approval Workflow, bypassing the required dual-approval process to authorize a fraudulent vendor payment of $750,000.\n\nThe fraudulent payment was made to a shell company that had been fraudulently registered as a legitimate vendor. Since the system lacked proper validation checks to ensure all approvals were completed, the employee was able to override the workflow and process the payment without senior management approval.",
              "Priority": "High",
              "Probability": "Likely",
              "Name": {
                "id": "ABC Financial Institution_PROC_00044_RIS_0000106_CON_00000196_ISS_002",
                "title": "Bypass of Vendor Payment Approval Process Resulted in Fraudulent Payment"
              }
            },
            {
              "Status": "Open",
              "Impact": "Significant",
              "Description": "Duplicate Payment of Vendor Invoice Due to Inadequate Workflow Execution\n\nIssue Description:\nAn internal review identified a duplicate payment of $75,000 made to a legitimate vendor due to insufficient execution of the Vendor Payment Approval Workflow. The initial payment was properly approved; however, due to a system error, the same invoice was reprocessed and approved again without verification against previous payments. The issue was identified only after the vendor reported receiving duplicate funds.\n\nRoot Cause:\n\nLack of automated invoice reconciliation checks within the approval workflow.\nManual errors and oversight during second payment approval process.",
              "Priority": "High",
              "Probability": "Likely",
              "Name": {
                "id": "ABC Financial Institution_PROC_00044_RIS_0000106_CON_00000196_ISS_003",
                "title": "Insufficient Approval Caused Duplicate Vendor Payment"
              }
            },
            {
              "Status": "Open",
              "Impact": "Not Determined",
              "Description": "During a recent audit by the regulatory body, it was discovered that the organization failed to implement Automated Compliance Checks as mandated under financial regulations. As a result, several high-value transactions were processed without proper screening, violating Anti-Money Laundering (AML) and Know Your Customer (KYC) regulations.\n\nSpecifically, the audit identified 15 transactions totaling $3.2 million that were conducted by entities flagged on global sanctions lists. The absence of automated compliance screening allowed these transactions to bypass manual reviews, exposing the company to regulatory penalties of up to $500,000 and reputational damage.",
              "Priority": "Not Determined",
              "Probability": "Not Determined",
              "Name": {
                "id": "Failure to Implement Automated Compliance Checks Led to Regulatory Violation",
                "title": null
              }
            }
          ]
        },
        "Process included in Risk Assessment": {
          "relationshipType": "children",
          "objectTypeName": "SOXProcess",
          "relatedObjects": [
            {
              "Status": "Awaiting Approval",
              "Description": "Manages financial transactions including payments, refunds, and transfers. Ensures accuracy, detects fraudulent activities, and complies with financial regulations to prevent financial loss and operational risks.",
              "Name": {
                "id": "ABC Financial Institution_PROC_00042",
                "title": "Transaction Processing"
              }
            },
            {
              "Status": "Awaiting Assessment",
              "Description": "Conducts identity verification for new customers by collecting and validating personal data, government-issued IDs, and financial history. Ensures compliance with Anti-Money Laundering (AML) and Know Your Customer (KYC) regulations.",
              "Name": {
                "id": "ABC Financial Institution_PROC_00043",
                "title": "Customer Onboarding & KYC"
              }
            },
            {
              "Status": "Awaiting Assessment",
              "Description": "Handles vendor registration, invoice verification, and payment processing. Ensures payments are made to legitimate vendors, preventing fraud and payment discrepancies through approval workflows and reconciliation.",
              "Name": {
                "id": "ABC Financial Institution_PROC_00044",
                "title": "Vendor Payments & Account Management"
              }
            }
          ]
        },
        "Risk": {
          "relationshipType": "descendants",
          "objectTypeName": "SOXRisk",
          "relatedObjects": [
            {
              "Inherent Risk Rating": "High",
              "Description": "Fraudulent or unauthorized transactions caused by weak authentication, system loopholes, or insider threats. Can lead to financial loss, reputational damage, and regulatory penalties.",
              "Residual Risk Rating": "Low",
              "Name": {
                "id": "ABC Financial Institution_PROC_00042_RIS_0000101",
                "title": "Unauthorized Transactions"
              }
            },
            {
              "Inherent Risk Rating": "Medium",
              "Description": "Incorrect, incomplete, or tampered financial data due to human error, system failures, or cyberattacks. May impact financial reporting, compliance audits, and operational decision-making.",
              "Residual Risk Rating": "Low",
              "Name": {
                "id": "ABC Financial Institution_PROC_00042_RIS_0000102",
                "title": "Data Integrity Failures"
              }
            },
            {
              "Inherent Risk Rating": "Medium",
              "Description": "Failure to meet financial regulations such as AML, GDPR, and SOX. Can result in heavy fines, operational restrictions, and loss of business licenses.",
              "Residual Risk Rating": "Low",
              "Name": {
                "id": "ABC Financial Institution_PROC_00042_RIS_0000103",
                "title": "Regulatory Non-Compliance"
              }
            },
            {
              "Inherent Risk Rating": "High",
              "Description": "Failure to properly verify customers before allowing financial transactions, increasing the risk of money laundering, fraud, and regulatory violations.",
              "Residual Risk Rating": "Low",
              "Name": {
                "id": "ABC Financial Institution_PROC_00043_RIS_0000104",
                "title": "Inadequate Customer Due Diligence"
              }
            },
            {
              "Inherent Risk Rating": "Medium",
              "Description": "Fraudsters using stolen or fake identities to open accounts and conduct financial crimes. This risk affects customer trust and regulatory compliance efforts.",
              "Residual Risk Rating": "Low",
              "Name": {
                "id": "ABC Financial Institution_PROC_00043_RIS_0000105",
                "title": "Identity Fraud"
              }
            },
            {
              "Inherent Risk Rating": "Very High",
              "Description": "Fraudulent transactions made to fake or compromised vendors, often through insider collusion or lack of proper payment verification controls.",
              "Residual Risk Rating": "Low",
              "Name": {
                "id": "ABC Financial Institution_PROC_00044_RIS_0000106",
                "title": "Vendor Fraud"
              }
            },
            {
              "Inherent Risk Rating": "Very High",
              "Description": "Errors in processing payments such as duplicate payments, incorrect amounts, or misallocated funds. These errors can cause financial losses and disrupt operations.",
              "Residual Risk Rating": "Low",
              "Name": {
                "id": "ABC Financial Institution_PROC_00044_RIS_0000107",
                "title": "Payment Processing Errors"
              }
            },
            {
              "Inherent Risk Rating": "High",
              "Description": "Fraudulent or unauthorized transactions caused by weak authentication, system loopholes, or insider threats. Can lead to financial loss, reputational damage, and regulatory penalties.",
              "Residual Risk Rating": "Low",
              "Name": {
                "id": "ABC Financial Institution_PROC_00044_RIS_0000108",
                "title": "Unauthorized Transactions"
              }
            }
          ]
        },
        "Controls": {
          "relationshipType": "descendants",
          "objectTypeName": "SOXControl",
          "relatedObjects": [
            {
              "Description": "Requires users to verify their identity through multiple authentication methods, such as passwords, biometrics, or one-time passcodes, reducing the risk of unauthorized transactions.",
              "Operating Effectiveness": "Effective",
              "Design Effectiveness": "Effective",
              "Name": {
                "id": "ABC Financial Institution_PROC_00042_RIS_0000101_CON_00000181",
                "title": "Multi-Factor Authentication (MFA)"
              }
            },
            {
              "Description": "Automated system that continuously monitors financial transactions in real-time, flagging suspicious activities for further investigation.",
              "Operating Effectiveness": "Effective",
              "Design Effectiveness": "Effective",
              "Name": {
                "id": "ABC Financial Institution_PROC_00042_RIS_0000101_CON_00000182",
                "title": "Transaction Monitoring System"
              }
            },
            {
              "Description": "Systematically verifies the accuracy and consistency of transaction data, reducing human error and detecting fraudulent entries.",
              "Operating Effectiveness": "Effective",
              "Design Effectiveness": "Effective",
              "Name": {
                "id": "ABC Financial Institution_PROC_00042_RIS_0000102_CON_00000183",
                "title": "Automated Data Validation"
              }
            },
            {
              "Description": "Maintains a detailed log of all financial activities, enabling forensic investigation and regulatory compliance audits.",
              "Operating Effectiveness": "Effective",
              "Design Effectiveness": "Effective",
              "Name": {
                "id": "ABC Financial Institution_PROC_00042_RIS_0000102_CON_00000184",
                "title": "Audit Logging & Tracking"
              }
            },
            {
              "Description": "Ensures financial data integrity by implementing secure backups and data recovery procedures in case of data loss or cyber incidents.",
              "Operating Effectiveness": "Effective",
              "Design Effectiveness": "Effective",
              "Name": {
                "id": "ABC Financial Institution_PROC_00042_RIS_0000102_CON_00000185",
                "title": "Backup & Recovery Protocols"
              }
            },
            {
              "Description": "Utilizes AI-driven technology to automatically verify regulatory compliance for financial transactions and risk management.",
              "Operating Effectiveness": "Ineffective",
              "Design Effectiveness": "Effective",
              "Name": {
                "id": "ABC Financial Institution_PROC_00042_RIS_0000103_CON_00000186",
                "title": "Regulatory Non-Compliance"
              }
            },
            {
              "Description": "Ongoing training programs for employees to enhance awareness of financial regulations, AML/KYC requirements, and fraud prevention techniques.",
              "Operating Effectiveness": "Effective",
              "Design Effectiveness": "Effective",
              "Name": {
                "id": "ABC Financial Institution_PROC_00042_RIS_0000103_CON_00000187",
                "title": "Regulatory Training"
              }
            },
            {
              "Description": "Periodic audits conducted to assess adherence to regulatory requirements, identifying compliance gaps and recommending corrective actions.",
              "Operating Effectiveness": "Effective",
              "Design Effectiveness": "Effective",
              "Name": {
                "id": "ABC Financial Institution_PROC_00042_RIS_0000103_CON_00000188",
                "title": "Internal Compliance Audits"
              }
            },
            {
              "Description": "AI-powered KYC solutions that verify customer identities against global watchlists and fraud databases to detect high-risk individuals.",
              "Operating Effectiveness": "Effective",
              "Design Effectiveness": "Effective",
              "Name": {
                "id": "ABC Financial Institution_PROC_00043_RIS_0000104_CON_00000189",
                "title": "Automated KYC & Background Screening"
              }
            },
            {
              "Description": "Classifies customers based on risk factors such as transaction behavior, location, and financial history to apply appropriate due diligence measures.",
              "Operating Effectiveness": "Effective",
              "Design Effectiveness": "Effective",
              "Name": {
                "id": "ABC Financial Institution_PROC_00043_RIS_0000104_CON_00000190",
                "title": "Risk-Based Customer Profiling"
              }
            },
            {
              "Description": "Stricter verification and monitoring processes for high-risk customers, ensuring thorough risk assessment and compliance with AML regulations.",
              "Operating Effectiveness": "Effective",
              "Design Effectiveness": "Effective",
              "Name": {
                "id": "ABC Financial Institution_PROC_00043_RIS_0000104_CON_00000191",
                "title": "Enhanced Due Diligence (EDD)"
              }
            },
            {
              "Description": "Verification of client's identity and ultimate beneficial ownership structure, by performing client name screening (against internal watchlists), determining nature of business activities (e.g. ACRA data, business license, financial statements), ultimate beneficial ownership structure (e.g. company shareholders)",
              "Operating Effectiveness": "Not Determined",
              "Design Effectiveness": "Not Determined",
              "Name": {
                "id": "ABC Financial Institution_PROC_00043_RIS_0000104_CON_00000221",
                "title": "Check Customer Credentials"
              }
            },
            {
              "Description": "AI-driven document scanning tools that authenticate identity documents and detect tampering or forgeries.",
              "Operating Effectiveness": "Effective",
              "Design Effectiveness": "Effective",
              "Name": {
                "id": "ABC Financial Institution_PROC_00043_RIS_0000105_CON_00000192",
                "title": "Document Verification Tools"
              }
            },
            {
              "Description": "Analyzes customer and employee transaction behavior patterns to identify deviations that indicate potential fraud or security threats.",
              "Operating Effectiveness": "Effective",
              "Design Effectiveness": "Effective",
              "Name": {
                "id": "ABC Financial Institution_PROC_00043_RIS_0000105_CON_00000193",
                "title": "Behavioral Analytics"
              }
            },
            {
              "Description": "Uses facial recognition, fingerprint scanning, or voice authentication to ensure secure and accurate identity verification.",
              "Operating Effectiveness": "Effective",
              "Design Effectiveness": "Effective",
              "Name": {
                "id": "ABC Financial Institution_PROC_00043_RIS_0000105_CON_00000194",
                "title": "Biometric Authentication"
              }
            },
            {
              "Description": "Evaluates potential vendors based on financial stability, past fraud incidents, and compliance history before onboarding.",
              "Operating Effectiveness": "Effective",
              "Design Effectiveness": "Effective",
              "Name": {
                "id": "ABC Financial Institution_PROC_00044_RIS_0000106_CON_00000195",
                "title": "Vendor Risk Assessment"
              }
            },
            {
              "Description": "Requires multiple layers of approval for vendor payments to prevent fraudulent or unauthorized disbursements.",
              "Operating Effectiveness": "Effective",
              "Design Effectiveness": "Effective",
              "Name": {
                "id": "ABC Financial Institution_PROC_00044_RIS_0000106_CON_00000196",
                "title": "Vendor Payment Approval Workflow"
              }
            },
            {
              "Description": "Matches payments with corresponding invoices and purchase orders to detect discrepancies or unauthorized transactions.",
              "Operating Effectiveness": "Effective",
              "Design Effectiveness": "Effective",
              "Name": {
                "id": "ABC Financial Institution_PROC_00044_RIS_0000106_CON_00000197",
                "title": "Transaction Reconciliation"
              }
            },
            {
              "Description": "Utilizes AI to compare financial transactions with accounting records, identifying mismatches in real-time.",
              "Operating Effectiveness": "Not Determined",
              "Design Effectiveness": "Not Determined",
              "Name": {
                "id": "ABC Financial Institution_PROC_00044_RIS_0000107_CON_00000198",
                "title": "Automated Payment Reconciliation"
              }
            },
            {
              "Description": "Defines protocols for identifying and resolving payment processing errors efficiently.",
              "Operating Effectiveness": "Not Determined",
              "Design Effectiveness": "Not Determined",
              "Name": {
                "id": "ABC Financial Institution_PROC_00044_RIS_0000107_CON_00000199",
                "title": "Exception Handling Procedures"
              }
            },
            {
              "Description": "Enforces a rule where high-value transactions require approval from at least two authorized personnel.",
              "Operating Effectiveness": "Not Determined",
              "Design Effectiveness": "Not Determined",
              "Name": {
                "id": "ABC Financial Institution_PROC_00044_RIS_0000107_CON_00000200",
                "title": "Dual Approval for Payments"
              }
            },
            {
              "Description": "Requires users to verify their identity through multiple authentication methods, such as passwords, biometrics, or one-time passcodes, reducing the risk of unauthorized transactions.",
              "Operating Effectiveness": "Effective",
              "Design Effectiveness": "Not Determined",
              "Name": {
                "id": "ABC Financial Institution_PROC_00044_RIS_0000108_CON_00000201",
                "title": "Multi-Factor Authentication (MFA)"
              }
            },
            {
              "Description": "Automated system that continuously monitors financial transactions in real-time, flagging suspicious activities for further investigation.",
              "Operating Effectiveness": "Effective",
              "Design Effectiveness": "Not Determined",
              "Name": {
                "id": "ABC Financial Institution_PROC_00044_RIS_0000108_CON_00000202",
                "title": "Transaction Monitoring System"
              }
            },
            {
              "Description": "Ensures that critical financial functions (e.g., payment approval and fund disbursement) are handled by separate individuals to prevent fraud and errors.",
              "Operating Effectiveness": "Effective",
              "Design Effectiveness": "Not Determined",
              "Name": {
                "id": "ABC Financial Institution_PROC_00044_RIS_0000108_CON_00000203",
                "title": "Segregation of Duties"
              }
            }
          ]
        }
      },
      "guidance": {
        "Risk Assessment - Preparation": "Two options available \n\n **Option 1** \n\nManual where Processes, Risks and Controls need to be manually selected, review and update the list of **Processes**, for each Process review the list of **Risks**, for each Risk, review the mitigating **Controls** \n\n\nThen, click on the RCSA Alignment helper, to automatically set the Processes and Risk as Awaiting Assessment \n\n\n **Option 2** \n\nLeverage the **Risk Assessment Helper**, the Risk Assessment Status will automatically updated and each Process will be set as Awaiting Assessment",
        "incompletedRequiredItems": [],
        "incompleteOptionalItems": [],
        "completedItems": [
          "Creation Date",
          "Description",
          "Name"
        ]
      },
      "objectTypeLabel": "Risk Assessment",
      "name": "Financial Fraud Prevention",
      "objectTypeName": "RiskAssessment",
      "header": {
        "Creation Date": "Feb 22, 2025, 4:19:55 PM EST"
      },
      "RCSA Dates": {
        "group-dates": {
          "Start Date": "",
          "End Date": ""
        }
      },
      "Overview": {
        "Status": "Awaiting Assessment",
        "Description": "This risk assessment focuses on financial fraud prevention within an organization's transaction processing system.",
        "Name": "Financial Fraud Prevention"
      },
      "id": "78542"
    }

    OpenPages Configuration

    View configuration

    Add the new AI button and plug the various information

    And here the example output

    Happy testing 



    ------------------------------
    Christophe Delauré
    Principal Product Manager
    IBM
    Cambridge MA
    6503050530
    ------------------------------

    Attachment(s)