Empowered a $50 billion global aerospace company 200,000+ employees in 71 countries to remain compliant.
Get a Handle on All Risk
Related Activities + Corrective Actions
The TruOps IT Risk Management Solution is developed on the ISACA's Risk IT framework that automates the entire IT Risk Management process, from scoring to mitigation and reporting. The Risk Management Solution provides a global view of all risk-related activities through an executive dashboard, enabling stakeholders to quickly assess the problem areas, proactively adjust processes and track the progress of corrective actions.
The TruOps IT GRC – Risk Management platform provides
End-to-end set of tools for building and managing self-Risk Assessments
Flexible and complete multi-user workflow including delegation, escalation and alerts
Built in exhaustive Key Risk catalogue and Unified Compliance Control Library backed by the Unified Compliance Framework
Customize threshold values according to risk appetite
Interactive web-based tool with built-in help feature
Rich compilation, reporting and dash-boarding capabilities
- Role-based access control
The TruOps Risk Management Module provides an effective reporting and dashboard solution that ties IT risk and enterprise compliance risk together in a normalized view, enabling organizations to prioritize key risks for the enterprise, monitors them over time, and expresses them as a value representing an overall risk rating. Key benefit includes:
Capture consistent, correct and timely information through automated workflows
Single location for storage of all risk registers across the Enterprise
Enables effective and efficient maintenance of risk registers
Eliminates ‘Excel’ risk registers leading to strong version control
Creates unprecedented visibility of risk registers across the Enterprise
Creates accountability for risks and controls at the individual ‘employee’ level
Generates a dashboard of risks across processes and locations for senior management
Allows Line Managers to assign specific risks to named staff (Risk Owners), Risk Owners assign controls to specific named control operators in their department
Reduces the time and effort needed to complete risk assessments as the number of assets and regulations increase
Streamline and direct internal audits into areas of high risk of non-compliance
- Allows for viewing of the complete Risk Treatment History
Features at a Glance
Risk Universe and Assessment Scope Definition
Risk Identification and Analysis
Risk Heat Map Generation
Risk Response Mitigate
Risk Treatment Workflows
This module provides the ability to define the risk universe, the target resources and assets and the scope of assessment. The following categories are covered:
- Applications: These are critical applications which support various business processes. Unavailability of any of these applications can have business impact - both financial and non- financial depending upon the criticality and the business process supported.
- Processes: The processes established in the organizations such as vendor or third party selection process, SDLC development, Information Security Processes, production support, application support etc.
- Projects: Projects such as major upgrades, new product development or new initiatives.
- Enterprise Compliance: Regulatory and Standards Compliance Risks identified during the Compliance assessments that have significant impact on the organization.
- Security Management: Issues and Risks pertaining to Information Security control mechanisms in the organization.
Identification and Analysis
- TruOps Risk Management has a predefined risk catalogue, control library and mapping of risk to applicable controls.
- Organizations can add custom risks and custom controls for the selected component.
- For the risk identified, TruOps provides the ability to assess the financial and/or non-financial impact and the likelihood. Based on that, TruOps proprietary methodology computes Inherent, current and residual Risk for the selected component.
TruOps supports a complete Risk Register for the organization covering:
- Risk Description
- Risk Scenario Components
- Inherent Risk, Current Risk, Residual Risk Value mapped to Risk Owner
- Control Mapping
- Control Description (Objective and Activities)
- Missing Controls/Gaps
- Authorized users can generate a heat map report (which plots risks against impact and likelihood) for Inherent, Current and Residual Risk respectively.
- Authorized users can generate a trend analysis report.
- Authorized users can generate a quick summary of all relevant data concerning risks on a given Resource / Asset.
- The detailed Risk Report contains a description of each Risk, the associated Risk Owners, Risk Exposure and Closure date.
Response and Treatment
Authorized users can generate a Risk Response report that enables stakeholders to make informed decisions regarding Risk Treatment, managing Risk Tolerance level, transferring the identified Risks and Terminating the Risks identified from Risk Management, Security Management and Compliance Management modules of IT GRC Hub.
- Choosing Mitigate initiates the Control/Mitigation Action Tracker Workflow
- Choosing Accept initiates the Exception Handling Workflow
- Choosing Avoid and transfer initiates the avoid and transfer workflow respectively
Control / Mitigation Action Tracker
Authorized users can generate a risk action tracker which shows controls the organization has implemented as well as planned controls to mitigate the risk with their due dates.
Exception Handling Process
Authorized users can raise an exception for the risk which an organization chooses to accept. The exception handling feature includes:
- Multiple levels of approvals based on risk (Low, Moderate, High, Critical)
- Approved Risk Exception mapped with expiration
- Configurable automated alerts
- Risk Exceptions review and approval
Periodic Risk Assessment
- Authorized users can conduct a periodic risk assessment for all the Resources/ Assets identified.
- Any changes identified with respect to Change management process, Incident management process and Procurement can trigger a risk assessment.
- Risk Heat Map (Inherent, current and residual)
- Risks Trend Analysis (By Risk Level and risk type)
- Risk Summary (By Status): Open, Closed, Under Treatment
- Risk Response Summary (by treatment options): Mitigate, Transfer, Accept, Avoid
We are happy to demo how TruOps IT Risk Hub can help your enterprise. Contact us at +1 (203) 866-8886 or email to firstname.lastname@example.org.