RSA Archer Release 6.5 brings some exciting enhancements to our Enterprise & Operational Risk Management solution. Assessing risks in the RSA Archer Top-Down Risk Assessment use case is now more granular, more precise, and reinforces the ownership of risk throughout the organization.
Release 6.5 adds the ability to break down risk records into several scenarios that can then be assessed individually. This provides more flexibility and a more complete view of risk. This is particularly relevant for low frequency / high impact scenarios that often are not reflected in the less granular level risk assessments.
Two new applications have been introduced in this release to bring this functionality alive. The Risk Scenarios application is where scenarios are linked to risk register records and assessed individually. The Risk Assessment Library application is where templates of scenarios can be used to generate new scenarios using Archer-to-Archer data feeds.
The risk register record shows a new section where all the risk scenarios for this risk are displayed. We also take advantage of a Release 6.4 enhancement by embedding a risk scenario heatmap inside the risk register record.
Risk assessments are a key tool to manage risks. However, having assessed a risk doesn’t mean the work is done. If the results of the assessment are not reviewed by the appropriate authority, there will be no ownership of the risk by the business and all of the work during the assessment process will be moot.
The Delegated Authorities enhancement ensures that ownership of risks throughout the company is ensured. Several threshold of risk values can be entered at the business unit level, and a stakeholder can then be associated for each level. When a risk is assessed, the assessment result can be enrolled in a review and approval workflow. When the workflow is started, based on the risk level and the thresholds for the business unit, the right stakeholder will be identified and the workflow will route a task and notification to review the risk. Once the review has taken place, if the risk has been approved, a log of the approval is kept. If the risk has been rejected, a finding will be logged. Inspire everyone to own risk, indeed.
I am excited for users to take these new features and run with them -- and I can’t wait to hear how they're being used. Join me for a demo of those new functionalities at the Free Friday Tech Huddle on November 16t. Don’t forget to check out the other Release 6.5 blog posts for more RSA Archer goodness!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.