The Current Situation
Many organisations endeavour to get by using a Excel and Word documents, or tools designed for other purposes. This may have been possible in the early stages of their risk management efforts but they soon discover a number of challenges such as
- difficult to scale as organisation or risk collection activities grow
- reporting is time consuming
- little to no ability to audit changes
- lack of roles and permissions
- no ability to easily create follow-up reminders or escalations
- difficult to link all related risks
In short many organisations find that that the tools that they are using are not fit for purpose.
What to look for in a good GRC / ORM solution?
Financial institutions nowadays are starting to use purpose built software tools to help manage their risk processes, and importantly to help them to be able to do so in a manner that is documented, can be audited, and easily adopted across the whole organisation, whilst also facilitating the easy production of the various types of reports that are needed within the organisation and externally.
- Easy to use & intuitive
- Easily to use across the whole organisation
- Web based user interface – avoid client installations and inherent security risks
- Flexible and Powerful
- The ability to meet your current needs and processes
- Easily adaptable to match future needs and process changes
- Ability to export data in an industry standard format
- Secure and easy to backup data
Operational Risk Management to suit you needs
We can help you with a GRC software solution which includes optional modules for Risk Management, Compliance Management, and Incident Management. Developed by a teams of Auditors and Software experts and targeted to address the needs of mid to large organisations this solution has many benefits to offer:
- Risk Register
- Ability to link related risks and events
- Send and keep track of related messages via company email system
- Generate standardised and customised reports
- Export as data in pdf or Excel format
- Flexibly assign roles and permissions for internal users and 3rd parties (e.g. auditors)
- Lock down sensitive issues
- Low Total Cost of Ownership, cost effective to deploy across whole organisation
There is a web based user interface, making it easy to use across an organisation, avoiding all the issues related to client based software installations. Here are some example screen shots of some key parts of the system:
The Risk Register provides a detailed overview of all the risk events registered in the organisation.
Risk entries can capture key information relating to the risk such as the risk owner, estimates of the probability of occurrence, and the consequences or severity of the hazard in both financial and / or non-financial terms.
The Control Register captures all of the controls which have been created to monitor Actions that may be in place to reduce, mitigate, or eliminate the risk. Estimates of cost and effectiveness of the control can be included as well as other relevant data which will help you in your follow-up and reporting.
The Action Register provides an overview of all the Actions that have been created to reduce, mitigate, or eliminate the associated risk. Actions can be assigned, prioritised, and flagged for follow-up.
The solution incorporates heat maps which you can easily tailor to meet your risk rating methodologies and requirements.