Speaker 1: Welcome to Corporator, Enterprise Risk Management Demo. This demo focuses on enterprise risk management which is one of the many solutions Corporator provides. To start with, after you log into the demo, you will be taken to the navigation page. On this page, you can view the demo version along with the release notes. By clicking on the release notes, you can access the complete list of updates that have been implemented in this demo. These release notes provide information on enhancements, fixes, and new features that have been added to the demo. The navigation page is divided into eight sections. These sections include risk register. This is where you can view and manage your organization's risk register which provides a comprehensive view of all the risks that have been identified and assessed. Objectives risk assessment. In this section, you can link the risks to your organization's objectives and assess the risk impact on those objectives. The risk treatments features a dashboard that collects information from all risks and displays treatment activities and their details. Critical assets. This section allows you to identify and manage your organization's critical assets and assess the risks associated with them. Top 10 risks. This section provides a high-level view of your organization's top 10 risks, enabling you to focus your risk management efforts on the most critical areas. Risk dashboards. In this section, you can view interactive dashboards that provide insights into your organization's risk profile. Risk reporting. This section provides a range of reporting options, including comprehensive and high-level risk reports that you can generate in real time. Lastly, the Help Center, which provides access to help resources such as help manuals for all the sections in this demo. Starting with the risk register page, this page features the organization's risk register. Take a look at the risk statistics provided in the top banner. These statistics are derived from aggregating all information from all the risks in the system. Each risk added in this demo will be reflected in the statistics. After completing this training, you can try adding risks yourself and observe how they impact the statistics. The risk register table displays details of all identified risks. Here, you can add a new risk or drill down to a specific risk by clicking on a risk name. In addition, the page includes a residual risk heat map for all risks. It includes as well charts that show risks per division, risks by category, and a risk register report that captures the most updated risk information. There are several actions you can take on this page, including going back to the main navigation, accessing the risk treatments page, and drilling down to a specific risk level. You can also add a new risk, but we'll get to that later. Let's drill down to a specific risk and discuss the pages at the risk level. We have now reached the detailed pages of the risk loss of key employee. In this demo, risk level pages include risk analysis and evaluation, existing controls, treatment activities, internal audit, and reports. On the risk analysis and evaluation page, risk information is presented, such as the risk description, risk owner, related objective, responsible division, related assets, and others. You can do a variety of things here, including assessing the likelihood and impact. You can also keep track of the risk's causes and consequences. At this point, the risk is still in the inherent stage and only basic information has been identified. The inherent risk is plotted on the heat map, which is 5 by 5 heat map in this demo. In the next page, we'll perform a more thorough analysis of the risk. Within this page, you will be able to see the current controls in place for the identified risk. To recap, a control is something an organization is currently doing to modify a risk, usually aimed at reducing or managing it. Controls can take various forms, such as policies, procedures, processes, or technologies that reduce a risk. Each control is assigned an owner, control type, and a level of effectiveness, which has a direct impact on the risk rating. The effectiveness level in this demo is measured on a scale ranging from control gap to fully effective. It is important to note that these levels can be customized and tailored to fit the specific needs and requirements of any organization. To see the various levels of effectiveness, feel free to edit the table and select the control's effectiveness. During this stage, a more detailed impact analysis is presented, outlining the operational, financial, and reputational impacts. By evaluating the detailed impact, along with the current controls in place for the risk, an organization can determine the residual risk, which is illustrated on the heat map. Now, the heat map displays both the inherent and residual values. The goal is to decrease the risk level to an acceptable risk tolerance level. If further reduction is necessary, the risk treatment activities are presented on the next page. On the treatment activities page, you will find a list of activities that have been implemented to mitigate or reduce the identified risk. Each treatment activity is assigned an owner, start and end date, progress, and budget. You can edit the treatments by clicking on the pencil icon, which opens the entire table in editable mode. Or you can add a new treatment by clicking on the plus icon. The next page is dedicated to the internal audit on risk. In this demo, the internal audit page provides information on internal audit activities related to a specific risk, focusing on controls and treatments. The controls evaluation involves assessing the effectiveness of controls based on design, operating effectiveness, documentation, and monitoring. After controls are evaluated, findings are documented. Then action plans and follow-up comments are added to track progress. The same process applies to treatments, where evaluations are performed based on design and implementation, level of risk reduction, and ongoing monitoring and review. The final page at the risk level is dedicated to reports. You have the option to generate three different types of reports. The first report is the risk report, which provides detailed information about the specific risk. The second report is the mobile report, which is essentially the same as the risk report but in a mobile-friendly format. Lastly, the risk treatments report outlines all the treatments that have been implemented to mitigate the identified risk. Take the time to generate each report and become familiar with the information provided in each one. The next section in the enterprise risk management demo is the objectives risk assessment. By aligning risk management strategies with objectives, organizations can ensure that their objectives are achievable and that they are making progress toward them. On this page, you can find the strategic objectives of the organization, grouped by each division. The performance status of these objectives is based on the strategic initiatives and key performance indicators that support them. Although in certain instances, the status of an objective may be impacted by associated risks, but this relationship is not demonstrated in this demo. Furthermore, this page provides you with the option to navigate to the main menu or drill down to a particular objective page. By clicking on a specific objective name, we reach the detailed objective level pages. The page for objective risk assessment displays the risks that have been identified for the objective. These risks are presented in a heat map and additional details about each risk are also included in a table. Additionally, the page shows the risk treatments that are associated with the risks identified for the objective. You can choose to navigate to a particular risk by using either the table or the heat map on the page. The second tab on the objective level provides a comprehensive overview of the performance of the given strategic objective. It includes key performance indicators that measure progress towards the objective, as well as any initiatives that have been undertaken to achieve it. On this page, you have the option to drill down to a specific KPI and initiative, allowing for a more in-depth understanding of the progress being made toward the objective. The risk treatments dashboard provides a comprehensive overview of all risk treatments in place. These treatments are there to address the organization's various risks. This dashboard is intended to provide insights and facilitate informed risk mitigation decision making. The risk treatments dashboard has the following key features. Treatment statistics, which is presented at the top. This section provides a high-level snapshot of the risk treatments currently in place, including the number of treatments, overall treatment implementation progress, their status, treatment's budget, and treatment's distribution across organizational divisions. This page also includes a table that summarizes all treatments, including treatment description, owner, start and end date, progress, budget, division, status, and related risk. This table includes many features, such as search, filtering, inline editing, and exporting to Excel. Note that treatments identified at the risks levels are automatically captured here. You can also find a comprehensive report capturing all risk treatments within the organization. You have the option to choose between PDF and Word formats. From this dashboard, you can either return to the main navigation page or go to the risk register page. Keep in mind that risk treatment dashboards are available in this demo at all divisions. In summary, the risk treatments dashboard provides you with valuable insights and tools to manage and monitor risk treatments effectively across your organization. The next section in this demo is the critical assets. Critical assets are those that are essential to an organization and whose loss or compromise would have a significant impact on the organization's ability to function effectively. These assets may be physical assets, such as buildings, equipment, or inventory, or they may be intangible assets, such as intellectual property, data, or reputation. In the context of risk management, critical assets are those that are identified as being at a high risk of harm or damage from potential threats or vulnerabilities. Therefore, it is essential for organizations to prioritize the protection of their critical assets through risk management measures such as risk assessments and risk mitigation strategies. On this page, you will see an array of statistics regarding all assets, such as the total number of critical assets involved in the risk assessment process, critical assets value, the number of identified risks associated with the assets, total risk treatments on the assets, the budget for all treatments, and the total value of risk exposure associated with the assets. This page also presents a table for each asset category, including IT, tangible, intangible, financial, and human resources assets tables. These tables include information such as the asset name, type, location, purchase date, current value, depreciated value, owner, and more. If you need to edit the information for all assets, you can click on the pencil icon located in the top right corner of the tables, which will open all of the fields for editing. Additionally, you can add new assets to the asset library by clicking on the plus icon in the top right corner of the tables, which will open a new asset form where all of the necessary details can be entered. Once an asset is added to the library, it will appear in the lookup field for all risks. Additionally, when adding a new risk, users are given the option to link it to an asset from this library. Let's now click on an asset to view the details of associated risks. The asset page includes asset risk statistics, identified risks in both detailed table and heat map, and the asset detailed card. For a more detailed view of a specific risk, you can click on a risk name to access the detailed risk pages. The next section in this demo is the top 10 risks. Top risks refer to the most significant risks that a company or organization faces. It is important for management to identify and manage the top risks in their organization for several reasons. By focusing on the most significant risks, management can prioritize their risk management efforts and allocate their resources more effectively. The top 10 risks dashboard includes a variety of tools and information to help manage top risks. At first, you'll notice a section that summarizes the statistics for these risks. That includes statistics on their priorities, categories, divisional distribution, risk treatment statuses, and budget. The dashboard also displays tables that detail these 10 risks and their treatments. From this dashboard, you can return to the main navigation page, go to a specific risk, or go to the top 10 risks prioritization page, where all risks are evaluated to produce only 10 risks. The top 10 risks prioritization page provides a systematic approach for evaluating risks based on specific criteria to determine their scores, which then leads to the top 10 risks. This page includes a table that lists all the risks identified in the organization. The table includes evaluation criteria, which are used to assess the risks and determine their prioritization scores. The criteria include residual impact, residual likelihood, risk exposure, relevance to objectives, risk management capacity, timing, legal and compliance, reputational, and financial criteria. It should be noted that these criteria can be changed to meet the specific needs of the organization. Each evaluation criterion is based on a scale of five levels, and you can choose the appropriate level for each criterion so the system can calculate the final score per risk. Once each risk has been evaluated against all criteria, and upon clicking finish editing, the total score for each risk will be calculated based on the weighted average of all criteria. For the purpose of this demonstration, all criteria carry equal weight. The 10 risks with the highest scores will then be automatically filtered in the top 10 risks dashboard. In the following section, I will cover the enterprise risk dashboards. It is important to note that Corporator offers flexibility in creating dashboards, and these are just three of the many dashboards that can be configured in the system for enterprise risk management. The first dashboard is the Organizational Risk Dashboard, which provides an overview of risks across all organizational levels, including corporate and divisions. This dashboard displays aggregated statistics for each organizational level, such as the total number of risks and their distribution by priority. Additionally, the dashboard shows statistics for risk treatments at each level, including the total number of treatments, their progress, and budget details. The dashboard also offers navigation to the risk register by clicking on the division name, or to the risk treatments dashboard for each organizational level by clicking on the corresponding risk treatments title. You can navigate to other dashboards using the top right area. The second Organizational Risk Dashboard provides an overview of risks across all organizational levels, including corporate and divisions. It uses risk heat maps to visually represent risk levels, allowing you to quickly identify areas of potential concern and focus on those risks that are most critical. The heat maps are interactive, allowing you to click on the numbers displayed in the heat map, which opens a pop-up table listing the risks in that particular color box. From there, you can drill down to a specific risk. The dashboard also offers navigation to the risk register by clicking on the division name. The third dashboard is the Enterprise Risk Infographics, offers a comprehensive view of the risks across the entire organization. The dashboard uses infographics to present the data in a visually appealing way, making it easy for stakeholders to understand the risks they face. The infographics are divided into three sections. The first is the Risk Distribution, which shows corporate risk statistics and details on each division. Then the Risk Treatments, which presents detailed statistics for treatments by division, status, and budget. The final section includes additional statistics such as the overall risk score for the organization over time and risk distribution across categories. Additionally, the dashboard provides you with navigation to the divisional level risk registers by clicking on the division names. In the following section, I will cover the Enterprise Risk Reporting. The Risk Reporting page presents dynamic reports that can be generated for the selected period. The reports are divided into three sections. The first section contains the Risk Management Reports. It includes the following reports. Enterprise Risk Summary. This report presents a summary of risk statistics at the corporate and divisional levels. Comprehensive Risk Report. This report is around 200 pages long and provides detailed risk statistics, risk register, risk treatments, and detailed reporting for each risk. Risk Register. This report presents the risks in a risk register format. Risk Treatments. This report present the treatments details in a table. Risk Report Sample. This report produces a sample report for one risk. The second section contains the Mobile Report, which is designed to match the mobile user experience, making it easy to view and read on mobile devices without the need to zoom in and out regularly. The final section includes archived reports that are easy to download. Note that reports are also available on many of the demo pages as well as at the divisional levels.