Risk Management is a whole new module at the Alyne platform and supports the full lifecycle of
- capturing risks,
- set up mitigation actions for those risks within your organisation,
- manage down the risk probability, impact and expected loss,
- observe and manage expected loss scenarios and the organisation's risk appetite in line with your mitigation actions,
- close and archive risks.
As always, we use tiles in Risk Management as well. We represent each Risk as a tile and you can manage everything connected to this Risk directly on this tile. This includes setting and changing the probability, impact and expected loss. Automatically Alyne calculates out of that the Risk criticality and indicates this in our typical user interface style that is very intuitive to understand.
You can create Risks from scratch or import risks directly from Alyne reports.
We make available our standard features of comments and Secure Files on each Risk enabling customers to directly discuss, interact and securely share files when managing a risk in a collaborative manner.
You also define your mitigating actions plan directly at the tile. Just click on the "Plus", enter the description, due date and the person responsible for this action. Each mitigation action also carries the amount of probability and/or impact reduction, in the example "Providing a list of privacy consultants" is planned to achieve a probability reduction of 20 percent points.
We invented a super-intuitive and flexible approach to organise Risks: Risk Tags. Each Risk can be assigned to one or more Risk Tags. By clicking on a Risk Tag your Risk view including the risk analytics at the top gets filtered to exactly this Risk selection.
You can even select multiple Risk Tags to view all the Risks that are assigned to this Risk Tags and even more to only those Risks that the selected Risk Tags have in common.
Alyne users can define access control on each Risk Tag in a very granular way.
Through how Risk Tags and its access control are implemented, any organisational structure or responsibility areas can be modeled without technical customisation efforts.
Realtime analytics graphs
At the top Alyne always shows the number of tracked Risks, their Risk Rating (low to critical), the number of excessive critical or very high risks, the mighty Risk Exposure graph and the Risks by status. These always consider the selected Risk Tags.
Let's pick two of those graphs
Risk Rating: For each Risk Tag you can define how many critical and very high Risks you want to tolerate. This graph tells you a breakdown of the risk ratings of the selected Risks and the number of Risks exceeding these two rating thresholds.
Risk Exposure: On each Risk Tag you also define your financial risk tolerance. This mighty graph starts always starts from now and predicts the expected financial loss considering the applicable Mitigation Plans and their due dates in the future. Overdue mitigation actions are cumulated into a dotted line representing the risk reduction potential once these overdue tasks are completed.
How Alyne customers are leveraging Risk Tags:
- An Alyne customer set up 40 Risk Tags representing the local branches of the organisation. Risks are captured and managed by local Risk Managers at branch level.
- The Risk Committee at the Headquarters owns a Risk Tag called "Top 10" where only its members have write access to.
- Risk Committee members have read access on all the branch level Risk Tags and select the Top 10 Risks they want to observe globally out of this pool. The selection of the Top 10 is as easy assigning the "Top 10" Risk Tag to the selected Risk.
- Once a Risk Committee member clicks on the Top 10 Risk Tag, she/he not only sees the current status, rating and exposure of these 10 risks, but also their Risk Journey, i.e. how probability, impact and financial risk exposure will go down over time based on the Mitigation Plan and when the break even of cumulated risk exposure and the Risk Appetite defined for the Top 10 Risks will happen.
Tasks can be used as personal task tracker within Alyne and will be used extensively throughout the app in future, e.g in combination with Funnels and Reactions.
Initially, the new Risk Management module makes use of it for its Mitigation Plan. Mitigation Actions are in fact Tasks. Tasks as such have an owner, can have multiple activities, i.e. sub tasks, a completion indicator that considers the status of activities and can be delegated to other members of the organisation.
At the top, realtime graphs indicate statistics about your tasks, especially urgent and overdue ones.
Secure Files everywhere
Our Secure Evidence feature leveraging envelope encryption, hardware security modules and custom storage locations around the world was only available for our Assessments feature. Customers like it very much, so that they demanded more of it:
We listened and now allow for all customers opted in for the Secure Evidence feature to attach files to Control Sets, Controls, Reports and Risks at the same level of security as already established for Assessments.
On Control Sets and Controls only Expert Users can add and delete files. Business Users can only view these files.
On Risks, the individual access control policies of Risk Tags have effect: If a user only has read access to a Risk, then she/he is only allowed to view these attached files - makes sense.