Risk Tools Services

Risk Profiling Service

This flexible profiling tool allows users to create graphic representations of their operational risk exposures, based on business functions/processes, risk categories and, if required, cause/product/service groups, all as defined in the organisation's taxonomy library. Rating scales may be customised and high-level risk profiles can be generated by aggregating lower level-risk profiles. Facility is available to create inherent and residual risk profiles, to incorporate control assessments or to establish more complex profiles containing measures such as financial impacts, time and efficiency impacts and reputational consequences. More...

RCSA Service

This robust service supports the roll-out and administration of a broad range of customised Risk and Control Self-Assessment (RCSA) initiatives. Features include the capability to designate specific assessment units within the firm, to incorporate structured taxonomy elements (risk and control types, etc.), whether standard or user-defined, to specify risk measurement variables, and to create customised routines for data aggregation and reporting. The application both manages programme design parameters and stores actual assessment data (produced in workshops, etc.). The RCSA Service can be linked to the Risk Profiling Service to facilitate creating a high-level overview of where the assessment unit is exposed, coupled to deep-dives into those areas. Facility is also provided to undertake assessments of user-defined business environment factors. More...

Incident Management Service

Many firms suffer from mountains of data existing in a mix of hardcopy and electronic format, with little or no ability to push critical information about incidents as and when they happen to those managers who need to attend to such an incident. This service allows the firm to define various data capture forms for different types of incidents (health and safety incidents, physical security incidents, IT security incidents, customer complaints, regulatory inquiries, etc), with bespoke field types and rules around required or optional data for each. Specific workflow can then be attached to each type of incident form, which can then automatically drive incidents as they are reported to the appropriate business unit and/or individual and/or job position for attention. Full lifecycle management can then be applied, with supporting documentation, notes, corrective actions, alerts, notifications and reminders. Where an incident results in a loss, unexpected gain or "near-miss", the incident can be classified and passed into the Internal Events Service for additional processing, reporting and management. More...

Internal Loss Data Service

This full-service, cost-effective service allows users to develop and operate simple, yet sophisticated internal loss event data collection processes. Based on industry standard loss event data models, the Internal Events Service provides extensive flexibility to include event and impact types such as "near misses," opportunity costs, operationally driven credit losses, etc. Support is provided for sensitive events, where additional access controls are applied, as well as to undertake root cause analysis, establish and manage corrective actions and to attach relevant documentation. More...

KRI Monitoring Service

This flexible tool allows subscribers to select and track specific risk, control and/or performance indicators, with customised thresholds for alerts and escalation triggers. It may be used at any business level to collect or import indicator values over time, assessing the collected values against thresholds and triggers to provide a broad range of alerts and reports. Derived metrics can also be established which are automatically calculated, analysed and, where appropriate, generates notifications, once the underlying metrics have been submitted. The KRI Monitoring Service is a proven integrated add-on to the KRI Library, from where KRIs can be selected and deployed. More...

Scenario Assessment Service

Scenario assessment is a mechanism which allows an organisation to tap into the wealth of knowledge which resides within their senior management, in support of a holistic approach to enterprise-wide risk identification, risk assessment and risk management, across all risk disciplines. Scenario workshops are invaluable in building risk awareness, including a greater understanding of the interplay between risks. They are also a potential source of data to enhance risk quantification models, by compensating for a lack of loss data, or by incorporating a more 'forward-looking' element to loss history. Additionally, they can be a tool to enhance emergency preparedness, including the identification of the need for new controls, reporting or KRI monitoring. This service supports workshop analysis, interviews and online assessment approaches to scenario assessment and is fully integrated into the Scenario Library, from where specific scenarios can be selected and deployed, with further capability to incorporate RCSA, internal events, incidents and other relevant information into the scenario worksheets. More...

Business Resiliency Service

This speciality service allows the firm to define its criteria for business continuity, to create, maintain and deploy business continuity plans, to identify business critical processes and, within such processes, to define critical assets (systems, people, facilities, information, etc), establish minimum operating requirements and to undertake comprehensive business impact analysis. Corrective actions can be established and managed, while business resiliency tests can be performed, assessed and the results collected and reported on. Business continuity risks can be incorporated into risk assessments within the RCSA Service, while test results can be included into the KRI Monitoring Service. Functionality is also available to manage call-trees, set business resiliency objectives and to manage and capture details of business disruption incidents. More...

Processes and Controls Service

This special-purpose service allows firms to create detailed business process maps, complete with associated risks, controls, systems linkages, KRI triggers and job functions, all defined in accordance with the firm's structured taxonomy. The process maps may be restricted to activities within individual business units or established as integrated end-to-end processes. Within each process, a business may document the details of its business continuity plan, as well as compliance requirements, insourcing/outsourcing arrangements, scheduling, and detailed policies and procedures. Processes defined within this service can be reused in other services, such as the RCSA Service or Internal Events Service. In turn, the service allows the incorporation of data from other services, for example, a particular control shown in a process flow may be coloured according to the most recent testing or effectiveness assessment results or a risk coloured to reflect its most recent residual risk rating. The service also allows for the definition of control objectives and control standards and for the assessment of adherence to control standards and achievement of control objectives via control profiles. Detailed control testing results can be recorded and monitored over time, as can subjective control effectiveness assessments and control design strength assessments. More...

Outsourcing Management Service

Increasingly, as the costs faced by firms increase, more and more firms have outsourced both mission critical and support functions and activities to specialised, typically lower cost, providers of such services. In response, the regulatory community, concerned about systemic risk and the ability of each firm to continue to operate, has introduced specific rules and sound practices guidelines around outsourcing. The Outsourcing Management Service supports the establishment and maintenance of an outsourcing register, the initial due diligence of service providers and the ongoing assessment of service level agreements and service provision in a controlled manner which facilitates both regulatory compliance reporting and internal management reporting. More...

Litigation Management Service

The formal definition of operational risk in the Basel II Accord clearly identifies that litigation and legal issues are considered part of operational risk. While it is accepted that in certain legal jurisdictions, legal processes and rules around discoverability impact on the way in which firms manage legal cases, many firms still rely on spreadsheets and paper-based logs to track and control the litigation cases which they are involved in. The Litigation Management Service allows the firm to automate the case management process, tracking where each case is, who the legal expert(s) is currently looking after the case, which court has jurisdiction over the case and to monitor and report on each stage of proceedings. Once a case has been settled or resolved, resultant costs or losses can be directly transferred into the Internal Events Service. More...

Internal Audit Service

This service is designed to support a risk-based audit programme, from audit scheduling, planning and tracking, through the preparation of audit reports and the management of audit findings and corrective action plans. It aids the management and workflow of open/unresolved findings and allows for business managers to record their responses to particular audit findings. Audit findings may be linked to specific operational risk variables, such as business function/process, risk and control types Used with either or both of the Risk Profiling or RCSA Service, audit findings can be directly incorporated into the risk identification process of affected business units. More...

Compliance Service

This service allows for the development of compliance profiles, which map specific compliance obligations against the processes, products or business activities to which they apply. This includes internal policies, rules and requirements, as well as specific regulations at section or sub-section level, which may be incorporated from the Regulations Library. Facility is then available to schedule and undertake compliance assessments, then to document compliance findings and to manage corrective actions. More...

Generic Assessments Service

Often, the firm needs to collect some form of data in a controlled and managed manner. This could be for staff satisfaction surveys, a survey or questionnaire about proposed new products, staff facilities or how customers respond to specific situations. It could even be a questionnaire which the firm needs its clients to complete or a questionnaire to gather strategic information ahead of an internal planning process. The Generic Assessment Service allows the firm to create an almost endless combination of question and response types, which can incorporate taxonomic structures and organisational details, then to deploy and manage these as individual or general assessments, with automated notifications to participants, workflow driven by completion status, reminders and reporting facilities. More...

Risk Appetite Service

This real-time service allows the firm to combine, weight and aggregate multiple data sources, such as internal and external loss data (both public loss data and consortium data), KRI data, audit findings, remedial actions, scenario assessments, risk and control assessments, business environment factors, litigation cases, outsourcing assessments, suspense account data, compliance assessments, industry benchmarks and any other data which can be converted into a rating onto an exposure profile, then to set and monitor thresholds against the consolidated exposure points to which the source data is assigned. As data is collected or even as time passes, where the score per exposure point challenges the defined thresholds, alerts are automatically issued to those individuals with a need to know, facilitating proactive risk management. More...

Capital Management Service

This service allows the firm to record source data needed for the simpler operational risk regulatory capital determination approaches, such as the Basic Indicator Approach, the Standardised Approach and, once finalised, the Revised Standardised Approach, along with the alphas, betas and business indicators needed to convert the source data into capital values. The service can also accommodate the import of regulatory or economic capital values calculated using external models or may be combined with an optional add-on hybrid measurement approach model provided by a RiskBusiness business partner. Once capital values have been established, this service then supports the capital allocation processes back across the firm, with flexible allocation principles and processes. The service also supports the ICAAP process which many firms are required to undertake on a regular basis. More...

Economic Analysis Service

This service has been designed to facilitate the ongoing risk and financial analysis of the firm, its industry and its competitors, through the real-life application of modern financial risk management theory in a standardised and user-friendly manner. Intended as a tool which forms part of every risk and/or financial manager’s daily arsenal of tools, the Economic Analysis Service is capable of analysing historical, current and projected information in order to determine trends, cash flow patterns, the generation of corporate value, the validation of predictions and to manage economic capital requirements. More...

Models Register

This service can be used as a standalone service or as an integrated component of the RiskIntelliSet. When used in conjunction with the Taxonomy Service, the firm can define various hierarchical model classification structures, for example, model platform types, model types (based on purpose), or modelling applications, then employ these classification structures within the Models Register. The option is also available to create an inventory of different systems and applications used by the firm, so that where a model is incorporated into such a system or application or is interfaced with such a system or application, the complete picture can be defined within the Models Register. More...

For additional information on Risk Tools Services, click here to make an online enquiry, or email us on info@riskbusiness.com.