Project Risk Management (PRM)
CRISAM ® sees project risks as a special case of enterprise-wide risks with the distinct feature that a variety of effects impact the project over its duration and across its project phases. For large projects with a long duration it is particularly important to consider the project phases separately.
Risk exposure across the project phases (project development, project planning, detailed planning, project completion and project closure) is highly dependent on previous project successes or failures and the maturity of the project organisation. Therefore, CRISAM® applies a semi-quantitative approach for evaluating the project’s risk exposure; this means that the project is assessed together with its corporate environment. Moreover, the business plan, underlying the project, is checked for its alignment with the planned project goal; the risks and possible deviations from the project goal are evaluated in monetary terms.
Generic Quality based Risk Management (QRM)
The CRISAM® approach allows for topic-based and customer-specific content libraries to be taken into account as a basis for evaluation. This generic quality-based and semi-quantitative methodology can be used to determine specific maturity levels, key quality indicators or compliance with customer-specific references. With this approach towards risk management different assessments can be carries out, e.g. manufacturer and supplier risks, qualitative assessment of object risks, etc.
Policy Management (POLICY)
For companies to be successful in today’s highly regulated economy internal policies and directives as well as work instructions have to be made transparent throughout the company and they have to be implemented. Due to ever changing environmental, legal and market conditions comprehensible and binding communication towards the addressed persons and areas is required.
The CRISAM® policy management supports the management process across the entire life cycle of the policy, directive or work instruction. The documents are released and distributed to the required locations; the approval process is carried out and versions are managed.
The essential core functions of CRISAM® policy management are:
- Central management of documents with different versions – Documents, policies, directives, work instructions, etc., are filed in the document management system (DMS) of the company or in CRISAM® connected Sharepoints or Fileshares. CRISAM® takes care of the distribution, the approval process and the version management.
- Policy structure – All documents covered by the policy management are hierarchically displayed in a tree structure and set in relation to each other.
- Document format – Documents can be managed and imported as Word, Excel or PDF documents.
- Linking of requirements with controls – If necessary policies, directives, instructions, etc., are directly linked with the CRISAM® objects so that the terms of their validity can be established.
- Exceptions – Exceptions with regard to published specifications are tracked beginning with the request up to the final release and acceptance.
- Workflow – The process of policy management "Update - Review - Approval" is controlled by a defined workflow.
Audit Management (AUDIT)
The implemented audit management automates all tasks related to the planning and implementation of external and internal audits. The automated distribution of the auditing tasks, combined with a tracking and reminder system, increases the efficiency and reduces the costs of the audit management process.
The audit management process implemented in CRISAM® allows the assignment of one or more audit plans, which can include several audits each; for each audit, a start and finish time is scheduled and set. The defined audit workflow controls the audit process and monitors the time limits.
By integrating audit management into the Microsoft Outlook environment, tasks and appointments are provided for the auditors and for the heads of department in a specific audit calendar or by using the personal calendar. This approach makes it possible to stay within the familiar working environment when dealing with audit management.
With CRISAM® audit management the company can plan, automate, control and monitor its internal and external audits.
The essential core functions of CRISAM® audit management are:
- Centrally managed audit plans – The planning of audits can be carried out with several audit plans with the beginning and end of the audit. Each audit is assigned to the responsible auditors together with the connected approved audit objects.
- Workflow control – The end of each audit is controlled by a defined workflow. The checklists concerning the audit objects are automatically sent to the auditor / risk owner / assessor and the audit is monitored within the set time limit.
- Microsoft Outlook integration – Control of the audits towards the auditor / risk owner / assessor is carried out in their familiar IT environment: Microsoft Outlook is used for entering and processing tasks, appointments and reminders.
- (Self-) Assessment – The authorised auditor / risk owner / assessor is provided with audit checklists for the audit relevant objects. In a multi-step approval process the audit results are included in the CRISAM® database or a re-audit is initiated.
Task Management (TASK)
One of the most important basic functions of an effective risk management process is to involve all stakeholders in the best way possible; in this regard, critical aspects are the distribution of tasks as well as the controlling and tracking of tasks. CRISAM® goes beyond distributing policies and conducting audits: With its task management CRISAM® provides a general platform for handling tasks, i.e. identifying, controlling and tracking of measures or for carrying out checks as part of an internal control system.
The essential core functions of CRISAM® task management are:
- Centrally managed tasks – Tasks can be generated from various parts of the GRC process and assigned to the authorised user. Tasks, which can be one-off or recurring, are provided with a start and finish time.
- Workflow management – The execution of the assigned tasks is controlled and monitored by a specified workflow.
- MS Outlook integration – Control of the tasks towards the authorised user is carried out in their familiar IT environment: Microsoft Outlook is used for entering and processing tasks, appointments and reminders.
Legal & Compliance Management (CM)
The implemented compliance management automates the process of showing the compliance with regulations, standards, best practices and internal company directives. CRISAM® avoids answering additional checking and control questions, which are specified in the compliance references, in order to save time, resources and costs.
The CRISAM® content libraries ensure that the relevant compliance requirements are already covered by the initial checking questions. The CRISAM® compliance management is supplied with a set of cyclically updated mappings between content libraries and compliance references. Thanks to this automated compliance determination, the renewed answering of specific lists of questions can be avoided.
In case the out of the box content libraries together with the compliance references are not sufficient, the companies can add their own supplements for compliance checks to operate a complete customer-specific compliance management process.
The essential core functions of CRISAM® compliance management are:
- Automated mapping – Compliance statements are automated and generated from the current data base, which is used as a basis for compliance analysis either as a whole or as a specific selection – a scope.
- Precise identification of a deviation – The compliance analysis, which checks the compliance with the compliance references, is based on the entire fault tree using a selected scope. If references from several branches of the tree are addressed, these are listed together with their evaluation several times. Thanks to this comprehensible presentation, cause and location of a compliance deviation are clearly visible. As a result, targeted measures can be initiated.
- Report & dashboard – The current level of maturity or the degree of compliance with selected references can be monitored both in the compliance report and by means of KPIs on the dashboard.
Internal Control System (ICS)
In order to provide evidence for an orderly governance process, comprehensible documented reviews are required. From the content libraries both general and specific reviews are required; the implementation must be documented and confirmed. CRISAM® provides an internal control system by means of task management functionality. One-off and recurring checks are distributed to the responsible persons; then the implementation is monitored by means of supporting workflows. Proofs and evidence are stored in the customer’s document management system (DMS) or in the DMS provided by CRISAM®. Document management systems are not a core component of CRISAM®.