QC Three

Risk Management Platform of Choice

QC3

Cloud Based Audit

QC 3 is a cloud-based Audit, Compliance and Enterprise Risk application that digitally integrates three lines of defense and equips you to take control of your information with unparalleled simplicity.

Enterprise Risk Management ERM

The QC3 audit uses three key phases of a Risk Management Framework (RMF)

1.Identify risk scenario’s and determine the organisations appetite, minimum control standards, organisational exposure points and accountable risk owners.

2.Action owned risks through embedded team based inherent and residual risk assessments and automated control testing definitions.

3.Manage risks via targeted frontline assurance which executes automated key controls on every submission.

Assurance Performance, Results and Risk

When data is received by QC3 from frontline assurance, a rich dataset is extrapolated from the submission, this includes;

  1. Performance – weighted responses calculating the % of assurance success
  2. Results – granular response level analytics enabling heat mapping and detailed analysis
  3. Risk Indication – Positive, Negative, Neutral indications of risk are derived from submitted data bridging multiple standards or key material risks

Data extrapolation is executed instantly with a rich assistance and risk data set available immediately to the organisation.

Risk Scenario and Control Library

In QC3, risk has been simplified to enable organisation wide understanding, adoption and penetration.

Risk scenarios are lead with a simplified structure which are linked to various key material risks and elements.

Risk scenarios can be raised by the organisation and work flowed to become an accepted library entry driving engagement and understanding of the enterprise risk discipline.

Controls can be raised and contributed to each risk formulating a standardised definition of risk and expected controls.

Issues and Actions Management

QC3 includes a small work order management system to trace the progress and resolution of manually created issues or automatically created issued from failed key control tests.

When risk acceptance thresholds are breached, an issue is raised on the risk owner which is centrally managed in the small work order Issues Management feature until rejection or completion of the issue.

The digitisation of control testing and immediate push notification of failed controls leapfrogs organisations risk culture and risk accountability ahead light years from the rudimentary spreadsheet solutions laboriously employed by many organisations.

Owned Risks and automated control testing

Owned Risks are allocated risks from the library which are placed in a position through the organisational structure. Owned risks are also allocated a designated responsible party within the organisation. This unique linkage allows QC3 to drive accountability and responsibility for risks appropriate for different areas of the organisation with clarity to appropriate nominated risk owners.

Using the advanced features of QC3, Risk Owners can define automated control tests which are executed on each frontline assurance data payload submitted to the organisation either by the QC3 Assurance User Interface or via the QC3 API processing endpoint.

Inter-rater Assurance Assessment

To ensure consistency and to drive a commonly high standard of assurance, QC3 applies an interrater or ‘audit the audit’ capability to data mine the submitted assurance data for re-processing in and against separate audits.

Inter-rater assurance assessments enable QC3 to uniquely extract seemingly un-related assurance data sets, determine if prescribed results are achieved and re-executed against configured risks and controls.

Inter-rater enables organisations to drive consistency and understanding of assurance via this automated processing.

Business Process Management BPM

Please check the following

  1. Demming Cycle Improvement DCI
  2. Enterprise Risk Management ERM
  3. Enterprise Policy Management EPM
Enterprise Content Management ECM
Records Management DoD 5015
Enterprise Incident Management EIM
1) Incident Management

QC3  provides employees with a complete view of all the information related to incidents they are involved in. By managing data relationships, documents, photographs and processes in a single application QC3 empowers employees to effectively manage investigations and make better decisions.

Features

Full Visibility:

Managing incidents using the centralized QC3 system increases visibility across the entire lifecycle of an incident.

Integrated Incident Management:

Linkages between the control library and incident management system allow users to update automated controls in relation to incidents that have occurred.

Incident Management History:

A full audit trail and complete historical record of all actions improves transparency and accountability.

Advanced Analytics:

Integration with our Advanced Analytics makes it easy to monitor incidents and recognise patterns to initiate improvement projects.

360 degree Visibility:

Complete view of all case-related information, including data records, reports from other operational systems allowing staff to remain within the same intuitive interface, logging activities, adding notes and updates, delegating tasks and scheduling events.

Information Security:

Managing information in QC3 also increases security and control, minimising unauthorised access or unapproved changes.

2)Demming Cycle Improvement DCI
PDCA Improvement

QC3 applies a PDCA Improvement methodology and framework which enables a team to determine why an improvement is necessary, for example improvement is required as a result of an Issue, Incident, Inherent & Residual Risk Assessment and Indication of Risk.

Features

QUICK WINS:

QC3 allows your team to log quick wins in a centralised repository

Work Break-down Structure:

The PDCA framework applies a project work breakdown structure to targeted objectives, tasks and the qualitative and quantitative assessment of improvement impact to the organisation and the defined objectives.

Continuous Improvement:

Improvements can be linked together to demonstrate progressive and continual improvement efforts to resolve systemic issues or incidents impacting an organisation.

Accreditation Repository:

By maintaining a centralised repository of improvements; organisations can utilise this library to ensure improvements are being translated through out your organisation.

Enterprise Policy Management EPM
Policy & Procedure
Maintaining effective program can be challenging with constant changes and increased pressure to be accreditation ready every day.

Features

  • Simple and intuitive user interface
  • Streamlined policy generation and approval
  • Functionality to create, distribute and track employee acknowledgement and comprehension
  • Embedded education module
  • Access with any device
  • QR code access to procedure documents from anywhere
  • Searchable archive to review the policy any time
Advanced Analytics

QC3 has been paired with Microsoft Power BI to provide world leading data visualisation dashboards.

Features

Centralised Risk Reporting:

Centralised risk reporting across the entire enterprise and display it in a variety of ways to create the exact view they need to make critical decisions.

Population Based Testing:

QC3 works with organisations to support bi-lateral data and integration, with API across any application or tool. This allows QC3 to complete control testing on population sized data sets; eliminating the risk of type 1 or type 2 sampling errors.

Inter-rater Assessment:

QC3 applies an inter-rater capability to data mine the submitted assurance data for re-processing in and against separate audits.

The inter-rater module enables QC3 to uniquely extract seemingly un-related assurance data sets, determine if prescribed results are achieved and re-executed against configured risks and controls.

Policy Procedures Management PPM
Policy & Procedure
Maintaining effective program can be challenging with constant changes and increased pressure to be accreditation ready every day.

Features

  • Simple and intuitive user interface
  • Streamlined policy generation and approval
  • Functionality to create, distribute and track employee acknowledgement and comprehension
  • Embedded education module
  • Access with any device
  • QR code access to procedure documents from anywhere
  • Searchable archive to review the policy any time
Frontline Assurance Audit FAA
1) Assurance & Audit

We understand the complexities of data capture to evaluate, analyse and verify quality of information to make significant organisation decisions.

Features
Fully Configurable:

Audit questions can have multiple rules applied at the configuration stage, with rules and triggers (actions and alerts) that may not be known to the auditor, such as auto fail, and automatic notifications sent to management teams.

Assurance Lenses:

Three underlying lenses of assurance are applied to each answer within an audit.

This allows the management team to very quickly identify areas in the organization where negative risk indicators are emerging.

Calibration Module:
TMR Global recognizes that the data being captured by auditors can be used to make significant business decisions.

QC3 was designed to include a calibration module to train and test auditor’s interpretation of audit questions before collecting data.

Flexibility:

Designed to be efficient in the data collection process through the intuitive user interface as well as added features such as scheduling that drive users directly to the required audit at the required location with the push of a button on your favourite device.

2) Enterprise Incident Management EIM
3) Demming Cycle Improvement DCI
4) Enterprise Risk Management ERM
5) Enterprise Policy Management EPM
Automated Control Testing ACT

Please check the following

1) Enterprise Risk Management ERM
2) Frontline Assurance Audit FAA
Data Reporting Visualisation DRV
Advanced Analytics

QC3 has been paired with Microsoft Power BI to provide world leading data visualisation dashboards.

Features

Centralised Risk Reporting:

Centralised risk reporting across the entire enterprise and display it in a variety of ways to create the exact view they need to make critical decisions.

Population Based Testing:

QC3 works with organisations to support bi-lateral data and integration, with API across any application or tool. This allows QC3 to complete control testing on population sized data sets; eliminating the risk of type 1 or type 2 sampling errors.

Inter-rater Assessment:

QC3 applies an inter-rater capability to data mine the submitted assurance data for re-processing in and against separate audits.

The inter-rater module enables QC3 to uniquely extract seemingly un-related assurance data sets, determine if prescribed results are achieved and re-executed against configured risks and controls.

Actions Issues Management AIM
1) Enterprise Incident Management EIM
2)  Demming Cycle Improvement DCI
3) Frontline Assurance Audit FAA
Demming Cycle Improvement DCI
1) PDCA Improvement

QC3 applies a PDCA Improvement methodology and framework which enables a team to determine why an improvement is necessary, for example improvement is required as a result of an Issue, Incident, Inherent & Residual Risk Assessment and Indication of Risk.

Features

QUICK WINS:

QC3 allows your team to log quick wins in a centralised repository

Work Break-down Structure:

The PDCA framework applies a project work breakdown structure to targeted objectives, tasks and the qualitative and quantitative assessment of improvement impact to the organisation and the defined objectives.

Continuous Improvement:

Improvements can be linked together to demonstrate progressive and continual improvement efforts to resolve systemic issues or incidents impacting an organisation.

Accreditation Repository:

By maintaining a centralised repository of improvements; organisations can utilise this library to ensure improvements are being translated through out your organisation.

2) Enterprise Polic Management EPM
Assurance Audit Planning AAP
1) Enterprise Risk Management ERM
2) Enterprise Policy Management EPM
3) Frontline Assurance Audit FAA