Expert Guides
      Back to home
      1. Knowledge Base Home
      2. Getting Started
      3. Expert Guides

      Enterprise risk management​ expert guide

      This article is a step-by-step guide on how to manage risk across your organization in 6clicks

      Topics covered in this article:

      Enterprise risk management is a strategic approach organizations use to identify, assess, manage, and monitor risks in pursuit of their objectives. It enables proactive risk identification, assessment, and informed decision-making for effective risk mitigation strategies. Use this guide to help you get started on your Risk Management program.

      Establish the scope and context

      Organizations define the boundaries for risk management by considering industry regulations, organizational objectives, and internal and external stakeholders. They incorporate these regulations into their risk management activities to ensure compliance and minimize legal and regulatory risks. By aligning risk management efforts with goals, organizations prioritize and allocate resources accordingly. Internal stakeholders, such as employees, and external stakeholders, like customers and regulatory bodies, are considered to identify risks and tailor risk management strategies. Considering industry-specific risks and the organizational context, organizations develop relevant and effective risk management strategies.

      For an internal respondent, please review how to create and respond to an internal assessment.

      Run the 6clicks Scope Assessment to establish the scope and context.

      1. Navigate to the 6clicks Content Library.
      2. Use the search functionality to find the 6clicks Scope Assessment and select details.
      3. Review content and select Add Content. Select the + icon and create a new assessment.
      4. Select Question-Based Assessment and search for the 6clicks Scope Assessment.
      5. Enter a unique name and add a respondent, then select Create.
      6. Review the 6clicks Scope Assessment. Once completed, move the Status to Publish and add a respondent to send the 6clicks Scope Assessment. 

       

      Risk Identification

      Risk identification is a crucial step in the Enterprise Risk Management process. Organizations can use a risk library or risks can be added or imported directly into the risk register. By maintaining a comprehensive record and prioritizing risks based on likelihood and impact, organizations can develop strategies to mitigate threats and protect their objectives.

      There are several key risk management configurations you can explore in the 6clicks platform:

      • 6clicks enables users to configure custom fields for your risk management needs. To configure your own custom fields, head here.
      • You can also configure your own risk workflow as required for your risk framework or process.

      To get started with risk identification, add a Risk inside 6clicks by following the steps below or begin by using a risk library in 6clicks:

      1. Navigate to the Risk Register Module.
      2. Add or import existing risks by selecting the More dropdown or Create New.
      3. Review the overview tab content. This includes; Risk Owners, Access Members, Risk Domain, Description, Common Cause, and potential impact.

      Risk analysis

      6clicks enables the assignment of a numerical value to assess the likelihood and impact of risks, allowing for prioritization based on significance. This analysis helps organizations understand the level of risk associated with each identified risk and make informed decisions on risk treatment strategies and resource allocation. It also allows organizations to develop a clear understanding of potential threats, prioritize risk management efforts, implement appropriate controls, and protect their objectives.

      6clicks enables users to configure custom fields, matrices, and more for your risk assessment processes.

      Assign values to the likelihood and impact of a risk.

      1. In Risk Details navigate to the Risk Assessment tab.
      2. Create a new Risk Assessment by giving it a title.
      3. Review the New Assessment. This content includes; Likelihood, Impact, Risk Rating, and many other options.
      4. To configure your own custom fields, head here.

      Risk evaluation

      Risk evaluation is a crucial step in the risk management process. It allows organizations to assess the likelihood and impact of identified risks, prioritize efforts, allocate resources effectively, and make informed decisions about risk treatment. By evaluating risks, organizations can develop strategies to mitigate or eliminate potential threats, protect objectives, and ensure operational continuity. It is important to contextualize risks in terms of the current control environment and compliance requirements. Assigning policy statements, controls, or compliance to a risk demonstrates the need for additional controls and the existing controls in place to mitigate the risk.

      Anyone with appropriate access rights to the risk, including risk owners and access members, can evaluate the risk information, linked data, and risk assessments when required. During their review, users with access can make updates to the risk across any available tabs depending on rules configured in the risk workflow stages. Any updates made to a risk during its lifecycle are logged in the history tab of a risk.

      Risk treatment

      After evaluating risks, organizations develop and implement strategies to mitigate or eliminate them. A comprehensive risk treatment plan is created, outlining specific actions, responsibilities, timelines, and additional controls if needed. This plan serves as a roadmap for effectively managing and addressing risks, reducing their likelihood and impact. In some cases, additional controls such as new policies, enhanced security measures, or advanced technologies may be necessary to further mitigate risks. The goal of risk treatment is to minimize disruptions, protect assets, and maintain a positive reputation. Regular review and updates of risk treatment plans allow organizations to adapt and improve their risk mitigation strategies.

      Set up risk treatment plans for risks outside of your risk appetite/tolerance.

      1. Inside Risk Details navigate to the Treament tab.
      2. Click the + to add a new Treatment Plan or use the search functionality to select one.
      3. Add a new treatment plan, this content includes; Status, Due Date, Assignee, statements, and Provisions.

      Monitor and review

      The final phase of Enterprise Risk Management is monitoring and review. This ensures ongoing oversight of risk management efforts and allows organizations to adapt strategies to address emerging risks effectively. It involves regularly tracking the progress of risk treatment plans to ensure they are being implemented as intended and taking corrective actions promptly. Organizations also need to monitor overall risk levels by assessing the current state of risks and identifying any changes or new risks. They assess the effectiveness of implemented controls through periodic audits or assessments, identifying areas for improvement to enhance risk mitigation strategies. Continual risk review is essential to remain agile and proactive in risk management efforts, adapting strategies to address emerging risks or changing business conditions. Reviewing, adjusting, and correcting risk tolerance is necessary to stay ahead of future trends in the industry or sector.

      Use reporting and analytics to monitor risk levels and the progress of risk treatment.

      1. Navigate to the Analytics module.
      2. If you do not have a dashboard built out, select Browse and Reports.
      3. Search for out-of-the-box Risk reports such as our risk register to consume.

       

      Enterprise risk management

      Provides organizations with a strategic and structured approach to identifying, assessing, managing, and monitoring risks. By implementing this comprehensive methodology, organizations can proactively address potential threats and protect their objectives and goals. Through the establishment of a clear scope and context, thorough risk identification, rigorous risk evaluation, effective risk treatment, and ongoing monitoring and review, organizations can enhance their resilience and ensure long-term success inside the 6clicks platform.