-
PERFORM WITH INTEGRITY ™
Enable Federated Risk Assessments and yet get an Integrated Risk View
Aneesh Bhatnagar, AVP – Product Management
Jose Biscaya, Manager – CSIG
-
© 2019 GRC Summit All Rights Reserved. PERFORM WITH INTEGRITY ™
Challenges faced by Risk Professionals
• “I want to allow different Risk functions to do assessments based on appropriate frameworks”
- Chief Risk Officer
• “I want a single, integrated view of risks that might impede business performance, or jeopardize market viability”
- Board and Executive Members
• “ I want to get a consolidated view of the risks from cyber, operational, audit, third party and compliance perspectives”.
- Chief Risk Officer
• “I want to get the top down vs bottom up view of risks”- Chief Risk Officer
• “I want to get the view of risk posture by product lines”- Chief Product Officer / EVP Business
-
© 2019 GRC Summit All Rights Reserved. PERFORM WITH INTEGRITY ™
Enterprise Risk
• Objective, Business Unit
• Simple
• Usually 2 factors
• Impact and Likelihood Matrix
• Impact X Likelihood based scoring
• Controls are Overall effectiveness or Individual controls rated
• Residual
• Inherent – Control
• Inherent vs Control matrix
-
© 2019 GRC Summit All Rights Reserved. PERFORM WITH INTEGRITY ™
Operational Risk
• Mostly on Processes
• Simple to Complex
• 2 factors to many
• Impact and Likelihood
• Impacts broken down to Reputation, Financial, Strategic etc
• Impact, Likelihood, Velocity, Magnitude
• Controls rated more granular or kept high level
• Residual
• Inherent – Control
• Inherent vs Control matrix
• Aggregation is critical
-
© 2019 GRC Summit All Rights Reserved. PERFORM WITH INTEGRITY ™
Cyber Risk
• IT Asset based risks are assessed
• The Risks are identified as a derivative of IT Asset properties, Threats, Vulnerabilities and IT Controls
• Factors considered are
• Impact on Operations that are serviced by the IT Asset
• Impact on Organizational Goals
• Impact on Reputation
• Likelihood of the Risk materializing
• Frequency of the Risk materializing
-
© 2019 GRC Summit All Rights Reserved. PERFORM WITH INTEGRITY ™
Business Continuity
• The Risk Assessments are done in the context of a Location
• The tail end (high impact, low frequency) risks are assessed
• Factors considered are
• Financial Impacts
• Impact on Employees
• Impact on Assets
• Impact on Reputation
• Likelihood of the Risk materializing
• Frequency of the Risk materializing
• The mitigations are generally Business Continuity Plans
-
© 2019 GRC Summit All Rights Reserved. PERFORM WITH INTEGRITY ™
Third Party Risk
• Third Party / Vendors
• Factors considered are
• Nature of Third Party
• Critical business processes serviced by the third party
• External Rating – Dow Jones
• Mitigation plans are to have backup / alternate third parties lined up. Or distribute the product / service procurement across multiple third parties
-
© 2019 GRC Summit All Rights Reserved. PERFORM WITH INTEGRITY ™
Compliance Risk
• Assessments pertaining to risks related to regulations
• Mostly simple based on Impact and Likelihood
• Control ratings are simple too
• Residual is either a matrix of Inherent and Control or Inherent minus Control.
-
© 2019 GRC Summit All Rights Reserved. PERFORM WITH INTEGRITY ™
Audit
• Auditable Entities
• Mostly Single Risk Rating or based on Impact and Likelihood
• Usually a single rating is sufficient
• Aggregation is critical to do a risk based audit
-
© 2019 GRC Summit All Rights Reserved. PERFORM WITH INTEGRITY ™
And, many
others…
-
© 2019 GRC Summit All Rights Reserved. PERFORM WITH INTEGRITY ™
How do we do this?
• Federated Risk Assessments
• Consolidated Risk Reporting
• Comparative Reporting
-
© 2019 GRC Summit All Rights Reserved. PERFORM WITH INTEGRITY ™
Perspective enables…
• Enterprise Risk, Cyber Risk, Operational Risk, Third Party, Compliance, Audit etc do assessments as they like
• Same Risk function having multiple assessment methodologies
• Risk Assessment based on Objectives, Products, Assets, Regulations and many others…
• Top Down and Bottom Up Risk Assessment
-
© 2019 GRC Summit All Rights Reserved. PERFORM WITH INTEGRITY ™
The most flexibleassessment framework…• Complies with most standards and
organization needs
-
© 2019 GRC Summit All Rights Reserved. PERFORM WITH INTEGRITY ™
Helps get risk profile from different perspectives
-
© 2019 GRC Summit All Rights Reserved. PERFORM WITH INTEGRITY ™
An Overview
of
Risk Posture
15
-
© 2019 GRC Summit All Rights Reserved. PERFORM WITH INTEGRITY ™
And, drive…
16
-
LIVE DEMO
-
Thank YouContinue the conversation on #GRCSummit
http://www.facebook.com/metricstreamhttp://www.linkedin.com/metricstreamhttp://www.twitter.com/metricstream