The number, complexity, and velocity of risks are increasing, and the speed at which these risks emerge means your organization has much less time to effectively respond. In addition, organizations are managing many different types of risks – like cyber, third party supplier, competitive and new products/service risks – within different business silos and assessing them using separate methodologies and measurements. Unfortunately, the current ad hoc risk management approach is overloading your resources and does not provide a consistent, real-time risk picture for your executive team.
Archer Enterprise & Operational Risk Management
Archer Operational Risk Management makes it easy to engage your first line of defense to identify and assess risk, evaluate, approve and respond to loss events, oversee key risk indicators, and manage day-to-day tasks, issues, and remediation plans. Serving as an aggregation point for your organization’s operational risk management program, Archer brings together data often found in siloed risk repositories to identify, assess, evaluate, treat and monitor risks consistently across your organization. With the ability to better understand, prioritize and manage known risks, you can expand your program to include additional business units and risks, or re-deploy risk management resources freed up as a result of more efficient program management.
With Archer you get a consolidated and clear view of risk that allows you to prioritize risks, deploy resources to address the most critical problems, and elevate risk management as a new source of competitive advantage.
See the Solution Brief for this Solution on Archer Community: https://community.rsa.com/docs/DOC-40093
|
Use Case |
Description |
Prerequisites |
|---|---|---|
|
The Archer Risk Catalog provides the foundation to record and track risks across your enterprise and establish accountability by business unit and named first line of defense manager. The catalog provides a three level roll up of risk, from a granular level up through enterprise risk statements. Inherent and residual risk can be assessed utilizing a top-down, qualitative approach, with assessed values rolling up to the associated business unit and enterprise risks. |
None |
|
|
Archer Top-Down Risk Assessment enables practitioners to document risk and control procedures. Risk register statements can be rolled up through a two-level risk hierarchy to provide enterprise-level risk statements. Risks can be associated with business processes and assessed on an inherent and residual basis, both qualitatively and across multiple risk categories using monetary values. Control procedures can be documented and linked to the risks they treat, for consideration as a part of the residual risk assessment. |
Issues Management |
|
|
Core to an effective operational risk management program, Archer Loss Event Management allows you to capture and inventory actual loss events, near misses, and external loss events that may be relevant to your business and industry. Loss event root cause analysis can be performed for the purpose of taking appropriate actions to reduce the likelihood and impact of similar losses occurring in the future and robust reporting of loss events can be generated to help understand and better manage your organization’s losses. |
Issues Management |
|
|
Archer Key Indicator Management provides a means to establish and monitor metrics related to risks, controls, strategies and objectives. With configuration, metrics can also be associated with other elements of a risk and compliance framework, such as products, services and business processes, to monitor quality assurance and performance. In an operational risk management program, key indicators often serve to provide early warning of changes in risk likelihood and impact, including changes in risk treatment. As indicators fall outside acceptable boundaries, key stakeholders can be automatically notified to initiate remedial actions. |
Issues Management |
|
|
With Archer Bottom-Up Risk Assessment, you can engage in targeted project risk assessments. Projects could include fraud assessments or assessments of new or changing products and services, business processes, mergers or acquisitions. Projects can be documented and questionnaires can be created with custom questions and questions derived from Archer’s extensive library of thousands of out-of-the-box questions. When risks are deemed too high, risk treatments and remediation plans can be documented and tracked. |
Issues Management |
|
|
Archer Operational Risk Management is an umbrella of several risk management activities, including risk and control registers, loss event documentation, root cause analysis and workflow review and approval; risk hierarchy roll-up and risk library; key indicator management, including a key indicator library and approval workflow; Top-Down Risk Assessments; Bottom-Up Risk Assessments; Issues Management; and risk self-assessments campaigns (control self-assessments(CSAs), risk & control self-assessments (RCSAs), and process, risk & control self-assessments (pRCSAs). Self-assessments incorporate workflow that allows the second line of defense program manager to create, distribute, review, and approve assessments. Archer serves as an aggregation point for your organization’s operational risk management program. With the ability to visually understand, prioritize and manage known risks, you can expand your program or re-deploy risk management resources since resources are utilized more efficiently. With Operational Risk Management, it is easy to establish accountability for risk management activities; engage your first line of defense to identify and assess risk, evaluate, approve and respond to loss events; utilize key risk indicators; and manage outstanding issues. Archer brings together data often found in siloed risk repositories to identify, assess, evaluate, treat and monitor risks consistently across your organization. |
Risk Inventory Top-Down Assessment Loss Event Management Key Indicator Management Bottom-Up Risk Assessment Issues Management |