erisk operating in an international environment
Two language versions and online access from all over the world.
Lossless migration of methodology and automatic data analysis.
Since 2006, PayU has been creating the largest online payment system in Poland. It operates in 18 countries on 4 continents, providing over 300 convenient and secure payment methods: payment cards, electronic transfers, 100% online installments, deferred payments (buy now, pay later), recurring payments, mobile payments, electronic wallets (Apple Pay, Google Pay, Masterpass, Visa SRC), as well as one-click solutions. Over 1,500 employees around the world make sure that the PayU offer exceeds the expectations of over 300,000 sellers and millions of buyers.
PayU wanted to improve and automate existing risk management tools. It wanted advanced functions, intuitive operation and, above all, an on-line system in two language versions (Polish and English), because the tool was to be used in branches around the world, including Turkey, India, South Africa and South America. The tool was intended to support the company’s activities, e.g. in collecting and processing information on functional controls and their results, and in reporting risk and security levels. The organization already worked in a specific methodology, which is why the flexibility and integration of the tool with existing processes was important, without the need for system changes. All these requirements were met by the erisk software.
The project started in July 2016 and we completed the basic work of implementing erisk in PayU within two months. In 2017, we continued our cooperation because a software update was released, and the client wanted to extend the tool to seven regional organizational units (South America, Turkey, Russia, EMEA, India, Nigeria, LATAM).
We delivered the erisk software
The first stage was the delivery of the licenses, the installation of the erisk software and the provision of technical support.
We developed an implementation concept
The next step was to develop a concept for the implementation and operation of a risk management system using erisk software. It was quite a challenge, as the solutions had to be in line with the risk management policy, and at the same time up-to-date, with a high level of transparency and easy to use. We made an analysis of the needs, requirements and tools used so far. On this basis, we created a document describing the most important technical issues that were the basis for configuring the tool.
We configured the tool
We implemented a risk management methodology to erisk. We created the required forms in accordance with the hierarchy of subordination, including the determination of appropriate evaluation or editing modes. We determined and set the necessary scripts and prompts as well as appropriate permissions for system users. Due to the specificity of the PayU management model, we resigned from contextual permissions, while access rules were set in two variants: as access to individual modules and as the scope of activities that can be performed by a user with a given role.
We transferred the data from the files
So far, all risk data had been collected in Excel, PDF and Word files. It became necessary to transfer them 1:1 to the erisk database. Pre-created forms helped with this. It was the most laborious stage of work.
We conducted practical workshops
We prepared practical workshops for users of the system, during which we familiarized them with the use of the tool. Thanks to them, we also increased awareness of the risks and consolidated the knowledge of the risk management policy functioning at PayU.
We increased the capabilities of the tool
As part of further cooperation, we delivered an extended software license that covered new erisk users. We completed the data for seven regional PayU units, including historical data, and created relationships for them – we used the newly created forms for this purpose. We also configured additional scripts and prompts that would inform about exceeding the set value of risks.
Tool update to erisk 5.0
The works carried out in 2017 coincided with the update of the erisk software to version 5.0. The new technological possibilities of the tool were used to prepare reports in accordance with PayU’s current expectations. The submitted documents included a risk register and a summary of changes in the risk assessment over time, the results of functional inspections, post-inspection observations and progress in the assessment.
Enterprise risk management
What did the client gain?
- Automation and optimization of the risk management process in the entire PayU group.
- Support for key processes related to risk, i.e. identification, assessment, monitoring, reporting and process improvement.
- Monitoring of risks, key risk indicators and post-control observations in an on-line system available in two language versions and from anywhere in the world.
- Streamlining the management of the audit and internal control plan.
- Reduction of reporting time and preparation for audits and inspections.