Integrated RIsk Management
KRC solution for the development and reporting of an internal control system capable of monitoring the balance between business objectives and risk management objectives
An advanced Integrated Risk Management system, such as that of KEISDATA, makes it possible to identify, intercept, analyze and position risks with respect to business objectives, suggesting the best strategic, operational and control countermeasures useful for anticipating and reducing their effects. With the KRC® IRM Module, the Client and the Risk Manager have an innovative solution that links OBJECTIVES - PROCESSES - RISKS - CONTROL SYSTEM - ACTION PLAN in a logical, automated and integrated flow.
1. Home (strategic and operational)
It allows Top Management, Risk Manager and Risk Owners to have a dedicated area for effective management and monitoring of the flow of competence. In particular:
- The Strategic HOME is a dynamic control panel (dashboard) which summarizes the main information on Objectives, Risks, Control System and Action Plan useful for Management
- The operational HOMEs are profiled areas in which the contact persons involved in the process, in addition to the constant monitoring of the effect of risks on the areas of competence, have effective navigability and usability features of the flow areas.
2. Definition of context
Allows the corporate configuration and its specific context: the corporate governance elements (Legal Entity, Processes, Roles, procedural system) and the elements characterizing the internal control system (Risk model, Control model and standard risk indicators, proposed from the solution or specific to the company) are distinctive elements for an effective functioning of the flow.
3. Strategic and operational objectives
It allows the connection (with the dedicated KRC® module) and / or the upload of company objectives and the definition of the indicators necessary for monitoring the level of achievement with respect to the company risks to which they are associated.
4.Identification and updating of risks
It allows the Risk Manager to start the assessment sessions and to define and associate the risk events and Objectives to each risk considered. Each risk thus configured is entrusted to the assessment of one or more Risk Owners.
5. Evaluation of the Risk Owners
It allows Risk Owners to measure the various risks attributed to them. The evaluation takes place through:
- The assessment of general controls in which the contact person will have to evaluate the internal control system represented by control families (Governance, Operational, ICT, Compliance)
- The assessment of risk events in which the Risk Owner will proceed to attribute a probability of occurrence and an impact (PxI) and to suggest any detailed corrective actions
6. Qualitative risk assessment
t allows the Risk Manager to collect all the assessments issued by the Risk Owners on a single overall risk sheet and then proceed to the final assessment. From the combination of the individual values and the weights attributed to the various risks, the Risk Manager has an overall qualitative assessment of the residual risks on which he can already identify the Top risks.
7. Quantitative assessment and multi-risk scenarios
It allows the Risk Manager, with the collaboration of the competent company figures, to perform an assessment of the impacts on the economic dimensions of the company. The Risk manager defines a scenario to which he associates one or more risks and proceeds, through Montecarlo simulations, to identify the quantitative effects with respect to the items in the Financial Statements (EBIT), Cash Flow and / or expected damage.
8. General action plan
It allows the Risk Manager to define action plans taking into account all the risk assessments (qualitative and quantitative), the general control system and the contributions provided by the various contacts involved. Thanks to this overall view, the Action Plan represents a useful element to optimize interventions by focusing them on the necessary areas and processes, integrating and rationalizing them to the benefit of the entire internal control system, producing an inevitable positive effect.
9. Communication and Reporting
Production of management and operational reports and standard documents on structured dynamic data with:
- Standard parts aligned with the organizational context and regulatory updates
- Dynamic parts that are automatically composed with the data and information managed in the IRM module