Power Framework RISK provides full Enterprise Risk management capabilities, with customizable features for risk identification, assessment, treatment, governance and reporting for strategic and operational risks.
It has been developed to place risk management into the heart of the collaborative Microsoft cloud platform that is strategic to your organisation.
High-Level Processes
Here is a high-level overview of the processes that are supported by the application:
Risk Identification
Risks are captured by application users across the organisation, organised into Business Units that reflect the hierarchy of the organisation. Risks are categorized in various ways, to drive views and reporting as well as business logic for risk scoring. Analytics are further enriched by relating risks to other data sets such as vendors or projects.
The system distinguishes Strategic Risks and Operational Risks. Operational risks are continuously raised and managed by business units, whereas Strategic Risks are are relatively static and monitored by the Executive Team. Operational risks can be linked to the Strategic Risk that they impact.
Risk Assessment
Risks are assessed repeatedly, with an initial inherent risk assessment followed by periodic residual assessments. Each assessment assesses Likelihood and Consequence, and Risk Rating and Risk Appetite RAGs are re-calculated time based on settings defined against the major Risk Category attached to the risk.
As part of the assessment, we will define a high level mitigation or management approach and start to define mitigation tasks to be assigned to team members.
Optionally we can attach relevant Risk Controls from a library of controls stored in the system, defining processes and policies implemented to manage and mitigate risks.
Risk Monitoring
Throughout the live of the risk a routine monitoring process will continue to perform the following activities with the help of the system:
- Raise, assign and track tasks to manage and mitigate the risk
- Periodically re-assessing the residual risk score
- Raise any issues that materialise and can be linked to the risk
- Escalate the risk to the managing business unit for attention higher up
Risk Closure
Operational risks may eventually be closed down, if they have been fully mitigated and require no further attention.
Risk Governance and Reporting
Risk managers have the ability keep track of all aspects of the risk portfolio, with reports delivered through Power BI. This includes the ability to identify overdue tasks and monitor trends.
Supporting Features
The application has rich features to support the above processes, such as:
Access Security
User are assigned roles and optionally associated with specific business units. These security containers are configured to define what the user can do and see in the application.
Workflow Automation
Workflow automation is deployed using Microsoft's automation service Power Automate. Some escalation and approval workflows are supplied out of the box.
Data Snapshots
The solution is supplied with a Power Automate workflow that can be scheduled to run periodically (e.g. monthly) to copy the risk table to a time stamped snapshot table. This is the source for historical trend reporting.
Integration
The solution offers the opportunity to deploy integration with organisational data sets. Bringing in data from other databases enables the tagging of risks for richer analytics. Out of the box the tool has tables for Vendor Accounts and Projects, which can be populated from external systems. With that, a risk can be tagged against a vendor or project, which then allows instant view of risks by vendor or project.
Watch This Video
This video provides a high-level demo of the solution and explains concepts and benefits.