The Total Risk Management Software Solution
7 Benefits of using Symbiant's Risk Management Software Solution
Current state risk management
95% of organisations use Excel for risk management purposes (per the annual US-based IIA technology survey). Many also use voting technology with keypads in risk management workshops.
These technologies help record the results of the risk management process and, in the case of the voting technology, they facilitate measurement of the risks to the organisation. But that is all they do.
The Australia-New Zealand standard for risk management details a number of steps in the process: context (identify business objectives) – identify risk – assess risk – measure risk – treat risk – monitor treatment – communicate. A risk management tool needs to enable each step of the process and Symbiant Risk Suite does.
Workshops may give you a list of risks and a measurement of them; but workshops tend to take place infrequently and often, only at certain levels of the business. Risks, on the other hand, tend to make themselves known at awkward times and unexpected locations.
So what else is available to organisations wishing to embed a risk management framework?
7 things Symbiant Risk Suite can do for you
Here are 7 things you get from implementing Symbiant Risk Suite
Participants log on to the system and log risks they see to the achievement of the business objectives of their function, project, process or organisation as a whole. The administrator then moves the process on to a voting stage producing risk maps and registers, then on to a treatment stage where actions are proposed and voted on, and finally a tracking process to confirm that the actions have been implemented. In short, it facilitates every step of the risk management process.
This is performed over a period of time that may comprise say, two weeks for participants to log the risks they perceive, another two weeks for them to vote on the significance of the risks identified by all participants, and a similar amount of time (possibly with different participants) for determining what actions should be put in place.
And the benefits this approach brings to an organisation are as follows:
By having an individual log a risk, you can ask them to fill in a large amount of relevant information. Thus, a risk may not be simply “competition”, but instead be specified to include the downside, the processes and departments affected, and what control, if any, exists to manage or mitigate it.
In addition, the relationship of this risk to other potential risks can be identified – risks that really hurt your organisation usually crystallise together. This detail is a long way from the simple identification of “competition” in a workshop.
When the administrator moves the workshop from the identification phase to the voting stage, the participant logs on and sees a voting form with guidance on the values they can input. Whereas workshops take 3-4 minutes for each risk, the intranet vote can be done in seconds; the overall task is thus much shorter and any reticence occasioned by a fear of a lengthy process can be banished.
If the potential upside of a risk is identified early on, then the risk may be turned round, turned into opportunity.
The risk identification page shown above asks for upside risk to be identified, and thus it has been considered before the step in the process when the treatment is determined.
When, say, competition risk is considered in detail, the upside may be the opportunity to get into a product or service where the competition is weak or has nothing to offer; doing that will then reduce the impact of existing competition on your organisation.
The risk management process will have led the participants into creating value, not just protecting against threats to value.
The Turnbull report that brought enterprise risk management into good corporate governance recommended that the process be “dynamic, continuous, and embedded”. (at this point it should be noted that the ICAEW who were behind Turnbull have chosen Symbiant Risk Suite and Symbiant Tracker as their internal software solutions).
Embeddedness is an awful word but you know you have attained it when people just do it as a matter of course, as an everyday action.
Symbiant Risk Suite facilitate multiple virtual risk workshops with a wide range of people; workshops which can be set up and run with whatever frequency you desire, and with little administration overhead. Reporting is flexible, graphic, and immediate.
And as an ongoing process, you can monitor hits and near misses, reports of potential new risks identified by a network of “risk champions”, and traffic-light reporting of key risk indicators from around the business.
5. Risk Appetite
The IPSB (Integrated Prudential Source Book) requires financial services organisations to define their risk appetite. So do Stock Exchange Listing guidelines. So does the Treasury’s Orange Book. None of them say how to do it. Symbiant Risk Suite allows you to set a score for risk appetite by risk category and report on it in the risk register or as part of a risk map. If you prefer, risk appetite can be voted on by individual risk. You then compare the risk appetite score to the net risk score for individual risks to see if the current exposure is outside your appetite – in which case, doing something about it becomes a matter of urgency. Appetite refines the risk map and risk register – it may be that you have a high impact/high likelihood net risk but you are happy with it, you are deliberately and consciously taking that risk, accepting it (involvement in China is frequently in this bracket). However there may be a much lower risk which is nevertheless unacceptable to you, it is outside your appetite or tolerance. If you did not factor in appetite, you would probably not notice the latter risk, and spend too much time trying to lower the former risk which you have actually already accepted.
6. Treatment and Tracking
Deciding what you want to do, how much time, money and effort you want to spend on putting something in place to manage a risk is a separate step in the Risk Suite process. Participants propose actions they deem appropriate and other participants log their agreement or propose alternatives.
At the end of the treatment phase, the most popular actions are accepted and passed through to the tracking phase that provides management with a ready status of where the organisation is at in terms of preparedness for handling risk, and pro-activity in exploiting it. This is surely something that all stakeholders in the organisation want to see.
By collaborating on risk management the business gets better and better at identifying threats and senior managers have a better understanding of potential threats which in turn makes it easier for them to adhere to an acceptable level of risk.
Enterprise Wide Risk Management System
Operational Risk Management Software
Enterprise Risk Management System
Symbiant Risk Suite
The Symbiant Risk Suite is a total Risk Management software Solution. Web Based and provided as a fully managed SaaS solution it is ready to use instantly on our secure cloud environment. If you prefer you can host it yourself on your own intranet.
With per user changes from £2 risk suite is the most affordable risk management solution in it's class. Try it free.
The Total risk management solution
Symbiant Risk Suite is not just a risk management software solution, it's a total risk management solution. Developed with guidance from KPMG to exceed ANZ 4360 requirements it is the only Risk Management Software to have been endorsed by Europe's largest professional accountancy body the ICAEW. It also enables a company to meet IN FULL the new requirements set out in new ISO 31000 guidelines on risk management.
Symbiant Risk Suite quite simply gives you everything you need to identify and assess risks, manage and test controls, assess the business and procedures and give ownership of actions and track to completion. It also includes a comprehensive flexible reporting suite that includes all standard reports and a custom report builder
Quick Points to help you consider
- Full Risk Management software Solution
- All parts of the business can collaborate
- Web based Intranet or internet
- Meets ISO 31000 for risk management
- Affordable - from £2 per user
- easy to understand and visualise risk mapping
- Reduces Costs and the need for meetings
- Speeds up the Risk Assessment Process
- Automated emails to keep users updated
- Early identification of possible risks
- Questionnaires to monitor controls
- Risk Indicators and Assessments
- Ongoing identification of risks
- Built in risk voting
- Risk Vs Reward
- Easy to Embed
- Risk Mapping
- Fully Scalable