+31 (0)70-363 77 33

Themes

Themes

Risk Areas

STRATEGIC RISK MANAGEMENT

Does the executive board or management have a structured image of the strategic risks, and which scenarios are conceivable?

PROCESS MANAGEMENT

What are the risks involved in the processes, and can these processes be managed better and more efficiently?

COMPLIANCE

How do you ensure that Compliance Controls are in the right place in the organization?

IT SECURITY

Cyberattacks are posing an increasingly significant operational risk. How is your control process organized?

DATA RISK

New privacy legislation imposes (new) demands on your data management; what is the situation with your calculation models?

PROJECT MANAGEMENT

Many major IT and infrastructure projects fail unnecessarily. Have you set up a Risk Control cycle yet?

3rd PARTY RISK MANAGEMENT

What parties do you do business with? Do they have everything in order and how do you monitor this?

INSPECTION MANAGEMENT

How do you ensure that safety regulations are complied with and that incidents in the workplace are reported immediately?

Strategic Risk Management

You need to take risks to achieve your business goals. Your medium-term plans (MTP) can develop according to one of several scenarios. It will be necessary to regularly check your plans against current internal and external risks to measure their chance of success.

  • Identify the Risk Drivers of your business lines per risk category;
  • Quantify the Risk Drivers in terms of possible impact on revenue and cost pools;
  • What would be an acceptable deviation from your business forecast that you could still tolerate?

Process Management

CERRIX will make your processes transparent. The graphical representations of the processes will provide insight not only into the flows, but also into responsibilities, risks and (compliance) control measures associated with each process step. The most up-to-date test results will immediately appear in your process flows, giving you insight into the processes in which important controls are not effective, actions still need to be taken or incidents have been reported. The process owners and employees can simply navigate through the processes using a Viewer. This will allow the process knowledge to be easily shared within the organization.

Compliance

The large number of regulations, laws and standards make management increasingly challenging. Only a couple of years ago, it was still possible to do this by keeping an Excel spreadsheet, but the inefficiencies and the risk of errors involved create the need for a professional approach. Compliance Controls need to be well-anchored in company processes and behavior. It should be possible to easily determine the status of these controls for each compliance framework.

IT Security

Recent examples of Cyber Risks demonstrate the importance of adequate IT risk management. With CERRIX, you can create a very effective ISMS (Information Security Management System) in a short time.

  • Standard IT security compliance templates are available(ISO27001/2; CSA, COBIT, Surfaudit, BiG, DiGiD);
  • Standard IT proces templates (BISL);
  • Combining IT processes, applications and infrastructure;
  • Supporting multiple compliance frameworks, enabling your In-Control checks to be performed efficiently;
  • Graphically modelling your IT infrastructure in the CERRIX Risk Universe;
  • Work flow for quick follow-up and monitoring actions resulting from IT security incidents;
  • Real-time linking with your IT application landscape to collect evidence, such as loggings.

Data Risk Management

The amount of data collected and generated by you will only increase in the coming years. Do you have sufficient safeguards in place to ensure that your data are properly saved and protected against cybercrime, and that your personnel know how to handle those data? In addition, you will have to comply with an increasing number of legal requirements and regulations. The EU Data Protection Reform that will be introduced at the end of 2015 may have a significant impact on your organization and goes even further than the Personal Data Protection Act. CERRIX allows you to classify data categories, determine risk profiles, control measures (and check them against laws and standards) and the level of effectiveness, and implement any planned actions.

Project Risk Management

Projects generally don’t develop as planned. That’s hardly surprising, since circumstances and sometimes even goals may change over time. At the start of most projects, a Risk Assessment is therefore performed and Risk & Action logging takes place periodically. Projects and subprojects can be registered in CERRIX. For each subproject (and/or project phase), the risks, control measures, actions, deviations and responsibilities can be established. The work flow in CERRIX efficiently supports your risk management activities. In short, using CERRIX for high-risk projects ensures better management of your projects, thereby also ensuring you get the final result you want.

3rd Party Risk Management

If you are handling risk management for external partners (asset managers, IT partners, suppliers, implementation organizations, etc.), CERRIX can assist you with supporting the entire risk management process by:

  • Registering your external partners;
  • Keeping track of risk assessments, possibly with standard frameworks;
  • Ensuring that risk assessments/questionnaires are (periodically) completed on-line;
  • Scoring results;
  • Ensuring that specific evidence is verified;
  • Drafting Findings Reports;
  • Planning (and monitoring) actions on behalf of the partner;
  • The real-time dashboard with the scores and schedules.

Inspection Management

CERRIX includes a complete module for inspection management. Assessments can be performed on location using a tablet (off-line). Photos can be added and assessments can then be sent to a central unit, where all assessments can be evaluated and results can be prioritized.

CERRIX tooling was used for the monitoring of the water quality at remote locations during a major sporting event in London, in 2012. Inspections were conducted daily, and findings and/or incidents were acted upon immediately.