Connecting the dots (in this case, the risks).

It has been a bit of a journey over the last 15 years. At Protecht, we started with the vision of a SaaS enterprise risk management solution that allowed connection of risk to the core components of what was back then, considered an ERM framework. This meant that our central library of risks was not only used in the risk and control assessments but also linked to key risk indicators, attestations and incidents. This enabled our client base to get a more fluid picture of risk and was the genesis of the RiskInMotion™ concept.
 

What was missing back then was the business intelligence engine to bring it all together.

Risk-in-Motion-laptop-1280x822Risk in Motion dashboard from Protecht.ERM showing inhrent and residual isk assessments,
compliance attestations, key risk indicators and actions attached to risks

Roll forward to 2018 and there are even more dots to connect. Over the last 5 years we have seen our clients rapidly build and deploy the following additional web-based forms to capture, workflow and report on risk related information pertaining to:

  • Fraud
  • Supplier due diligence
  • Conflicts of interest
  • Internal audit findings
  • Complaints
  • Compliance breaches
  • Business continuity plans and tests
  • Conflicts of interest
  • New products evaluation
  • Ex gratia payments
  • Policy management

Apart from making the capture and dissemination of this information more efficient, we can then aggregate the data captured in these forms into a metric and connect it to the relevant risk:

  • Fraud: Number or dollar value committed during the month - connect to external fraud events.

  • Supplier Due Diligence: Dollar value of contracts executed, number of conflicts reported, contracts up for renewal in the next 90 days - connect to procurement risk.

  • Internal Audit Findings: Complaints, ex gratia payments – all entries can be connected to the relevant risk they relate to.

  • BCP plans and tests: Failed tests, plans outstanding – connected to hardware, software, infrastructure failures. And so on.

By connecting this information to their associated risks, the first line has a better picture of the risks they are assessing.

The second line can more easily challenge first line assessments.

The third line is now armed with more relevant information to support a risk-based approach to audits.  Risk Committees have information that allows them to independently form an opinion on the top risks presented to them.

Protecht-Risk-Report-with-Linked-Items-1920-372158-edited
A risk report generated from Protecht.ERM showing a risk with all its linkages

I love the application of technology to supporting and improving processes in business. Protecht.ERM makes the above a reality through its flexible form builder and integrated business intelligence engine. 

This is an updated version of the original article published on 06/12/2016.

Ready to see Risk in Motion in action?

RIM-banner-1200x627

ASIC Report Whitepaper: A Regulatory Spotlight on Non-Financial Risk
Whitepaper

A Regulatory Spotlight on Non-Financial Risk

Download Now

Related Articles

feature image
ERM Risk Controls Risk Manager Risk Management Software Videos Webinars

Controls Assurance Webinar

Awesome Controls Assurance: The Confidence to Go Faster This event was done live on Oct.22nd 2019. Access the recording here. “The greatest potential...
Read more
feature image
ERM Risk Assessment Risk Management Software Videos Risk Management Framework Webinars

Protecht.ERM System Demo APAC -Recording

Enterprise Risk Management = Integrated Risk Management in Protecht.ERM This event was done live on 10 September 2019. Access the recording here. In...
Read more
feature image
ERM Risk Manager Videos

Risk Metrics - Webinar Recording

Making sense of deploying and using great risk metrics This event was done live on 14th August 2019. You can access the recording here. "If you can’t...
Read more