Enable Federated Risk Assessments and yet get an Integrated … · 2019. 6. 20. · PERFORM WITH INTEGRITY ™ Enable Federated Risk Assessments and yet get an Integrated Risk View

PERFORM WITH INTEGRITY ™

Enable Federated Risk Assessments and yet get an Integrated Risk View

Aneesh Bhatnagar, AVP – Product Management

Jose Biscaya, Manager – CSIG

© 2019 GRC Summit All Rights Reserved. PERFORM WITH INTEGRITY ™

Challenges faced by Risk Professionals

• “I want to allow different Risk functions to do assessments based on appropriate frameworks”

- Chief Risk Officer

• “I want a single, integrated view of risks that might impede business performance, or jeopardize market viability”

- Board and Executive Members

• “ I want to get a consolidated view of the risks from cyber, operational, audit, third party and compliance perspectives”.

- Chief Risk Officer

• “I want to get the top down vs bottom up view of risks”- Chief Risk Officer

• “I want to get the view of risk posture by product lines”- Chief Product Officer / EVP Business

© 2019 GRC Summit All Rights Reserved. PERFORM WITH INTEGRITY ™

Enterprise Risk

• Objective, Business Unit

• Simple

• Usually 2 factors

• Impact and Likelihood Matrix

• Impact X Likelihood based scoring

• Controls are Overall effectiveness or Individual controls rated

• Residual

• Inherent – Control

• Inherent vs Control matrix

© 2019 GRC Summit All Rights Reserved. PERFORM WITH INTEGRITY ™

Operational Risk

• Mostly on Processes

• Simple to Complex

• 2 factors to many

• Impact and Likelihood

• Impacts broken down to Reputation, Financial, Strategic etc

• Impact, Likelihood, Velocity, Magnitude

• Controls rated more granular or kept high level

• Residual

• Inherent – Control

• Inherent vs Control matrix

• Aggregation is critical

© 2019 GRC Summit All Rights Reserved. PERFORM WITH INTEGRITY ™

Cyber Risk

• IT Asset based risks are assessed

• The Risks are identified as a derivative of IT Asset properties, Threats, Vulnerabilities and IT Controls

• Factors considered are

• Impact on Operations that are serviced by the IT Asset

• Impact on Organizational Goals

• Impact on Reputation

• Likelihood of the Risk materializing

• Frequency of the Risk materializing

© 2019 GRC Summit All Rights Reserved. PERFORM WITH INTEGRITY ™

Business Continuity

• The Risk Assessments are done in the context of a Location

• The tail end (high impact, low frequency) risks are assessed

• Factors considered are

• Financial Impacts

• Impact on Employees

• Impact on Assets

• Impact on Reputation

• Likelihood of the Risk materializing

• Frequency of the Risk materializing

• The mitigations are generally Business Continuity Plans

© 2019 GRC Summit All Rights Reserved. PERFORM WITH INTEGRITY ™

Third Party Risk

• Third Party / Vendors

• Factors considered are

• Nature of Third Party

• Critical business processes serviced by the third party

• External Rating – Dow Jones

• Mitigation plans are to have backup / alternate third parties lined up. Or distribute the product / service procurement across multiple third parties

© 2019 GRC Summit All Rights Reserved. PERFORM WITH INTEGRITY ™

Compliance Risk

• Assessments pertaining to risks related to regulations

• Mostly simple based on Impact and Likelihood

• Control ratings are simple too

• Residual is either a matrix of Inherent and Control or Inherent minus Control.

© 2019 GRC Summit All Rights Reserved. PERFORM WITH INTEGRITY ™

Audit

• Auditable Entities

• Mostly Single Risk Rating or based on Impact and Likelihood

• Usually a single rating is sufficient

• Aggregation is critical to do a risk based audit

© 2019 GRC Summit All Rights Reserved. PERFORM WITH INTEGRITY ™

And, many

others…

© 2019 GRC Summit All Rights Reserved. PERFORM WITH INTEGRITY ™

How do we do this?

• Federated Risk Assessments

• Consolidated Risk Reporting

• Comparative Reporting

© 2019 GRC Summit All Rights Reserved. PERFORM WITH INTEGRITY ™

Perspective enables…

• Enterprise Risk, Cyber Risk, Operational Risk, Third Party, Compliance, Audit etc do assessments as they like

• Same Risk function having multiple assessment methodologies

• Risk Assessment based on Objectives, Products, Assets, Regulations and many others…

• Top Down and Bottom Up Risk Assessment

© 2019 GRC Summit All Rights Reserved. PERFORM WITH INTEGRITY ™

The most flexibleassessment framework…• Complies with most standards and

organization needs

© 2019 GRC Summit All Rights Reserved. PERFORM WITH INTEGRITY ™

Helps get risk profile from different perspectives

© 2019 GRC Summit All Rights Reserved. PERFORM WITH INTEGRITY ™

An Overview

of

Risk Posture

15

© 2019 GRC Summit All Rights Reserved. PERFORM WITH INTEGRITY ™

And, drive…

16

LIVE DEMO

Thank YouContinue the conversation on #GRCSummit