Key Functionality: Enterprise Risk Management

MKinsight™ has a very comprehensive Enterprise Risk Management (ERM) capability which can be used to enter, assess and manage the Enterprise level risks an organization faces. In many cases this capability is in use within dedicated risk teams, in other cases Audit teams use it to record Enterprise level risks to aid and facilitate risk based Annual Planning, and in other cases the two disciplines work alongside one another within MKinsight™ (see image 1) & (see image 2).

MKinsight™ was conceived as a fully integrated Audit and Risk Management system with the Risk side informing Audit at the Annual Planning stage and Audit informing Risk Owners based on actual test results (this is done through MKinsight’s unique Scoring Technology discussed in the Electronic Working Papers section).

The core functionality provided by the Risk Register and Assessment capability includes the ability to: 

  • Create Risks with numerous definable lists, dates and free text fields
  • Approve Risks based on definable User privileges
  • Creation and Ongoing management of multiple risk registers
  • Assess Risks based on definable methodologies including impact * likelihood (using numbers or descriptors)
  • Use multiple Impact Categories if required
  • Request an on-line assessment by someone elsewhere in the organization
  • Directly link Risks to any elements of the Audit Universe
  • See any Risk Assessment in the Audit Universe at the Annual Planning stage
  • Conduct comprehensive reporting with graphical and tabular interfaces


The following sections look at each of these areas in turn: 

Creation and Ongoing Management of Risks

Risks can be created and managed within MKinsight™ and each risk can include a wide array of information examples of which include:  

  • Name and description
  • Risk assessment
  • Risk levels
  • Objectives
  • Unlimited free text fields
  • A range of definable drop down lists to categorise each risk
  • Reassessment period
  • Owners
  • Controls and Proposed Controls (see below) Actions (see below)
  • Organisational links (including the audit universe if used alongside the audit team)
  • History of all changes 


MKinsight™ includes a range of permissions determining whether or not a User can create risks, submit them for approval, assess them, edit them, archive them etc. Access to risks can be controlled so that Users only see Risks they have access to and on-line search facilities include the ability to filter by any attribute that a Risk may have – this includes full free text searches. 

All pop up multi select options use the very latest on-line technology to deliver a fast and responsive User experience. 

Creation and Ongoing Management of Multiple Risk Registers 

MKinsight’s ERM capabilities include allowing the creation of multiple Risk Registers for different parts of the organisation’s operations. This includes the ability to employ different Risk Assessment Grids and appetite lines for each separate Risk Register as well as completely different scoring methodologies if required.

This flexibility in methodologies also includes the ability for the team to completely change its methodology and scoring system (e.g. having an 5 * 5 assessment that changes to a 10 * 8) at any stage. As with everything else in MKinsight the power to make such changes within the application is fully controlled by the granular permission system governing what each User can do within the application. 

Creation and Monitoring of Controls, Proposed Controls and Actions 

All Risks in MKinsight™ can have any number of Controls, Proposed Controls and Actions associated with them.  Each of these carries with them an array of different fields which can be made mandatory or non mandatory.  Again all fields can have their terminology changed in order to reflect existing information. 

With specific reference to Actions which can have their own deadline dates, owners etc – these can be made accessible over the web for Action Owners to login and update the central risk team on their progress. 

Assessment of Risks Using a Diverse Array of Methodologies 

The flexibility of assessment methodologies in MKinsight (which can be used in conjunction with one another if required) is unparalleled.  The following list of options illustrates some of MKinsight’s capabilities: Impact and probability assessments can be undertaken with single or multiple Impact Categories (e.g. Financial, Reputation, Governance etc.) The scoring scale is fully configurable (e.g. 0 to 10, 0 to 5 or banded integers that go in different amounts such as 0, 1, 5, 10, 100)

Impact and likelihood assessments can be combined in any mathematical combination. When using multiple impact categories they can be combined in any mathematical combination or you can opt to select the highest. Opportunity grids can be created with the same ease as traditional risk assessment grids words such as high, medium and low can be used to assess impacts and likelihoods across different risks thereby eliminating the use of numeric assessments. Assessments can require the User to provide detailed or high level explanations detailing the rationale for new or updated risk assessments. Multiple people can assess the same risk or access can be limited

Comprehensive Reporting (including Heat Maps) 

MKinsight™ provides detailed reporting in a range of different ways and these include the ability to develop bespoke report templates using Crystal Reports to enable unique reports for each customers that augment the powerful embedded reporting that includes heat maps, standard reports and users defined data reports than can extract bespoke reports. Reporting formats include .rtf (Word), .pdf (Adobe) and .xls (Excel). 

Alerting Services 

MKinsight™ includes an Alerting service to warn risk owners of a number of things including whether or not the assessment of a Risk is overdue – such alerts are visible when the User logs on as well as being issued via email to the relevant risk owner(s). 

Seamless Linkage to Audit Work 

MKinsight’s ERM capabilities include a seamless integration with Audit side of MKinsight to assist the audit team with risk based audit planning.  By the same token the audit team can use MKinsight’s unique scoring technology to deliver invaluable information to risk owners as to the strength or otherwise of the control environment.