Risk information as a steering tool for achieving your business objectives.
Risk management is no longer limited to the periodic identification, assessment and management of risks. Risk management is a continuous process that is part of the daily processes of the company. Sound risk information together with performance information can be used as a steering tool for achieving your business objectives. We therefore see an increasing need for real-time risk information that, together with the performance information, can be presented visually and comprehensibly so that sound decisions can be made. This concerns, among other things, risk information on: real-time reported risks and incidents / losses in business processes and transactions, data on the operation of your control measures, key risk indicators and the status of improvement measures implemented.
How do we get from risk data to risk information?
In order to convert the risk data into relevant risk information that can be used by you as a controller, it is first of all important to define uniform data definitions. For example, if everyone within the organization understands what the definition of an incident or loss is, this will generally lead to company-wide understanding of and uniformity in the recording of incidents and losses.
It must also be determined which risk information can be of added value for which echelon. By establishing the relationships between, for example, objectives, related processes and related risk categories on the one hand and the required related risk information on the other hand, it is possible to determine what risk data is needed to create this information.
How do we achieve efficiency in the preparation of risk information?
Now that we know which risk information is required, we must focus in the next step on achieving efficiency strokes in the preparation of the risk information. Risk data is now often collected manually from many different sources (incident registration systems, Excel, risk management systems, source systems, etc.) and is subsequently manually converted into relevant risk information or reports. The first step is to centralize the recording of all relevant risk data as much as possible in 1 risk management system or respository. This offers advantages because in this way relationships between different types of risk data can be established more efficiently. A second step is to automate the recording of risk data as much as possible by transporting risk data from the source systems via interfaces to the central risk management system or repository.
How do we present the available risk information?
Finally, the presentation of the risk information to the user deserves special attention. The risk information is best used if it can be visually layered both horizontally and vertically or in a combination of the two. The best in the form of a flexible dashboard. By vertically layered presentation is meant that the risk information can be filtered / aggregated organizationally from the highest to the lowest level. With horizontal layered presentation it is meant that the risk information can be filtered / aggregated for example at objective level, process (chain) level or risk category.
Do you want to know more about how you can organize your risk information provision in your organization? Then contact Maurits Toet of CERRIX on tel 06-55781325 or via maurits.toet@cerrix.com.
