Risk management aims to find an optimal balance between opportunity and risk. In smaller companies, this balancing often works on a departmental level and “by feel”. Larger companies implement a strategic risk management that does justice to the higher complexity. The otris digital risk management solution anchors uniform processes in the organisation – from risk assessment and risk analysis to action management and reporting.
Entrepreneurial activity is associated with risks. Because: without risk, opportunities rarely arise. The challenge is to manage risks systematically. On the one hand, this includes identifying dangers and quantifying possible effects (e.g. financial damage, damage to reputation). On the other hand, companies must derive measures from the analysis in order to manage the identified risks.
Identifying risks and weighing them against the business potential – this is also done by companies without specific risk management. The difference to companies with established risk management lies in the lack of a systematic approach. Risks can only be strategically controlled with firmly implemented processes. otris risk management supports you in this task.
The otris risk management integrates different functional areas into a holistic solution. Digital files structure the processes in risk management. With the tools for documentation, assessment and organisation, you control the operative work.
Risk assessment | Identification
The risk identification process is controlled by a questionnaire-based risk assessment workflow that can be customised. You can customise the questionnaire contents and the parameters for evaluation. The software automates the sending, documentation and evaluation process.
Risk documentation | Record
Risks and findings that you have identified on the basis of questionnaires are recorded in the risk documentation. The process, including release and updating, is controlled by a workflow that can be customised.
Measures management | Organisation
You can organise the operational processing and control of measures as well as controls for risk minimisation with the features for measure management. Measure management is supplemented by a follow-up workflow for the systematic follow-up of audits and workshops.
Reports | Automatic monitoring
The system automatically creates reports from the predefined data. For example, you receive continuous statistics on the number of newly identified risks or the degree of processing of measures.
Individual workflows | Your corporate processes
Additional workflows defined by you can be integrated into the system and configured without restriction in order to adapt the operational work with the software precisely to existing company processes.
Ease of use through a software interface that has been thought through down to the last detail is a top priority in all otris developments. With little effort, the user learns how to work quickly and efficiently with otris risk management.
otris risk management is a browser-based application and therefore does not require installation on users’ workstations. The solution is platform-independent and integrates into your IT environment without complications. Standardised interfaces enable smooth communication with existing systems. Not only the technical work with the solution, but also the administration as well as the individual design of the programme interface is done comfortably via the web browser.
In order to adapt the software functional scope to the given requirements, companies choose one of the three software editions and combine extensions as needed. If there are further requirements that this standard functional scope does not cover, otris-Consulting implements customisation according to need. From a simple data field extension to complex interfaces to third-party systems – the architecture of the software is so open that even extensive customisations can be implemented with manageable effort.
Not only the range of functions, but also the number of users can be expanded quickly and easily. For example, you can start with digital risk management at group level and only gradually include the subsidiaries.
On-premises or cloud – you are free to choose which variant you use. On-premises means that the solution is installed on a server at your company location. With a cloud variant, you access the servers of a secure data centre (location: Germany) and use the software from there. In both cases, you use a web browser to work with the solution.
The basis for systematic risk management is a company-specific risk strategy. The strategy defines guidelines for dealing with risks. Each company develops its own risk strategy. The otris risk management software supports its operational implementation.
An ongoing risk inventory is the prerequisite for all further steps in risk management. The otris risk management solution integrates a questionnaire feature that allows you to organise and evaluate surveys. First, you create the questionnaire content (for example, a question and selection answers on the topic of invoice approval).
The software transfers the content into digital questionnaires that function like a web form. You assign the employees responsible for answering to the respective questionnaires. The rest of the process is automated: the employee receives an email with a link to the questionnaire. After they have answered the questions, the system informs you about the response to the questionnaire and the result. The evaluation is also automated: you define in advance how the system evaluates answers.
Example: You ask whether only department heads are allowed to release invoices over 10,000 euros. If the question is answered with “No”, the system marks the process with a red traffic light symbol. Provided the questions are asked correctly and addressed correctly, you can deduce from the survey where there is risk potential and need for action.
You can easily derive recommendations for action from the survey results. For example, a guideline could be derived from the findings on invoice approval that invoice amounts over 10,000 euros may only be approved by the department management. This pragmatic approach can be the most effective way to manage risks, depending on the determination. However, if the case is more complex, it may be necessary to use the finding to derive and document an abstract risk.
For each documented individual risk, the responsible person (e.g. risk owner) defines the damage potential and probability of occurrence. Different methods are available for the assessment, which can be adapted to your specifications through configuration. The system calculates the risk level from these parameters. The responsible employee (e.g. risk manager) reviews the result and gives approval if the risk is to be included in the catalogue and the risk matrix. The matrix helps you to quickly recognise which risks have, literally, been assigned to the “red zone” and thus have a high damage potential and/or high probability of occurrence.
Traffic light symbols show you whether action is required for individual risks and findings. If you initiate a measure, link it to the respective risk or finding. The system informs the responsible person (e.g. risk owner) about the measure and the task you have formulated. The follow-up of the processing status is also system-supported: If the responsible person does not process his task within a defined period of time, he receives a reminder message. Traffic light symbols show you which tasks are still unprocessed, in progress or completed by which persons responsible. You can use recurring tasks/checks to document and monitor essential components of your internal monitoring system.
The system configuration allows you to adapt otris risk management to your company-specific risk definition and strategy. Parameters that evaluate risks/assessments and specifications for the risk map structure control the subsequent classification. You can adapt the system to your risk strategy largely on your own. For adaptations to company-specific workflows (e.g. approvals), otris consulting supports you.