Development contract, implementation and continuous improvement of new processes and functionality of the Enterprise system of Risk Management
The Need
- Automate the activities charged to the Risk Manager in a logic of effectiveness and efficiency through the improvement of the performance for the management of activities of the entire Risk Management process
- Increase the communication process towards the BoD and analyze the performance through the generation of ERM Reports and Custom Indicators
- Share with all Risk Owners of the respective legal entities, in the different countries, the risk model and the compilation of the specific "Risk Event" cards
- Allow a better representation of the RM process thanks to the generation of Custom Views for Risk Owners and related assistants
- Integrating the risk assessment of the project into the Risk Model and extending it to the Supply Chain Area
The Solution
|
Functionality
|
Specifications |
| Contesto | Asset, Processes, Layout, Risk Family, Macro Area of Risk, Risk Area, Map of Risks. |
| Identificazione Aggiornamento Rischi | Identification and updating of risks by family, macro area, area, process and process phases; location of the Risk by geographical area, country, company, business unit, organizational area; association risk owner for role and person, identification of roles/person involved internal and external, expected date of interview |
| Gestione Cambiamenti | Management of organizational changes, locations, products, services, suppliers |
| Interviews management | Management of interviews by the Risk family, macro risk area, Risk area, Risk; role and person interviewed, interview date, reference period, Risk scenario, products, suppliers, recruitment, mitigation and control proposals, interview history |
| Investigation Events | Identification, analysis, evaluation of the risk of the event and impact on the objectives of the plan; management of the action plan at the macro level |
| Risk card | Summary of Risk with information from Risk Update Identification, Interviews Management; Events and risk assessment by objective of plan, product, supplier, client, |
| Asset analysis | Identify threats and map controls for assets |
| Threats Analysis and Controls | Impact analysis for identified threat and associated controls, impact reduction efficacy |
| Impact Processing and Probability |
Processing, outcome processing, evaluation, treatment, elemental risk distribution, current, planned; high elementary risk due to threat on process, high current risk due to threat on process, high risk due to threat on trial. |
| Evaluation and General Framework Risk Management | Impact and probability evaluation on cash flow, ebit and total impact on the basis of information from: Risk Sheet, Asset Analysis, Threats and Controls Analysis, Impact Processing and Probability |
| Adjustment Plan e Improvement actions |
Risk mitigation actions, with priority, responsible action verification criterion, role of action manager, expected closing date, effective closing date, output for AC (from Adjustment Plan) and output for Objectives (from Plan Improvements) |
| Human Resources | Personal Data, Roles and Responsibilities Management, Organization Chart and Job Description. |
During the development of the project related to the computerization of the Risk Management process, further requirements were acquired, both of a conceptual type (eg. operating logic, etc.), and methodological (for example, evaluation algorithms, etc.), both of a cultural nature (eg. characteristics of Risk Owners, etc.) and of a functional nature (eg. to meet the needs of representation, reporting, etc.).
We have implemented with the customer team an Agile methodology that allows the rapid verification and evolution of the requests presented also by virtue of the KRC® technology that allows to preserve the acquired data (imported or imputed).
Benefits
- The management of organizational and domain structures with a common factor
- The insertion of data into the process phases templates
- The management of access profiles for different contacts and users
- The management of multi-level authorization workflows
- Integration with external data through automated and timed imports and exports
- The production of reports and dashboards
- Assignment of activities and actions to other contacts with notification
- The dissemination of best practices, between Group companies and departments