MKinsight™ has a very comprehensive Enterprise Risk Management (ERM) capability which can be used to enter, assess and manage the Enterprise level risks an organization faces. In many cases this capability is in use within dedicated risk teams, in other cases audit teams use it to record Enterprise level risks to facilitate Audit planning, and in other cases the two disciplines work alongside one another within MKinsight™ (see image 1) & (see image 2)
MKinsight™ was conceived as, and has therefore been developed as,
a fully integrated Audit Software and Risk Management Software system with the Risk side informing Audit at the Planning stage and Audit informing Risk Owners based on actual test results (this is done through MKinsight’s unique Scoring Technology discussed in the Electronic Working Papers section).
MKinsight’s ERM functionality provides key functionality in the following areas:
- Creation and ongoing management of Risks
- Creation and ongoing management of multiple Risk Registers
- Creation and monitoring of Controls, Proposed Controls and Actions
- Assessment of Risks using a diverse array of methodologies
- Comprehensive reporting (including heat maps)
- Alerting services
- Seamless linkage to Internal Audit Work
The following sections look at each of these areas in turn:
Creation and Ongoing Management of Risks
Risks can be created and managed within MKinsight™ and each risk can include a wide array of information examples of which include:
- Name and description
- Risk assessment
- Risk levels
- Unlimited free text fields
- A range of definable drop down lists to categorise each risk
- Reassessment period
- Controls and Proposed Controls (see below)Actions (see below)
- Organisational links (including the audit universe if used alongside the audit team)
- History of all changes
MKinsight™ includes a range of permissions determining whether or not a User can create risks, submit them for approval, assess them, edit them, archive them etc. Access to risks can be controlled so that Users only see Risks they have access to and on-line search facilities include the ability to filter by any attribute that a Risk may have – this includes full free text searches.
All pop up multi select options use the very latest on-line technology to deliver a fast and responsive User experience.
Creation and Ongoing Management of Multiple Risk Registers
MKinsight’s ERM capabilities include allowing the creation of multiple Risk Registers for different parts of the organisation’s operations. This includes the ability to employ different Risk Assessment Grids and appetite lines for each separate Risk Register as well as completely different scoring methodologies if required.
This flexibility in methodologies also includes the ability for the team to completely change its methodology and scoring system (e.g. having an 5 * 5 assessment that changes to a 10 * 8) at any stage. As with everything else in MKinsight the power to make such changes within the application is fully controlled by the granular permission system governing what each User can do within the application.
Creation and Monitoring of Controls, Proposed Controls and Actions
All Risks in MKinsight™ can have any number of Controls, Proposed Controls and Actions associated with them. Each of these carries with them an array of different fields which can be made mandatory or non mandatory. Again all fields can have their terminology changed in order reflect existing information.
With specific reference to Actions which can have their own deadline dates, owners etc – these can be made accessible over the web for Action Owners to login and update the central risk team on their progress.
Assessment of Risks Using a Diverse Array of Methodologies
The flexibility of assessment methodologies in MKinsight (which can be used in conjunction with one another if required) is unparalleled. The following list of options illustrates some of MKinsight’s capabilities: Impact and probability assessments can be undertaken with single or multiple Impact Categories (e.g. Financial, Reputation, Governance etc.) The scoring scale is fully configurable (e.g. 0 to 10, 0 to 5 or banded integers that go in different amounts such as 0, 1, 5, 10, 100)
Impact and likelihood assessments can be combined in any mathematical combination. When using multiple impact categories they can be combined in any mathematical combination or you can opt to select the highest. Opportunity grids can be created with the same ease as traditional risk assessment gridsWords such as high, medium and low can be used to assess impacts and likelihoods across different risks thereby eliminating to use of numeric assessments. Assessments can require the User to provide detailed or high level explanations detailing the rationale for new or updated risk assessments. Multiple people can assess the same risk or access can be limited
Comprehensive Reporting (including Heat Maps)
MKinsight™ provides detailed reporting in a range of different ways and these included the ability to develop bespoke report templates using Crystal Reports to enable unique reports for each customers that augment the powerful embedded reporting that includes heat maps, standard reports and users defined data reports than can extract bespoke reports. Reporting formats include .rtf (Word), .pdf (Adobe) and .xls (Excel).
MKinsight™ includes an Alerting service to warn risk owners of a number of things including whether or not the assessment of a Risk is overdue – such alerts are visible when the User logs on as well as being issued via email to the relevant risk owner(s).
Seamless Linkage to Audit Work
MKinsight’s ERM capabilities include a seamless integration with Audit side of MKinsight to assist the audit team with risk based audit planning. By the same token the audit team can use MKinsight’s unique scoring technology to deliver invaluable information to risk owners as to the strength or otherwise of the control environment.