This software is used to manage general organisational Risks.
It provides a generic framework for establishing the context, identification, analysis, evaluation, action, monitoring and communication of Risk.
A five-step Risk management process can be used with the monitoring and communication of Risks. The stages are:
- Establish the context.
- Identify Risks.
- Analyse Risks.
- Evaluate Risks.
- Treat Risks.
While much of Risk management is qualitative and labour intensive, automated assistance is possible in the form of OpRiskControl. OpRiskControl can assist with the analysis, evaluation, action, monitoring and communication of Risk.
OpRiskControl provides the following functionality:
- Risk name, description, the dates a Risk was logged, reviewed and closed, the potential loss (or gain), Risk status, type of Risk and more.
- Risk context by department, division, location, asset or user defined code.
- Up to nine levels of likelihood (most customers use five) and nine levels of consequence (most customers use five) giving greater granularity of Risk rating.
- Frequency and time period of occurrence (for example, once a week or three times in a project).
- A record of the names of three users associated with the Risk: Recorded by, Contact and the Owner.
- A link to related documents at both Risk and Action levels.
- The effectiveness of each Action which adjusts the residual Risk when the Action is Completed.
- Each Action may: reduce the likelihood, reduce the consequences, and/or transfer the Risk. The effectiveness may range from 1% to 100%.
- Full set of standard reports to review Risk status, assessments, Actions, by location, project, department, division, and so on. Reports show the overall status of the Risk as well as the status of each Action.
- OpRiskControl can give different views of organisation-wide Risks, and produce reports for various levels of the organisation.
- Create reminders of incomplete Risk reviews.
OpRiskControl can be used to document different types of Actions. The four main types are:
- Preventative Actions – to reduce the likelihood of occurrence or the consequences should the event occur. Preventative Actions should be cost-effective and should be implemented before the event.
- Contingency Actions – to reduce the consequences should the event occur. Contingency Actions should be cost-effective and should be completed during or after the occurrence of the event.
- Recovery Actions – to enable the project or organisation to move forward after the event. Recovery Actions do not reduce the likelihood or consequences of the event itself, but they limit the spread of knock-on events that reduce business continuity.
- Transfer Actions – to transfer the loss to someone else such as an insurance company or sub-contractor. Transfer Actions do not reduce the likelihood of the event but do reduce the consequences.
About This Guide
This guide describes all the menus and features that are available. However, your system may have some features turned off or you might not have permissions to access all the features. Therefore you might not see everything described in this guide.
When you start OpRiskControl you are presented with the home page. (This home page may be customised by your web site developer.)
At the top right of the home page there are icons:
- – Opens the online help.
- – Opens the Language Translation page which enables you to translate or rename data items on the currently displayed form and report (this requires user permissions).
- – Opens the last viewed Risk.
- – Displays a list of Google tools (if enabled in System Settings on the System tab).
- – Opens Mitratech’s PolicyHub compliance system (if activated).