Risk Management
Risk Management is a key business process within both the private and public sector around the world. Sound and effective implementation of risk management is part of best practice concepts at the corporate/strategic level as well as a means of improving operational activities.
Karomi Risk Management has been designed to facilitate the process of identifying, assessing and treating risks. Besides capturing risk definitions/criteria and risk tolerances, the system can also display the data collected in a manner specific for your purpose including individual risk matrix configurations. Risk assessments are conducted to determine 'inherent' risk, which takes in to account all current control measures. Looking at this value gives some indication of the criticality of the controls in managing the overall risk.
Risk review dates are set and an escalation process will be triggered should the review become overdue or actions associated with the treatment plan remain incomplete. Risk registers can be output using the in-built reporting tools and all risks can be rolled up to provide a corporate view of operational risks across all facilities.
Risk Management Process
- Identify Organizational Risks: By surveys, interviews, and solicitation of input across divisions and departments
- Risk Assessment:
- Consequence - The level of impact or outcome of risk
- Probability - The likelihood of risk getting realized
- Inherent Risk - The nature of the risk event
- Mitigation Control Effectiveness - The effectiveness of mitigation plans
- Record, track and resolve Risk incidents
How to identify Risks?
Karomi Risk Management application provides tools to quickly put together surveys and polls for gathering inputs from professionals and employees. This data is then collated into a list of identified risks for the organization. The list can be reviewed periodically and updated based on existing business scenerios.
Identify Risk Consequences and Risk Probability
Consequence is the level of impact that the potentialrisk event can have on the acheivement of business objectives. Consequence will be measured on a 5 level rating scale (25-Extreme, 20-Very High, 15-Moderate, 10-Minor, 5-Insignificant).
Probability is the likelihood of occurrence of the potential risk event which may lead to the assessed consequences. Probability will be measured on a 5 level rating scale in the risk survey (25-Almost Certain, 20-likely, 15-Possible, 10-Unlikely, 5-Rare)
Calculating Inherent Risk
Inherent risk signifies the exposure arising from a specific risk event before any action has been taken to manage it.
Inherent Risk = Consequence X Probability
Inherent risk rating will be exhibited on a 4 level rating scale (Extreme Risk, High Risk, Moderate Risk, Low Risk)
Risk Mitigation Control Effectiveness
Mitigation control effectiveness is the effectiveness/existence of risk mitigants with respect to the assessed risk event in the existing business processes. Mitigation Control Effectiveness will be measured on a 5 level rating scale. Mitigation control activities can include initiatives, policies, processes and procedures, restriction, guidelines and rules.
Risk Incident Tracking and Reporting
Karomi provides an easy way to report risk related incidents and track it as it goes through a workflow. Karomi provides Corrective and Preventiave Action (CAPA) process for handling risk related incidents. Updates to Inherent risk and mitigation plans can be done based on the consequences of the risk incident.