Integrated Risk Management

HOME (STRATEGIC AND OPERATIONAL)

It allows Top Management, Risk Managers, and Risk Owners to have a dedicated area for effective management and monitoring of the flow of expertise. Specifically:

• The Strategic HOME is a dynamic control panel (dashboard) which summarises the main information on Objectives, Risks, Control System and Action Plan useful to Management.
• The operational HOMES are profiled areas in which the referents involved in the process, in addition to constantly monitoring the effect of risks on the areas of competence, have effective navigation and usability functions for the flow areas.

CONTEXT DEFINITION

It allows for the configuration of the company and its specific context: the elements of corporate governance (Legal Entity, Processes, Roles, procedural system) and the elements characterizing the internal control system (Risk Model, Control Model and standard risk indicators, proposed by the solution or specific to the company) are distinctive elements for an effective functioning of the flow.

STRATEGIC AND OPERATIONAL OBJECTIVES

It allows the connection (with the dedicated KRC® module) and/or uploading of company objectives and the definition of the indicators necessary to monitor the level of achievement with respect to the company risks to which they are associated.

IDENTIFICATION AND UPDATING OF RISKS

It allows the Risk Manager to initiate assessment sessions and define and associate risk events and objectives with each risk considered. Each risk thus configured is then assigned to one or more Risk Owners for assessment.

RISK OWNER EVALUATION

It allows Risk Owners to measure the various risks assigned to them. The assessment occurs through:

• The evaluation of general controls in which the contact person will have to evaluate the internal control system represented by control families (Governance, Operations, ICT, Compliance).
• The evaluation of risk events in which the Risk Owner will proceed to attribute a probability of occurrence and an impact (PxI) and to suggest any detailed corrective actions.

QUALITATIVE RISK ASSESSMENT

It allows the Risk Manager to collate all the assessments released by the Risk Owners into a single, comprehensive risk sheet and then proceed to the final assessment. By combining the individual values ​​and weights assigned to the various risks, the Risk Manager has an overall qualitative assessment of the residual risks from which he can already identify the Top Risks.

QUANTITATIVE ASSESSMENT AND MULTI-RISK SCENARIOS

It allows the Risk Manager, in collaboration with relevant company figures, to assess the impacts on the company's financial performance. The Risk Manager defines a scenario to which he or she associates one or more risks and proceeds, through Monte Carlo simulations, to identify the quantitative effects on balance sheet items (EBIT), cash flow, and/or expected damage.

GENERAL ACTION PLAN

It allows the Risk Manager to define action plans by taking into account all risk assessments (qualitative and quantitative), the general control system, and the contributions provided by the various stakeholders involved. Thanks to this comprehensive view, the Action Plan is a useful tool for optimizing interventions by focusing them on the necessary areas and processes, integrating and streamlining them to the benefit of the entire internal control system, producing an inevitable positive effect.

COMMUNICATION AND REPORTING

Production of management and operational reports and standard documents on dynamic data structured with:

• Standard parts aligned with the organizational context and regulatory updates.
• Dynamic parts that are automatically composed with the data and information managed in the IRM module.