iFACTS Risk Portfolio
Risk assessment, mitigation and follow-up
Universal web tool for all types of Risk assessment.
iFACTS Risk Portfolio is designed to support all types of Risk assessment. The Risk information model is a key part in the iFACTS method, which provides a vocabulary for all types of risk and describes its interconnection and influence on all areas of an organization. For example objectives, strategies, events etc.
Different types of Risk assessments include:
- Project risk assessment
- IT risk assessment
- Vulnerability or consequence assessment
- Monte Carlo analysis
The main purpose of a Risk management process is to demonstrate how risks can affect an organization’s ability to reach its objectives. Since the objectives are established in all parts of the organization, the risk approach will follow the objective setting structure.
A risk assessment can be set up for assets such as projects or IT. Risk scenarios are created by an administrator or directly in the assessment session. Each scenario is assessed using predefined risk terminology such as "probability scale", "consequence scale" or "risk categories".
In an ERM assessment, for example, the risk scenario is assessed and analyzed for how it will affect different aspects of the business. Examples include financial indicators such as Cashflow and EBITA. Risk specialists want to determine how these indicators will affect strategies and objectives, and how they are connected to other risks, events and mitigating activities such as BCP.
Risk scenarios are analyzed using gross/net calculations or through a Worst case / Most likely / Best case approach together with distributions such as BetaPERT. The correlated scenarios can be aggregated to group level and passed through Monte Carlo simulations, and presented as, for example, risk capacity, risk appetite and risk/reward.
Typical work steps using iFACTS risk assessment software include:
- Risk assessment setup (information, objectives, participants, time frame)
- Included scenarios
- Risk assessment variables
- Risk mitigation
- Milestones, approvals
- Risk report with findings and recommendations
- Continuous risk follow-up and access to historical data
- Dynamic setup of structure and roles
- Dynamic setup of Risk programs
- Milestones and participants
- Notification and approval through email
- Documentation center
- Nonconformity handling
- Master data, API, Integration
- Report generator