Enterprise Risk Management is defined as “a process, affected by an entity's board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risks to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.” Under ISO 14971, it is more simply defined as the “Systematic application of management policies, procedures, and practices to the tasks of analyzing, evaluating, and controlling risk”.
In today’s competitive market, enterprise risk management is essential to survival. Xybion offers a comprehensive risk management software solution that allows organizations to conduct activities related to identification , management and mitigation of risks. The Risk and Compliance Management (RCM) software solution delivers powerful and flexible capabilities to help organizations model their risk methodology, capture risks, and quickly identify high risk areas across the enterprise.
Xybion’s Enterprise Risk Management software solution delivers the following capabilities:
Create a Risk Classification Library
Organizations can create a hierarchical structure of risk categories to ensure that risks are appropriately classified thereby helping the company ascertain if the highest risks are strategic, operational, marketing, etc. In addition the risk classification also serves as a risk library allowing organizations to maintain and update a common list of risks typically found in their organization.
Identify Business Unit and Corporate Risks
Within the risk compliance structure, companies can pull risks from the library and link them to the affected business units within the corporation. Companies can determine which fields are collected on each risk, which can include links to products, equipment, and many other fields. As a result, corporations can create reports to provide them a list of risks by business unit, equipment, etc. eGRC Enterprise is unique in that it allows the ease of identifying risks by pulling from a library, but also the capability to establish some site-specific information on that risk and identifying if that is a risk that really provides greater detail on a “higher level” risk.
Create a Risk Rating Scheme
Xybion provides the flexibility of building various risk ratings based on your choice of qualitative parameters. For example, some organizations assess risk via a likelihood and severity matrix, others with a probability and consequence matrix. With Xybion, you can set up more than one risk rating (e.g., inherent and residual risks), set the parameters (e.g., likelihood) that will determine the risk values, establish the choices, and set the color coded results.
Perform Risk Assessments/Decisions
Risk assessments become a breeze with Xybion as you can establish the risk assessment workflow template within the process designer. With that you can set which fields are collected during the evaluation, whether approvals are required, and if other tasks must be performed prior to the close of the assessment. Once the template is quickly built, you can simply select a set of risks and start an assessment. The system even allows the functionality if you want to create one workflow for the business units to assess the risks and later for the corporate risk committee to perform a separate evaluation.
Perform Risk Mitigation
Because there are many fields to choose from in the risk evaluation, the organization can log a risk decision, a priority, control effectiveness, and other evaluation fields on the risk. For those risks that must be mitigated, the organization can launch a corrective action in order to put in place the appropriate controls or perform the needed activities to reduce the residual risk and track the status of those corrective actions.
Create Risk Reports
Xybion's risk management software tools are part of our enterprise governance, risk and compliance software suite and allow companies to integrate processes such as CAPA, Audit, IT Governance, Risk, Non-Conformance and more in a single, enterprise software application.