Risk management aims to find an optimal balance between opportunity and risk. In smaller companies, this balancing often works on a departmental level and “by feel”. Larger companies implement a strategic risk management that does justice to the higher complexity. The otris digital risk management solution anchors uniform processes in the organisation – from risk assessment and risk analysis to action management and reporting.
Entrepreneurial activity is associated with risks. Because: without risk, opportunities rarely arise. The challenge is to manage risks systematically. On the one hand, this includes identifying dangers and quantifying possible effects (e.g. financial damage, damage to reputation). On the other hand, companies must derive measures from the analysis in order to manage the identified risks.
Identifying risks and weighing them against the business potential – this is also done by companies without specific risk management. The difference to companies with established risk management lies in the lack of a systematic approach. Risks can only be strategically controlled with firmly implemented processes. otris risk management supports you in this task.
The otris risk management integrates different functional areas into a holistic solution. Digital files structure the processes in risk management. With the tools for documentation, assessment and organisation, you control the operative work.
Risk assessment | Identification
The risk identification process is controlled by a questionnaire-based risk assessment workflow that can be customised. You can customise the questionnaire contents and the parameters for evaluation. The software automates the sending, documentation and evaluation process.
Risk documentation | Record
Risks and findings that you have identified on the basis of questionnaires are recorded in the risk documentation. The process, including release and updating, is controlled by a workflow that can be customised.
Measures management | Organisation
You can organise the operational processing and control of measures as well as controls for risk minimisation with the features for measure management. Measure management is supplemented by a follow-up workflow for the systematic follow-up of audits and workshops.
Reports | Automatic monitoring
The system automatically creates reports from the predefined data. For example, you receive continuous statistics on the number of newly identified risks or the degree of processing of measures.
Individual workflows | Your corporate processes
Additional workflows defined by you can be integrated into the system and configured without restriction in order to adapt the operational work with the software precisely to existing company processes.
Risk management is a complex process. It is therefore all the more important to make the mapping of the workflows in the software as easy as possible. The otris compliance risk management is based on our DMS platform DOCUMENTS with its proven and continuously developed user guidance. The well thought-out interface design simplifies navigation and efficient use of the software.
Companies adapt the risk management solution to their requirements in different ways: By selecting a software edition, they determine the basic range of functions. Extensions cover special requirements. Additional requirements are realised by otris consulting in customisation projects. The architecture of the risk management software is so open that adaptations – from data field additions to complex interfaces – can be easily realised.
Both the range of functions and the number of user accounts can be expanded quickly and easily. For example, you can start with risk management at the level of individual departments and gradually roll out the system to other departments, subsidiaries or the entire group. User accounts that are no longer needed can be terminated at any time in SaaS operation.
We offer our risk management software as a cloud and on-premises variant. You choose the form of operation that suits your requirements: With the on-premises variant, the software runs on your company’s servers. With the cloud variant, you access servers of a secure data centre (location: Germany). In both cases, the users use the solution in a web browser.
The basis for systematic risk management is a company-specific risk strategy. The strategy defines guidelines for dealing with risks. Each company develops its own risk strategy. The otris risk management software supports its operational implementation.
An ongoing risk inventory is the prerequisite for all further steps in risk management. The otris risk management solution integrates a questionnaire feature that allows you to organise and evaluate surveys. First, you create the questionnaire content (for example, a question and selection answers on the topic of invoice approval).
The software transfers the content into digital questionnaires that function like a web form. You assign the employees responsible for answering to the respective questionnaires. The rest of the process is automated: the employee receives an email with a link to the questionnaire. After they have answered the questions, the system informs you about the response to the questionnaire and the result. The evaluation is also automated: you define in advance how the system evaluates answers.
Example: You ask whether only department heads are allowed to release invoices over 10,000 euros. If the question is answered with “No”, the system marks the process with a red traffic light symbol. Provided the questions are asked correctly and addressed correctly, you can deduce from the survey where there is risk potential and need for action.
You can easily derive recommendations for action from the survey results. For example, a guideline could be derived from the findings on invoice approval that invoice amounts over 10,000 euros may only be approved by the department management. This pragmatic approach can be the most effective way to manage risks, depending on the determination. However, if the case is more complex, it may be necessary to use the finding to derive and document an abstract risk.
For each documented individual risk, the responsible person (e.g. risk owner) defines the damage potential and probability of occurrence. Different methods are available for the assessment, which can be adapted to your specifications through configuration. The system calculates the risk level from these parameters. The responsible employee (e.g. risk manager) reviews the result and gives approval if the risk is to be included in the catalogue and the risk matrix. The matrix helps you to quickly recognise which risks have, literally, been assigned to the “red zone” and thus have a high damage potential and/or high probability of occurrence.
Traffic light symbols show you whether action is required for individual risks and findings. If you initiate a measure, link it to the respective risk or finding. The system informs the responsible person (e.g. risk owner) about the measure and the task you have formulated. The follow-up of the processing status is also system-supported: If the responsible person does not process his task within a defined period of time, he receives a reminder message. Traffic light symbols show you which tasks are still unprocessed, in progress or completed by which persons responsible. You can use recurring tasks/checks to document and monitor essential components of your internal monitoring system.
The system configuration allows you to adapt otris risk management to your company-specific risk definition and strategy. Parameters that evaluate risks/assessments and specifications for the risk map structure control the subsequent classification. You can adapt the system to your risk strategy largely on your own. For adaptations to company-specific workflows (e.g. approvals), otris consulting supports you.