1 / 73

Aneesh Bhatnagar

Multi-Dimensional Risk Management & Sneak Preview of What’s Coming Aneesh Bhatnagar. Aneesh Bhatnagar. Risk Management. Associate Director – Product. Agenda. Multi-Dimensional Risk Management The Year 2012 What’s new in Risk Management 6.1? ORM – What’s Coming? The Road Ahead - 2013

phyllis-jefferson
Download Presentation

Aneesh Bhatnagar

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Multi-Dimensional Risk Management & Sneak Preview of What’s Coming Aneesh Bhatnagar Aneesh Bhatnagar Risk Management Associate Director – Product

  2. Agenda Multi-Dimensional Risk Management The Year 2012 What’s new in Risk Management 6.1? ORM – What’s Coming? The Road Ahead - 2013 2014 and Beyond…

  3. Multi-Dimensional Risk Management

  4. Impact and Likelihood – JUST NOT ENOUGH! • Don’t rely on Heat Maps alone – They are 2 Dimensional • Don’t do it just for SOX and Financial controls

  5. Consider… • Impact, Likelihood, Vulnerability, Frequency, Velocity etc • Key Indicators (KXI’s), Probable and Actual Loss Events, Near Misses, Incidents /Issues etc • Specific Factors for Each Risk • Example of Project Risk

  6. Need • Aggregation?

  7. Want to use it for • Audit Plan?

  8. Have ‘Planets’ view – Different Group’s Perspective

  9. Importance • of • Common Risk Taxonomy • and • Harmonization

  10. Importance • of • Metrics / Key Indicators

  11. Pervasive • Every member of the Organization • needs to be part of Risk reporting, help make decision and manage Risk • – Greater or Lesser extent

  12. Pervasive • Make it Social and Collaborative • Make it Easy, Simple and Engage • “Gamify”

  13. The Year 2012 • M e t r i c S t r e a m ’ s • Risk Management Tool

  14. The Year 2012… • Upload Processes, Risks, Controls etc in Bulk • Flexible Data Model for your GRC Library • Enhancements to Risk Assessment Planning and Scheduling • Ability to schedule Assessment in different timeframe with a single plan • Focus on configurability • Enhanced Risk Assessment • Assess based on attributes like Impact and Likelihood in addition to other Quantitative or Qualitative Factors • Ability to pick actual Controls and provide their Effectiveness • Ability to add ‘Control’ on the fly during an assessment • Ability to add ‘Risks’ on the fly to an assessment • Supports Ongoing Risk Assessment • Ability to view and access list of all risk assessment tasks at any point of time, irrespective of scheduled frequency

  15. The Year 2012… • Enhancements to Scoring logic • Supports multiplication or addition of Factors like Impact, Likelihood, Frequency etc • This could be different for each group doing Assessment from their Perspective • Reports • Report and Charts to view risk rating across Organizations, Processes, Perspectives assessed in the system. Also, ability to drill down and view n level child risk ratings as per the context of risk assessment type. • Cross Perspective Report (by Organizations / Core Objects) • Risk Rating Report (by Organizations / Core Objects) • Inherent and Residual Risks Breakdown (by Organizations / Core Objects) • Risk Assessment Status • Heat Map Charts • 14 Heat Map Reports to view assessed risk ratings across Organizations or Processes for the Risk Assessment Perspective being associated

  16. Ongoing Risk Assessment What’s New in Risk Management 6.1 View Historical Assessment details and its trend

  17. Cross Perspective Report What’s New in Risk Management 6.1 By Organization By Process

  18. The ‘New Look’ Heat Maps What’s New in Risk Management 6.1 View By Number of Risks or the Risks itself

  19. Unveiling • Risk Management • 6.1

  20. What’s New?

  21. There is • SO • Much

  22. Let’s look @ • The • HIGHLIGHTS

  23. Configurable Scoring Logic • Simplified ‘Excel-Like’ Risk Assessment/RCSA UI • Enhanced Quantitative and Qualitative Factors • Landing Page / Reports / Dashboards / Heat Map

  24. Configurable • Scoring Logic

  25. Risk Scoring Algorithm – Inherent Score What’s New in Risk Management 6.1 Drag and Drop Factors and Build Inherent Score Formula

  26. Risk Scoring Algorithm – Control Score What’s New in Risk Management 6.1 • Option to have … • An Overall control score or • Controls reducing Impact and Likelihood independently & • Controls reducing both Impact and Likelihood

  27. Controls Mitigating Impact and Likelihood What’s New in Risk Management 6.1 Helps arrive at Residual Impact and Residual Likelihoodbased on Control Scores

  28. Risk Scoring Algorithm – Residual Score What’s New in Risk Management 6.1 Likewise drag , drop and build your Residual Score Formula

  29. Functions What’s New in Risk Management 6.1 Select Functions to Aggregate, Average or Multiply scores of each Factor

  30. Simplified • ‘Excel-Like’ • Risk Assessment UI

  31. Old vs New What’s New in Risk Management 6.1

  32. The New ‘Excel-Like’ Risk Assessment UI Screen What’s New in Risk Management 6.1 ‘Excel-Like’ screen for your Risk Assessment 

  33. Example • Airport Operations

  34. Risk Assessment for ‘Airport Operations’ What’s New in Risk Management 6.1 Summary view of all Organizations, Risks, Controls and their Rating and Score Assess Factors to arrive at Inherent Risk Scores Assess Controls and arrive at Overall Control sore and Effectiveness Scores Assess Factors to arrive at Residual Risk Scores

  35. All in • ONE • Screen

  36. Risk Assessment for ‘Airport Operations’ What’s New in Risk Management 6.1 Provide your assessment for each factor Summary Bar to view Score and Rating

  37. Risk Assessment for ‘Airport Operations’ What’s New in Risk Management 6.1 Section to assess Controls related to the Risk

  38. Risk Assessment for ‘Airport Operations’ What’s New in Risk Management 6.1 Section to provide your Residual score or let the system automatically calculate it for you

  39. Risk Assessment for ‘Airport Operations’ What’s New in Risk Management 6.1 Floating Snapshot window - Helps preview the Rating as you respond to Risk Assessment. Reduced scrolling.

  40. Risk Assessment for ‘Airport Operations’ Contextual Action to Add Risks on the fly during Risk Assessment

  41. Risk Assessment for ‘Airport Operations’ Search Risks from GRC Library or Add a New one on the fly

  42. Risk Assessment for ‘Airport Operations’ Add New Risks on the fly

  43. Risk Assessment for ‘Airport Operations’ Newly Added Risks indicated by ‘Star’ symbol

  44. Risk Assessment for ‘Airport Operations’ Red Flag indicating incomplete Risk Assessments The red underline indicates mandatory fields

  45. What’s New in Risk Management 6.1 Multi-Factor / Questionnaire Based Risk Assessment

  46. Multi-Factor Based Assessment What’s New in Risk Management 6.1 Example of ‘Organization – Process – Risk’type of Assessment

  47. Multi-Factor Based Assessment What’s New in Risk Management 6.1 Multiple Processes under an Organization

  48. Multi-Factor Based Assessment What’s New in Risk Management 6.1 Risks related to each Process

  49. Multi-Factor Based Assessment What’s New in Risk Management 6.1 Multiple Factors for each Risk. This could vary for each Risk.

More Related