CRISAM® is a holistic approach that helps you to take a look ahead. Of course, the future is uncertain; if it was a given and fit into an ‘Excel cell’ it would be our past already! CRISAM® supports you in getting a handle on the uncertainty of the future and draws attention to it in good time.
Risk management is a process which aims at identifying, assessing and controlling the risks in a company, in projects and in specific business areas. A risk management information system (RMIS) is the tool that must provide the chief risk officer (CRO) and the whole risk management team as well as senior management with a profound basis for the right decision; its impact and its consequences are supposed to be predicted as accurate as possible in a transparent manner.
The process model integrated into CRISAM® 5 complies with the internationally recognised standard ISO 31000.
Figure 1: CRISAM® RMIS System
Figure 1 illustrates the structure of the CRISAM® 5 functions and methods; the very foundation of CRISAM® 5 is formed by CRISAM® Enterprise Server, CRISAM® Explorer and CRISAM® Web-Access.
The CRISAM® Workflow Engine controls the information and task sharing for people involved in the risk management process – namely risk, measures, task and control owners.
CRISAM® supports the risk management process with basic functions which are integrated into the platform as well as with two adjustable risk aggregation methods, management domains, content libraries and mappings, which are provided for relevant compliance references. Content libraries are updated cyclically due to technological and compliance related changes and provided on a subscription basis.
With its base platform CRISAM® 5 provides integrated services and methods for all risk management areas. Based on the ISO 31000 process model the risk manager is provided with a powerful application: the CRISAM® Explorer. The CRISAM® Enterprise Server is the central hub of each installation. According to the authorisation management one or more risk managers work in their management area to manage enterprise-wide risks and IT or project risks. The risk officers are provided with the risk relevant data in order to recognise the risks either directly or via web support. Necessary measures are identified, evaluated, assigned and their implementation is tracked. The CRISAM® Workflow Extension controls the information exchange for centrally and locally distributed tasks. Reporting to senior management or other report recipients is handled by the integrated reporting system and the dashboard which is accessible online.
CRISAM® process model
CRISAM® is based on a 6-step process model; its top-down and bottom-up approach facilitates a holistic view of strategy, organisation, process and infrastructure.
Figure 2: CRISAM® process model
Figure 2 shows the CRISAM® process model which is the very base for the company-wide implementation of the risk management process. The model is derived from the ISO 31000 and based on the plan-do-check-act (PDCA) cycle – also known as Deming cycle. Depending on the selected aggregation method different risk models (fault tree analysis or business logic) are built in a step by step manner and specific analytical methods are applied for evaluating the risks.
The process model, underlying CRISAM®, provides two feedback loops. As a result, continuous improvement is ensured by means of cyclic implementation of the individual process steps.
Risk managers require the best support possible in their specific area of risk management. There is a variety of tasks and necessary tools for managing enterprise-wide financial risks, IT risks, project risks, etc. The CRISAM® Explorer combines all essential methods and tools and makes them available for the user according to their relevance to the issue at hand.
Figure 3: Part of CRISAM® Explorer user interface
Figure 3 shows the user interface for the provided tools. As the toolbox design is similar to the well-known Microsoft Office user interface the capacity of CRISAM® 5 can be fully exploited after a short learning period.
CRISAM® Enterprise Server und Web-Access
The CRISAM® Enterprise Server is the central hub for the cooperation in the risk management process. Figure 4 shows a typical implementation of a risk management information system based on CRISAM® 5. For this purpose, the Enterprise Server, which takes care of server and data base functionalities, also coordinates the cooperative tasks between central and non-central stakeholders in the risk management process.
The Enterprise Server seamlessly integrates into your communications and information infrastructure via standard interfaces. Both tasks and reminders are sent to the remote risk officers in their familiar email environment; the fulfillment and performance of their tasks is possible thanks to the straightforward and intuitive web interface.
Figure 4: Implementation of CRISAM® RMIS system
Non-central participants in the risk management process are in charge of their specific business areas. Thus, their day to day business is not primarily about dealing with risk management tools. For this reason, CRISAM® 5 provides an easy to use web-based user interface for the different target groups. The user is guided through the entire dialog by simple and specific questions; the resulting information is translated by means of comprehensible statistical interpretations and brought to a form requested by the risk manager.
Figure 5: CRISAM® web interface
Reports & dashboard
CRISAM ® provides information, including results and status, both in the reports and on the dashboard. The customer can use standardised report templates for process-relevant reports, management reports and compliance reports; with the aid of the report designer these templates can be adapted by the user according to their specific requirements. From a pool of more than 60 predefined key performance indicators (KPIs) management can access all the relevant information via dashboard in a straightforward manner. As of version CRISAM® 5 authorised risk managers can make use of both the dashboard and the reports via mobile devices on a company-wide basis.
Figure 6: CRISAM® dashboard