Essential Elements of an Effective Enterprise Risk Management Solution

The increasing breaches, compliance deficiencies and new requirements from industry certification organizations, the SEC, customers and Board of Directors are driving executives to rejuvenate their risk management approach by shifting towards Effective Enterprise Risk Management (ERM).

An Effective Enterprise Risk Management Solution possesses the following abilities:

1. The ability to define a flexible Risk Taxonomy that will be used across the organization. Using a defined taxonomy is important in order to roll up risk and their impacts across departments and business units. The ability to utilize the many 3rd party risk taxonomies will allow you to save time in defining one from scratch.
2. The ability to define a flexible Control Taxonomy that will be used across the organization. Like the Risk taxonomy, defined control taxonomy is necessary in order to pair common activities across business units, minimizing duplicative effort.
3. The ability to define and score risk at multiple levels within the organization. Human Resources will look very differently at a data-breach event as compared to IT. The ability to define and score this common risk separately and then roll the results up to the enterprise is key in identifying organizational priorities.
4. The ability to map risks, be they regulatory, standards based, or business goal related, back to the requirements driving them is very useful in managing change. As the requirements change, having the visibility into what is impacted is critical.
5. The ability to map controls back to risks and map a single control back to multiple risks, defined across multiple business units. These controls should be cumulative in nature. Where a single control may completely mitigate a risk for a given business unit, for another, it may only mitigate the risk 75% and additional action should be able to be defined by that business unit.
6. Controls take many forms. Ideally the solution should allow mapping of external control evidence whether that be documentation\reports, policies & procedures, evidence of physical controls, or workforce training.
7. The ability to measure the effectiveness of the controls that have been put in place. Many Enterprise Risk Management Systems lack this capability, relying upon the efficacy of the controls already implemented, assuming that once they’ve been put in place that they will always be in place and effective.

Predict360, Enterprise Risk Management Software, enables organizations to identify, quantify, monitor, and manage risk. It accesses the environmental, financial, legal, reputational, and safety impact and likelihood of a risk at the business unit level. It provides a fully-integrated ERM solution, which facilitates organizations to minimize risk and make strategic decisions.

About the company

360factors, Inc. helps companies improve business performance by reducing risk and ensuring compliance. Predict360, its flagship software product, vertically integrates regulations and requirements, policies and procedures, risks and controls, audit and inspections, safety management systems and on-line training and qualifications, in a single cloud-based platform.

Remain up-to-date on industry news/updates through our Twitter & Linkedin profiles.