Get a Handle on All Risk

Related Activities + Corrective Actions

The TruOps IT Risk Management Solution is developed on the ISACA's Risk IT framework that automates the entire IT Risk Management process, from scoring to mitigation and reporting. The Risk Management Solution provides a global view of all risk-related activities through an executive dashboard, enabling stakeholders to quickly assess the problem areas, proactively adjust processes and track the progress of corrective actions.

The TruOps IT GRC – Risk Management platform provides

  • End-to-end set of tools for building and managing self-Risk Assessments
     
  • Flexible and complete multi-user workflow including delegation, escalation and alerts
     
  • Built in exhaustive Key Risk catalogue and Unified Compliance Control Library backed by the Unified Compliance Framework
     
  • Customize threshold values according to risk appetite
     
  • Interactive web-based tool with built-in help feature
     
  • Rich compilation, reporting and dash-boarding capabilities
     
  • Role-based access control


Key Benefits
The TruOps Risk Management Module provides an effective reporting and dashboard solution that ties IT risk and enterprise compliance risk together in a normalized view, enabling organizations to prioritize key risks for the enterprise, monitors them over time, and expresses them as a value representing an overall risk rating. Key benefit includes:

  • Capture consistent, correct and timely information through automated workflows
     
  • Single location for storage of all risk registers across the Enterprise
     
  • Enables effective and efficient maintenance of risk registers
     
  • Eliminates ‘Excel’ risk registers leading to strong version control
     
  • Creates unprecedented visibility of risk registers across the Enterprise
     
  • Creates accountability for risks and controls at the individual ‘employee’ level
     
  • Generates a dashboard of risks across processes and locations for senior management
     
  • Allows Line Managers to assign specific risks to named staff (Risk Owners),  Risk Owners assign controls to specific named control operators in their department
     
  • Reduces the time and effort needed to complete risk assessments as the number of assets and regulations increase
     
  • Streamline and direct internal audits into areas of high risk of non-compliance
     
  • Allows for viewing of the complete Risk Treatment History

Features at a Glance

  • Risk Universe and Assessment Scope Definition
     
  • Risk Identification and Analysis
     
  • Risk Register
     
  • Risk Heat Map Generation
     
  • Risk Response Mitigate
     
  • Risk Treatment Workflows
     
  • Risk Reports
     

This module provides the ability to define the risk universe, the target resources and assets and the scope of assessment. The following categories are covered:

  • Applications: These are critical applications which support various business processes. Unavailability of any of these applications can have business impact - both financial and non- financial depending upon the criticality and the business process supported.
  • Processes: The processes established in the organizations such as vendor or third party selection process, SDLC development, Information Security Processes, production support, application support etc.
  • Projects: Projects such as major upgrades, new product development or new initiatives.
  • Enterprise Compliance: Regulatory and Standards Compliance Risks identified during the Compliance assessments that have significant impact on the organization.
  • Security Management: Issues and Risks pertaining to Information Security control mechanisms in the organization.

Identification and Analysis

  • TruOps Risk Management has a predefined risk catalogue, control library and mapping of risk to applicable controls.
  • Organizations can add custom risks and custom controls for the selected component.
  • For the risk identified, TruOps provides the ability to assess the financial and/or non-financial impact and the likelihood.  Based on that, TruOps proprietary methodology computes Inherent, current and residual Risk for the selected component.

TruOps supports a complete Risk Register for the organization covering:

  • Risk Description
  • Risk Scenario Components
  • Inherent Risk, Current Risk, Residual Risk Value mapped to Risk Owner
  • Control Mapping
  • Control Description (Objective and Activities)
  • Missing Controls/Gaps

  • Authorized users can generate a heat map report (which plots risks against impact and likelihood) for Inherent, Current and Residual Risk respectively.
  • Authorized users can generate a trend analysis report.
  • Authorized users can generate a quick summary of all relevant data concerning risks on a given Resource / Asset.
  • The detailed Risk Report contains a description of each Risk, the associated Risk Owners, Risk Exposure and Closure date.

Response and Treatment

Authorized users can generate a Risk Response report that enables stakeholders to make informed decisions regarding Risk Treatment, managing Risk Tolerance level, transferring the identified Risks and Terminating the Risks identified from Risk Management, Security Management and Compliance Management modules of IT GRC Hub.
 

Response Workflows

  • Choosing Mitigate initiates the Control/Mitigation Action Tracker Workflow
  • Choosing Accept initiates the Exception Handling Workflow
  • Choosing Avoid and transfer initiates the avoid and transfer workflow respectively

 

Control / Mitigation Action Tracker

Authorized users can generate a risk action tracker which shows controls the organization has implemented as well as planned controls to mitigate the risk with their due dates.

 

Exception Handling Process

Authorized users can raise an exception for the risk which an organization chooses to accept. The exception handling feature includes:

  • Multiple levels of approvals based on risk (Low, Moderate, High, Critical)
  • Approved Risk Exception mapped with expiration
  • Configurable automated alerts
  • Risk Exceptions review and approval

 

Periodic Risk Assessment

  • Authorized users can conduct a periodic risk assessment for all the Resources/ Assets identified.
  • Any changes identified with respect to Change management process, Incident management process and Procurement can trigger a risk assessment.

  • Risk Heat Map (Inherent, current and residual)
  • Risks Trend Analysis (By Risk Level and risk type)
  • Risk Summary (By Status): Open, Closed, Under Treatment
  • Risk Response Summary (by treatment options): Mitigate, Transfer, Accept, Avoid

Engaging SDG
We are happy to demo how TruOps IT Risk Hub can help your enterprise.  Contact us at +1 (203) 866­-8886 or email to truops@sdgc.com.

© Copyright 2014 SDG Corporation, All Rights Reserved