BPM Risk management

Thanks to the automation of the process, each authorized user can start the risk reporting process in the system. Each reported risk in the organization’s operations is submitted to the risk owner designated for a given thematic scope (process or asset or organizational unit) for approval. Such owner each time decides on the legitimacy of the reported risk, as well as performs periodic, comprehensive reviews of the risk register for a given subject area in order to confirm whether the risk at a given level is still present or needs to be changed.

The risk management module has a wide range of development possibilities, e.g. risks identified in the module can be analyzed during internal audits or when using the Objectives and indicators module (link to the website). From the Infrastructure module (link to the website) in the risk management module, it is possible to identify the risks associated with the asset registered in this module. In addition, if an event is registered in the BPM Incydenty module (link to the page), it is possible to analyze the risks associated with the identified events.

The module also integrates:

• with the Business Continuity module (link), i.e. for critical resources, for which information classification is not conducted, it is possible to conduct a risk analysis in the Operational Risk Management module;
• The module library of documents (link) in the scope of the possibility of indicating risk control mechanisms in the form of internal regulations.

For the risks identified in the module, for which the necessity to implement a risk treatment plan has been established, the system enables the design of this plan, assigning specific actions in the plan for implementation to specific users with an indication of the date by which the action should be performed. In addition, for each action in the risk management plan, it is possible to specify whether the person supervising the implementation of the plan is to receive periodic reports on the progress of the action implementation or not, as well as the frequency of this reporting. After approval of the risk treatment plan in the system, activities related to its implementation are assigned to the appropriate people. The system communicates to users the tasks assigned in the system for execution by e-mail. Each time it informs about a task that needs to be completed. Reports on the progress in the implementation of activities are also assigned as tasks and, after their completion, sent to the persons supervising activities as part of the risk management plan by e-mail. The described mechanism ensures that the user does not have to log into the system to check whether any tasks have been assigned to him, because each time he receives e-mail information about these events and can go to the appropriate task in the system from the level of the e-mail message.

Thanks to innovative solutions, the system enables ongoing monitoring of the progress in the implementation of risk minimization plans, generating reports, among others. in xlsx format, both from the register of all reported risks and from risk treatment plans. Thanks to the reporting module, it is possible to generate reports predefined in the system, e.g. Hierarchy of risks or Risk Ranking.

An additional functionality supporting the Risk Management module is the dashboard module, which presents charts and statements predefined for the risk management module. Each user can independently configure which dashboards are to be displayed in his management panel.

An interesting functionality made available in the module is the possibility of reporting risks causing threats to the conducted activity, but also risks causing opportunities and conducting their assessment based on criteria in the context of a threat or opportunity, respectively. The possibility of assessing risks in the context of opportunities is a decision of the organization and can be included in the system configuration.

BPM Risk Management module is a solution operating in a web browser and communicating with users through tasks assigned in the system, as well as e-mail messages addressed to system users. Moreover, the system enables:

• Configuring risk assessment criteria in the context of threats and opportunities;
• Configuring risk management areas, indicating which criteria are to be used in which areas;
• Reporting of risks in the indicated areas of identified risks by users who have been granted authorization;
• Risk owners making decisions about the reported risk;
• Defining and supervising the implementation of risk treatment plans in the system, including reporting on the progress of the implementation of activities under the risk treatment plans;
• Conducting comprehensive reviews of the relevance of identified risks and creating risk registers for them as part of the review;
• Optional reviews of the validity of the ratings assigned to individual risks, with a frequency depending on the designated risk level;
• Generating reports on risks registered in the system and risk treatment plans in the form of xlsx files;
• Generating predefined reports available in the system, e.g. Risk hierarchy, Risk ranking;
• Availability of predefined risk-related dashboards;
• Possibility to design reports / dashboards in line with the needs / expectations of the client;
• High flexibility of the system in designing new functionalities for the individual needs of the Ordering Party.

Risk management of the organization’s activity is a topic discussed both among small, medium and large enterprises, as well as in public administration units.

The operational risk management module is intended for all those organizations that want to collect information on events that may cause risk to their business from various organizational units.

If your organization carries out the identification and risk assessment for the conducted activity / implemented tasks or processes, the BPM Risk Management Module is the solution for you.

Operational risk management is often supported by commonly available IT tools, such as, for example, spreadsheets. This solution works well for small organizations, simple risk assessment methodologies, low frequency of analyzes, a small group of people involved and low risk volatility.

In other cases, this solution will not be sufficiently effective, because the analysis of the data collected in this way in terms of variability in relation to the previous results is each time time-consuming and has a high probability of errors.

An excellent alternative to this approach is the BPM Risk Management module, in which the automation of actions necessary to perform is carried out, and the data subject to changes are reported by the system, which reduces the number of possible errors in the results of the analysis of the collected data to almost 0.

The experience of many organizations shows that in the case of a large number of risks identified in organizational units and a high frequency of risk analyzes, risk assessors want to simplify processes and find the so-called “Simplified path”. This is not always consistent with the organization’s goals, but in the absence of processes that automate such situations, such situations are much more likely.

What to do to protect the organization from such problems?

Whenever possible, a mechanism should be used to automate and protect against changes without introducing justification for the changes. The most effective solution in this respect will be the introduction of a workflow, in which there is a mechanism that verifies the correctness of the entered data, as well as substantive verification of reported / changed risks.

Blue Energy meets these needs by providing an IT tool that ensures not only the automation of the risk assessment process, but also substantive verification of reported risks by authorized users.