CRISAM Explorer

The CRISAM® Explorer is the ultimate tool for staying on top of your current and future governance, risk & compliance (GRC) tasks. The user interface, which is similar to Outlook, allows intuitive and efficient work. The integrated reports communicate the results clearly and concisely.

Key features and benefits

  • Integrates CRISAM® methodology, which is based on international standards.
  • Supports execution of business impact analysis (BIA), identification and evaluation of opportunities and risks as well as planning and tracking of current measures.
  • Provides a holistic GRC solution for your company with integrated policy management, audit management, task management and an internal control system.
  • Comprehensive methods of analysis and aggregation both qualitative and quantitative.
  • Simulation of measures and projects.
  • Clear results by means of integrated management reports.
  • Modularly expandable with CRISAM® Knowledge Packs and CRISAM® modules.
  • Can be used as standalone tool or as server-based tool for multiple user access.
  • Available in English and German.


Figure 1: CRISAM® Explorer Dashboard

Manage the uncertainty of the future

For the skilful management of tomorrow’s opportunities and risks CRISAM® Explorer supports you in the implementation of a risk management process as well as in the daily business of risk management.

During the straightforward implementation CRISAM® Explorer guides you towards an efficient risk management process. For your daily business there are numerous functions and reports at your disposal, showing the very foundation of strategic decision-making in a sound and traceable manner.

Intuitive user interface for maximum efficiency and best results

With CRISAM® Explorer you are on the fast track. Thanks to the familiar look & feel of Microsoft Outlook the user training can focus solely on technical and methodological aspects. Well-known functions such as ‘copy and paste’ and ‘drag and drop’ simplify the users’ tasks and increase their efficiency. With the familiar ‘ribbons’ of the Microsoft Office products the required functions can always be found in the right spot.

Modelling and aggregation through fault tree analysis (FTA)

In many situations the risks of the entire system result from the interdependent character of the individual systems. IT services, for instance, are provided through interrelated systems such as computer networks, server systems, buildings, data centres and IT service processes. Thus, overall risks can only be evaluated by taking into account the interdependence of the individual systems.

For representing a system with its components and objects in a model as realistic as possible and for facilitating its evaluation CRISAM® uses fault tree analysis, which is known from the DIN 25424 and IEC61025. A business IT service is, for instance, evaluated by means of CRISAM® Knowledge Packs at the root of the fault tree – all required systems can easily be added to the model by ‘drag and drop’. The calculation rules for the aggregation are automatically established through the modelling in tree structure.

The CRISAM® Scoring Engine illustrates the evaluated risks for the decision-maker with a familiar and comparable rating scale. In the CRISAM® Explorer the rating result is clearly shown by using traffic-light colours in the risk tree. The dashboard also provides the aggregated information in a comprehensible form for management.


Figure 2: Part of CRISAM® modelled fault tree

Modelling and aggregation with scenario analysis

CRISAM® support goes beyond cause and effect modelling of technical and organisational systems. With the CRISAM® Scenario Analysis, which is based on the Monte Carlo method, there is a tool for quantitative analysis of business risks available.


Figure 3: Part of a CRISAM® modelled business logic

CRISAM® Scenario Analysis produces task-specific calculation trees which represent profit and loss accounts, business plans or project planning. The opportunities and risks are linked to the business logic and the extensive, quantitative evaluation is performed using the Monte Carlo method. 

That way, the following management questions can be answered:

  • How likely is a certain profit or loss?
  • How reliable is the planning?
  • How high is the value at risk?
  • How high is the return on risk-adjusted capital (RORAC)?

Cost-benefit analysis

The cost-benefit analysis is a scenario analysis module which compares the costs of measures to reduce risk  with the corresponding expected benefit of lower expected risk-caused losses. That way, it can be accurately calculated when the measures make economic sense.

Management reporting

Reports and key figures are the interface towards the decision maker. Therefore, it is particularly important to communicate the reports clearly and comprehensibly in the language of the decision-makers. For this purpose, CRISAM® provides numerous standardised management reports. The CRISAM® Knowledge Packs provide many additional reports, which help to document your compliance with various standards and norms. The reports can be exported to different formats: Excel, PDF, RTF and HTML


Figure 4: Comprehensive reporting

Report designer

With the report designer, which is integrated into the CRISAM® Explorer, distinct versions of CRISAM® reports can be extracted according to specific requirements, and what’s more the reports can easily be adapted to your company’s standards.

  • Easy adaptation of existing reports according to your specific needs.
  • Enables changes of format and design as well as changes of content.
  • Minimum of effort when making changes thanks to modular report structure.
  • Style sheets can be centrally changed for all reports.

Team functions

With the Server component CRISAM® Enterprise Server the CRISAM® Explorer becomes a team player supporting multi-user capability, multi-tenancy capability and a differentiated authorisation system. Team members evaluate, edit and audit independently of each other. 

Policy management

Documents, policies, regulations, work instructions, etc., are stored in the company’s document management system or at CRISAM® connected ‘sharepoints’ or ‘fileshares’. CRISAM® is in charge of the distribution, the authorisation process and version control. 

Audit management

The audit management automates all tasks in connection with planning and conducting external and internal audits. Automated task assignments, task tracking and reminder systems result in increased efficiency and reduced costs for the audit management process.

The audit management process, which is integrated in CRISAM®, enables the determination and assignment of one or several audit plans, which can comprise several respective audits. For every audit, planned start and finish times are set. The defined audit workflow controls the audit and its time limits.

Task management and internal control

One of the most important basic functions of an efficient GRC process is to integrate all involved stakeholders in the best way possible. This is associated with the assignment, management and tracking of tasks. CRISAM® goes beyond the distribution of policies and conducting of audits. With its task management CRISAM® provides a general platform for performing tasks such as risk evaluation, identification of measures, measure control, measure tracking and cyclical reviews in connection with an internal control system.


Abbildung 5: Beispiel für eine Bewertungsaufgabe

Open interfaces

Mere data transfer is facilitated through configurable exports, while current planned values are regularly imported into the business logic via standardised CSV import. In addition, the CRISAM® Enterprise Server contains a universal web service, ensuring compatibility across different systems.

Abbildung 6: Figure 6: CRISAM ® Explorer user interface

System requirements

Supported operating systems:
Microsoft Windows XP Service Pack 3
Microsoft Windows 7
Microsoft Windows 8

Required software:
Microsoft .NET Framework 4.0
CRISAM® Enterprise Server for multi-user operation
CRISAM® Workflow Server Module for policy management, audit management, task management and internal control
CRISAM® Web Access for remote access