Platform as a Service
affordable and easy to use risk management software
We have tested and approved a variety of risk register workflow solutions in the past three years.
​
The best ones connect the dots across the tech risk landscape, show you how risks interact and provide you with a residual "picture of uncertainty" for further investigation and action.
​
We will help you select the right platform depending on your specific requirements, accessibility, affordability, ease of use and data security.
Making it easy to identify, capture, assign, control, track, escalate and report on your most significant risks.
*about your keyrisks
The most important action to take, when “overseeing” risk, is to repeatedly ask “what if” questions closely followed with “what might happen”.
Being risk resilient means knowing and understanding your specific threat landscape.
We suggest you focus attention primarily on keyrisks. Those that have the potential to seriously disrupt or cause failure of your business! This is because you cannot control everything.
The first step is to produce a list of threats and vulnerabilities based on their potential financial and reputational severity to your business.
Q. how do you decide whether to include or exclude a risk from your assessment process
By identifying top threats and vulnerabilities to your earnings and ability to raise capital.
Given there will always be time and cost limitations for risk assessment, the need is to categorise and evaluate harmful keyrisks including those arising from adverse business situations, poor decision making and any lack of responsiveness to industry changes
Q. what questions should you ask to optimise risk assessments
-
Likelihood: What is the chance or probability of a risk materialising?
-
Impact: What is the severity, extent of harm and consequence caused by an event?
-
What is the magnitude and velocity of the risk level measure?
-
What controls are in place or needed to reduce the likelihood and/or impact of a potential risk?
-
Do the current controls provide the greatest amount of risk reduction for the actual costs incurred?
-
What is the level of uncertainty / lack of knowledge about an event, its impact, or likelihood?
Q. how do you recognise when a keyrisk is about to materialise
By constantly scanning your assets, earnings, liabilities, culture and external environment for vulnerabilities and using keyrisk indicators (KRIs) to monitor change in risk exposure and provide early warnings.
Q: what is the purpose of a risk register
A risk register is a database that allows you to see all of your potential risks in one place, to categorise and prioritise them, assign ownership, and to respond to them in some way.
It asks you to evaluate them against your:
-
risk Appetite: a statement that broadly considers the risk level that senior management establishes to be acceptable
-
risk Tolerance: the maximum risk level from any activity that you are willing to bear in exchange for the benefits from the activity.
-
risk Treatment: an action that maintains or modifies the risk including preventive, mitigating and management controls.
Q. do you need to platform your risk register
Risks arise all across your business, and without a dedicated platform to capture and track them, you will never have a clear picture of your risk landscape or the ability to navigate around the pitfalls.
Establishing benchmarks to define the significance of risk, and then understanding risk likelihood and severity, focuses attention on which risks need to be treated or monitored more closely.
The simple, consistent, format of a risk register makes it easier for people to understand, manage, share and track the information it contains.
And remember that a risk register is a living document which needs to be regularly reviewed as well as updated with emerging risk.
Q. how often you should review your keyrisks
Senior management should review remedial action whenever there is an indication of a problem!
In addition keyrisks that are in a stable state should be reviewed annually whilst uncertain and emergent risks may need to be reviewed weekly or monthly.