Does the executive board or management have a structured image of the strategic risks, and which scenarios are conceivable?
What are the risks involved in the processes, and can these processes be managed better and more efficiently?
New privacy legislation imposes (new) demands on your data management; what is the situation with your calculation models?
Many major IT and infrastructure projects fail unnecessarily. Have you set up a Risk Control cycle yet?
What parties do you do business with? Do they have everything in order and how do you monitor this?
Strategic Risk Management
- Identify the Risk Drivers of your business lines per risk category;
- Quantify the Risk Drivers in terms of possible impact on revenue and cost pools;
- What would be an acceptable deviation from your business forecast that you could still tolerate?
- Standard IT security compliance templates are available(ISO27001/2; CSA, COBIT, Surfaudit, BiG, DiGiD);
- Standard IT proces templates (BISL);
- Combining IT processes, applications and infrastructure;
- Supporting multiple compliance frameworks, enabling your In-Control checks to be performed efficiently;
- Graphically modelling your IT infrastructure in the CERRIX Risk Universe;
- Work flow for quick follow-up and monitoring actions resulting from IT security incidents;
- Real-time linking with your IT application landscape to collect evidence, such as loggings.
Data Risk Management
Project Risk Management
3rd Party Risk Management
- Registering your external partners;
- Keeping track of risk assessments, possibly with standard frameworks;
- Ensuring that risk assessments/questionnaires are (periodically) completed on-line;
- Scoring results;
- Ensuring that specific evidence is verified;
- Drafting Findings Reports;
- Planning (and monitoring) actions on behalf of the partner;
- The real-time dashboard with the scores and schedules.
CERRIX tooling was used for the monitoring of the water quality at remote locations during a major sporting event in London, in 2012. Inspections were conducted daily, and findings and/or incidents were acted upon immediately.