Risk Management Business Process

XeroRisk can support a wide variety of business risk processes depending on the needs of your organisation. As a standard configuration, XeroRisk identifies unique risks, issues and opportunities using a risk score of 1 to 25. This is derived from the likelihood of the risk actually occuring multiplied by the highest impact criteria. For issues, the likelihood is always 5 (certain) as the risk has actually occurred.

Impact Criteria

XeroRisk can be configured with any number if impact criteria against which a risk or issue can be tracked. Support and guidance for the chosen criteria and their respective levels is contained within the XeroRisk application, ensuring that everyone scores risks against a common scoring framework. The criteria defined as standard are:

• Financial - Assesses likely cost to the business if the risk actually occurs, taking into account the overall effect on the business to withstand the issue or mitigate it down.

• Operational - A number of sub-categories to allow assessment of the risk against its ability to disrupt the business or to place the business in breach of legal or regulatory demands. These sub-categories are, using a water utility as an example:

  • Reputation - Impact of the risk in terms of loss of reputation.

  • Health & Safety - Impact of the risk in terms of breaches to health & safety legislation.

  • Security of Supply - Impact of the risk in terms of failure to deliver water or waste water services.

  • Legal, Regulatory - Impact of the risk in terms of breaches of license conditions or mandatory legislation.

• Likelihood - The chances of the risk actually occurring and becoming an issue. Issues are, by definition pre-set as they have actually occurred.

Risk Co-ordinators

No corporate risk management system can ever hope to ensure risk impacts or likelihoods are consistent across your entire enterprise, as by the very nature of corporate risks, they can cover any and all subject areas. Your process will rely on the judgement of risk co-ordinators, whose role is to ensure that the risk framework is applied consistently by modifying the risk scores where appropriate.

XeroRisk provides comprehensive support to the risk co-ordinators, by ensuring they are aware of risks raised within their areas of responsibility and notifying them using a variety of media (email, SMS & flags) when risks or action plans breach pre-set limits or dates. Co-ordinators typically also use the extended reporting capabilities to produce daily, weekly or monthly risk management analyses for senior management.

Corporate Governance

The true value of XeroRisk is in its ability to provide the corporate board and senior managers with completely up-to-date snapshots of the global risk exposure faced by the business, including metrics on the performance of the companies risk management process.

Risk management is not about avoiding risk, but about taking careful strategic decisions to accept risk in return for improved business performance. XeroRisk allows the key decision makers in the business to assess each aspect of the business and to make informed decisions on future company strategy and policy. As an organisation improves its risk taking through the deployment of a well thought through risk framework, XeroRisk can adapt to provide greater flexibility and functionality to support the maturing process.