Enterprise Risk Management
Our tool-supported management concerning the company-wide risks and chances gives you an aggregated overview of the asset safety and risk management of modern companies.

Methodical and Technical Challenges

A modern company-wide risk management system addresses the whole risk management process. From this process the methodical specification areas can be inferred, which are expected to be integrated in a GRC system for usage in enterprise risk management.

Risk Identification – Customer-Specific Processes
Especially in risk identification companies are going about risk management in very different ways. Therefore a GRC tool for ERM has to show workshop-supported identification processes as well as catalogue based procedures and it has to support the central risk management in implementation of the processes optimally.

Risk Analysis - Configurable Rating Methods
Depending on the line of business, company size and risk management goals the ERM uses many different methods for risk analysis. Some companies tend to analyse risks on a qualitative level and rely strongly on verbal risk descriptions, other companies need a detailed quantification of risk scenarios.
Therefore a customer has to be able to configurate the relevant mathematics for risk analysis and aggregation with their GRC tool – the user interface and reporting has to automatically customise depending on the customer needs.

Risk Mitigation – Workflow-Supported Method Management
Today, the direct integration of method management into the risk management tool is already fester part of the standard specifications. The organisation and tracking of methods has to be workflow-supported to ensure an efficient process. Changes have to be recorded centrally and analysed at all times. All method information should also be integrated seamlessly in the risk reporting to provide a complete picture for the management.

Solution Description

Especially in the enterprise risk management the GRC-Suite risk2value®, through its high flexibility and configurability offers up the opportunity to keep the mostly already established processes and methods of the company.

The risk2value® scorecard for the enterprise risk management normally includes following structures (see chart):

• Organisational structures – this usually includes the company, enterprises, areas or business units as well as departments and divisions
• Business processes – not only enables you to apply risks to the responsibilities of risk owners but even evaluates the affected business processes
• Risk catalogues – are a basis for identification and rating of risks through the risk owners and can be structured hierarchically (in categories, subcategories, etc.). The use of risk catalogues can also identify which risks can damage different areas in the organisation, which is useful for example to develop mitigation strategies, for risks that appear a lot throughout the organisation.
• Mitigation activities – activity elements like mitigation methods, control methods or audit findings can be stored on the scorecard and applied to risks and organisational areas. These activities are organised by the central workflow-controlled activity management which enables evaluations of the number of open activities, structured by criticality in different enterprises, business units or departments.
• Internal control system – risks can principally be mitigated with measures or supervised through internal controls. This especially applies to risks which are an immanent part of the business and therefore cannot be insured or transferred. Because of this, the risk management can also be integrated with the GRC solution “internal control system”, which is described here in more detail.

The methods and processes already used by the customers are modelled in the course of the implementation in risk2value®. risk2value® enables the customer to continue using the already implemented processes and risk management methods and represent them through a professional tool. For this the established method (which is represented for example in Excel or any other tool) is analysed and then the risk2value® modelling is being educed. This way, the customer doesn’t have to accustom to already established methods but simply implement them in risk2value®.

The structured modelling of risk management information in the risk2value® scorecard enables a simple overview of connections among organisational units and its risk owners, processes, risks, ratings and methods. For the representation of these structured processes in the context of company-wide risk management risk2value® includes many different modules.

Key Points

• Representation of customer specific processes, contents and rating methods
• Workflow-supported method management
• Central controls of risk assessments
• Local risk assessments through web browser (no rollout)
• Automatic historiography of information/ratings
• Traceability of all changes
• Easy and high quality risk reporting through OLAP technology
• Representation of customer specific processes, contents and rating methods
• Workflow-supported method management
• Central controls of risk assessments
• Local risk assessments through web browser (no rollout)
• Automatic historiography of information/ratings
• Traceability of all changes
• Easy and high quality risk reporting through OLAP technology

back to GRC solutions