Company assets (‘your crown jewels’) have value for your organization. You can think of people, business processes, information, an office building, critical applications and IT hardware. In YICE you can register an unlimited number of company assets where you can indicate their importance.
YICE explained
YICE isn’t just another GRC platform but is built from the ground up based on 35 years of business experience. YICE distinguishes itself in terms of functionality, security, flexibility and price.
Users can track and manage the things that matter to them through a role-based dashboard, the YICE inbox, the overview screens with filters and emails with personal points of interest. These emails can be sent to the user’s business email address on a daily or weekly basis. Every user can choose a Dutch or English language setting.
YICE offers active and intelligent monitoring and implements the principle of agile auditing. After all, a professional GRC platform “knows” your current risk levels, the importance of company resources, the effectiveness of controls, open non-conformities and ongoing (improvement) actions. All important information when planning audits.
When first used, YICE is ready to be tailored to the specific needs of your organization. Because most organizations do not start from a ‘greenfield’ and have probably used another registration, such as Excel, YICE offers an import functionality in all modules. If desired, you can also import recent and/or previous audit results. You can download templates and then upload your .csv files to minimize manual work. If desired, we are happy to support you in this process.
Test once, comply to many
Very powerful are the possibilities of linking controls, even from different frameworks, in a ‘parent’ and ‘child’ relationship. This allows you to set, for example, that the effectiveness of a control is determined by the effectiveness of one or more other controls. You can also use this to set that, if you have determined that a certain control is effective, all related controls automatically receive this effective score. With these options you save time and you optimally implement the principle of ‘test once, comply to many’.
Always in control
An evaluation frequency can be set for each asset and risk. The owner is informed 2 weeks in advance if the evaluation has to be carried out again and can immediately record his comments. This also applies to actions and objectives that are behind schedule. Three frequencies can even be set for controls: 1) a frequency for recording the execution of the control, 2) a frequency for a ‘Control Self Assessment’ (CSA) by the owner or 2nd line and 3) a frequency for an assessment by the 3rd line (audit). Evidence can be captured and timestamped for each execution, CSA and assessment. For each control, an audit trail provides insight into all previous executions, CSAs and assessments.
YICE hierarchy
The ‘backbone’ of YICE is formed by the modules below, which are interconnected. In addition, YICE has separate modules for managing objectives, evaluations and audit results and support modules for managing configurations, authorizations, user settings, FAQ and log files.
Asset
Risk
Company assets may be subject to risks. In YICE you identify, analyze and evaluate every risk associated with your assets. You can provide all risks with a gross and net weighting, risk categories, treatment method, acceptance status, owner, etc.
Risk
Control
Risks are managed by implementing controls. In YICE, the controls are grouped per control framework. You can assign attributes to each control, for example ‘integrity’ or ‘preventive’. For each risk, you simply choose all the necessary controls to treat the risk. For each control you can set an evaluation frequency (2nd line), assessment frequency (3rd line), maturity, effectiveness and many more details. You can add an unlimited number of evaluations and assessments per control, complete with evidence.
Action
In YICE you can assign actions to yourself or to another YICE user. An action may stand alone, may be directly related to a risk, a specific control, or may be necessary to achieve an objective.
Action
Complete toolbox
YICE has much more under the hood to support you optimally! For example, there is a handy calendar with planned activities and a document module, for example to quickly get an overview of all policy documents. Furthermore, YICE offers a ‘tree’ in which the relationship between assets, risks, controls and actions is visualized. YICE calculates the importance of controls itself, so you can easily see your ‘key controls’ and you can align your review frequencies accordingly. We are happy to give you an extensive demonstration of all the possibilities.