Create a Risk Classification Library

Organizations can create a hierarchical structure of risk categories to ensure that risks are appropriately classified thereby helping the company ascertain if the highest risks are strategic, operational, marketing, etc.  In addition the risk classification also serves as a risk library allowing organizations to maintain and update a common list of risks typically found in their organization.

Identify Business Unit and Corporate Risks  

Within the risk compliance structure, companies can pull risks from the library and link them to the affected business units within the corporation.  Companies can determine which fields are collected on each risk, which can include links to products, equipment, and many other fields.  As a result, corporations can create reports to provide them a list of risks by business unit, equipment, etc.  eGRC Enterprise is unique in that it allows the ease of identifying risks by pulling from a library, but also the capability to establish some site-specific information on that risk and identifying if that is a risk that really provides greater detail on a “higher level” risk.

Create a Risk Rating Scheme

Xybion provides the flexibility of building various risk ratings based on your choice of qualitative parameters.  For example, some organizations assess risk via a likelihood and severity matrix, others with a probability and consequence matrix.  With Xybion,  you can set up more than one risk rating (e.g., inherent and residual risks), set the parameters (e.g., likelihood) that will determine the risk values, establish the choices, and set the color coded results. 

Perform Risk Assessments/Decisions

Risk assessments become a breeze with Xybion as you can establish the risk assessment workflow template within the process designer.  With that you can set which fields are collected during the evaluation, whether approvals are required, and if other tasks must be performed prior to the close of the assessment.  Once the template is quickly built, you can simply select a set of risks and start an assessment.  The system even allows the functionality if you want to create one workflow for the business units to assess the risks and later for the corporate risk committee to perform a separate evaluation.

Perform Risk Mitigation 

Because there are many fields to choose from in the risk evaluation, the organization can log a risk decision, a priority, control effectiveness, and other evaluation fields on the risk.  For those risks that must be mitigated, the organization can launch a corrective action in order to put in place the appropriate controls or perform the needed activities to reduce the residual risk and track the status of those corrective actions.

Create Risk Reports 

Xybion's risk management provides an enhanced interface, much like  MyPage, to allow the users to view multiple panes of critical risk information all within the same view.  The user can view their structured lists of risks and at the same time see a list of assessments performed on that risk.  From the searches, the users will be able to run and print risk reports containing the risk, risk assessment, and corrective action information.

Summary

Xybion's risk management software tools are part of our enterprise governance, risk and compliance software suite and allow companies to integrate processes such as CAPA, Audit, IT Governance, Risk, Non-Conformance and more in a single, enterprise software application.