This software package is used to manage general organisational risks. It provides a generic framework for establishing the context, identification, analysis, evaluation, action, monitoring and communication of risk.
A five-step risk management process can be used with the monitoring and communication of risks. The stages are:
- Establish the context.
- Identify Risks.
- Analyse Risks.
- Evaluate Risks.
- Treat Risks.
OpRiskControl provides the following functionality:
- Risk name, description, dates logged, reviewed and closed, potential loss (or gain), Risk status, types of Risk and more.
- Risk context by department, division, location, project, process, asset or user defined code.
- Up to nine levels of likelihood (most customers use five) and nine levels of consequence (most customers use five) giving greater granularity of Risk Rating.
- Any number of Actions, with a name, description and estimated cost.
- A record of the names of three users associated with the Risk: Recorded by, Contact and the Owner.
- A link to related documents at both Risk and Action levels.
- The effectiveness of each Action which adjusts the Residual Risk when the Action is completed.
Context View of Risks
Each user may edit their Context Profile to set the default Risk Search criteria. From that point on they only see Risks in their context. When they run a report or display a Risk matrix, they only see their section’s Risks and Actions. However, if they wish to see if another department is managing a Risk, they can override their context to view other Risks. To block this override completely, see “Role Based Security (RBS)” below.
Security – Single Sign-on
OpRiskControl uses Windows authentication to validate users' access to the application – there is no need to set up different access control mechanisms.
Role Based Security (RBS)
OpRiskControl supports Role Based Security which means Roles are created and then users are assigned to the Roles. It is then easy to change a user’s Role if they get promoted or move departments or divisions. System users will gain access to programs and data as allowed by the Role to which they belong. A user may have multiple Roles such as Finance Department User and Audit Department Officer.
Risks can be first given a status of Input and are then not formally included in the system until an authorized user verifies them and updates their status to Active.
The Report Wizard starts with basic report structures and then allows the user to select the data they want to report on, the data columns they want to see, the sort order, and the number of records they want to print.
In a large organisation senior executive need to know where their high risks are; where people are not managing their Risks; and how exposed they are. OpRiskControl has many charts that provide information by Division, Business Unit, Asset, Location, Risk Type and Risk Level. Chart types may be column, pie, bar and X-Y plots.