Leading software solutions for operational governance

Enterprise Risk Management

Click here to Request a Demo

Overview

MEGA’s enterprise risk management solution facilitates risk mapping, assessment, and control, enabling your organization to:

  • Improve the quality and effectiveness of risk management processes
  • Assess risk in collaboration with business users
  • Automate the consolidation and communication of your organization’s exposure to risk

Your risk management department is responsible for assessing your organization’s exposure to risk, ensuring that risks are controlled appropriately by all departments, and verifying that all business units are using the same risk assessment method.

MEGA’s enterprise risk management (ERM) solution was developed to support risk managers and risk owners throughout the risk assessment and control process, with a personalized interface for each user profile.

A collaborative workspace, workflows, and a shared repository help stakeholders share information and knowledge, leverage existing standards, methods, and documentation, and ensure full data traceability.

The solution’s graphical modeling capabilities ensure improved risk mapping clarity. Risks are mapped directly on your organization’s business process diagrams, which can be adjusted according to risk exposure. Facilitated collaboration with business process managers helps strengthen the risk-based culture throughout your organization.

Based on the best practices outlined in international standards and frameworks like COSO, ISO 31000, and ISO 27000, MEGA’s enterprise risk management (ERM) solution covers the entire risk management process and can be easily configured to fit the structure of your risk management department.

Risk mapping phase: Identifying risks and setting up a risk library

Risks can be mapped in one of two ways: top-down or bottom-up. In both cases, risk managers are the ones responsible for setting up and maintaining a risk library. This entails identifying risks, categorizing them, associating them with a given situation, and determining the appropriate control systems to mitigate them. Our ERM solution offers a user-friendly interface and graphical mapping capabilities that make completing these tasks easy.

Risk assessment phase: Measuring and consolidating risk

Risks are assessed by experts and by risk and control self-assessment (RCSA) processes where risk owners are asked to complete questionnaires on a regular basis to ensure that the organization has an updated picture of its exposure. One of the main advantages of our ERM solution is that risk can be assessed for a particular process or business unit. Measurements are then aggregated by situation and by risk.

Risk treatment phase: Monitoring risks and following up on action plans

When exposure to a given risk is high, risk managers can decide to either accept the risk as-is, reduce it, provision for it, or insure (outsource/transfer) it. If a risk manager decides to reduce a risk, then the appropriate controls and action plans must be implemented. Controls are generally preventive and long-term in nature, while action plans are corrective and time-bound. With our ERM solution, users can submit action plans, approve them through a workflow, and track progress via reports.

Our secure, web-based ERM solution is powered by HOPEX, our signature platform integrating all MEGA operational governance software. This means you get greater synergies and collaborative efforts among departments, as well as a clear, shared view of key information about your organization. Our HOPEX platform helps ensure that all stakeholders are working toward the same goals and supporting your organization’s operational governance strategy.

Features

MEGA’s web-based, business oriented enterprise risk management (ERM) solution is powered by HOPEX, our operational governance platform. Secure data access, workflows, and reports can be configured for each user profile. The solution is designed to support risk managers and risk owners at every stage of risk management process implementation.

The solution’s collaborative workspace and shared repository ensure that all of the data and documentation required to execute and track risk management are shared, traceable, and secure.

The standard configuration is based on recommendations and best practices developed by leading professional organizations, international standards, and MEGA’s extensive experience in the risk management field. Our turnkey solution can also be configured to fit your risk management department’s particular structure and methods.

Our ERM solution covers the entire risk management process. The standard configuration offers the following features for each user profile.

1. Risk mapping phase: Identifying risks and setting up a risk library

Identifying risks – Risk managers and risk owners

  • Risk identification using a top-down approach: Risk managers identify risks and ask risk owners to assess them
  • Risk identification using a bottom-up approach: Risks are identified by risk owners and submitted to the risk managers

Setting up and managing a risk library – Risk managers

  • The risk manager sets up a risk library: Risks are identified, categorized, and associated with a given situation and the appropriate control systems to mitigate them
  • Indicators and analytical and summary reports are generated to facilitate risk library management

Graphical risk maps – Risk owners

  • Risks are mapped in relationship to their context (business processes and business units) using the solution’s graphical risk mapping capabilities

2. Risk assessment phase: Measuring and consolidating risk

Assessing risks – Risk owners

  • Risk assessments are performed by an expert, or a risk and control self-assessment (RCSA) is carried out
  • Risk assessments are executed in relation to the associated business processes and business units
  • Automatic alerts are generated and self-assessment questionnaires are sent out at predetermined intervals to ensure that the organization has an updated picture of its exposure
  • The solution establishes key risk indicators (KRIs), which are updated by business users

Consolidating risks – Risk managers

  • The different measurements for a given risk are aggregated and exposure to the risk is automatically calculated for each business process, business unit, type of risk, and  risk exposure
  • Future risk exposure is forecasted based on measurements from previous years and the implementation of action items

3. Risk treatment phase: Monitoring risks  and following up on action plans

Monitoring risks with appropriate controls – Risk managers and risk owners

  • The response to each risk is determined: accept as-is, reduce, provision, or insure
  • Appropriate controls and action plans to reduce the risk are determined and implemented
  • Action plans are submitted and approved through a workflow

Following up on action plans – Risk managers

  • Reports are generated to facilitate tracking progress on action plans
  • The effectiveness of action plans is measured by comparing the inherent and residual risk exposures

Benefits

Your risk management department is responsible for assessing your organization’s exposure to risk, ensuring that risks are controlled appropriately by all departments, and verifying that all business units are using the same risk assessment method.

MEGA’s enterprise risk management (ERM) solution helps risk management departments map, assess, and control risk so that your organization can:

Improve the quality and effectiveness of your risk management process

With our ERM solution, your risk management department can set up and manage a structured risk library. Risks are categorized by objective and type, and associated with the relevant business processes and business units. All changes are tracked in the shared repository, ensuring a single source of data and facilitating audits. Reports, dashboards, and a shared repository to centralize all data each improve the follow-up on your action plans. Automatic reminders are generated to check progress on the implementation of action plans. The solution also automates risk self-assessment questionnaires, lightening risk managers’ workloads so they can focus on the least-repetitive tasks.

Assess risks in collaboration with business users

Our web-based ERM solution is designed to be easy to use by all employees involved in risk management processes. Data are stored in a single repository, and the solution’s collaborative workspace makes it easy for multiple departments to work together. A given risk can be assessed by the risk owner, the risk manager, an internal controller, and an auditor – all with customized views based on their roles and responsibilities so they only see what’s relevant to them. Their insights can then be compared so that the most appropriate decisions can be made.

Automate consolidation and communication of your organization’s risk exposure

Our ERM solution features a variety of reports and dashboards to monitor risk status, compliance, and the implementation of appropriate controls. An advanced aggregation engine calculates consolidated risk for each business unit or business process. And, because all information is centralized in a single shared repository, the data used to generate these reports and dashboards are consistent and reliable. Email and alert capabilities facilitate the communication of information to all stakeholders, giving decision makers the insight they need to manage, control, and optimize your organization.

Our secure, web-based ERM solution is powered by HOPEX, our signature platform integrating all MEGA operational governance software. This means you get greater synergies and collaborative efforts among departments, as well as a clear, shared view of key information about your organization. Our HOPEX platform helps ensure that all stakeholders are working toward the same goals and supporting your organization’s operational governance strategy.

Resources

Learn more about our enterprise risk management resources and publications:

Customers

Read what our customers have to say about working with MEGA on their enterprise risk management projects: