RiskWatch Implementation Rescue - Total Implementation in Eight Weeks or Less

 CloudsRescueLarge

RiskWatch program implements a SharePoint or Access Risk Management system, assessment report, and process, satisfying board regulatory requirements and customized to meet your specific industry.  EnterpriseGRC Solutions comes on site or works remotely to provide all required products and training, documentation.  Once operational, EnterpriseGRC can either maintain the program or assure you in-house training for complete knowledge transfer.

Week One:

Team review of existing process and documentation, and future state agreement.

  • Create Custom online training slides.
  • Identify risk team and kick off process.
  • Distribute Risk Criteria Matrix to key stakeholders

Week Two:

  • Present training; Assist managers to document risks as aligned to position and department responsibilities;
  • Input High Profile Job Descriptions; Organization Titles and map to aligned to CobiT / ISO/IEC 17799:2005 controls, with emphasis towards segregated duties as recommended by Information Systems and Audit Control Association
  • Generate by consensus with all IT Directors first Agenda
  • Conduct first Meeting
  • Post Minutes and establish Portal for RiskWatch meetings, agenda, archives
  • Collect Risk Criteria first response summary

Week Three:

  • Assist managers to document risks
  • Generate Agenda and Post Minutes
  • Establish method for remote attendees and be on site to Conduct Second Meeting
  • Present initial job descriptions for affirmation, review standard associated duties and alignment to "CobiT/ISO" controls
  • Deliver Visio with job profiles (DSN) (see image)
  • Risk Criteria Matrix Second Run validation
  • Based on interview with managers, document job-related control anomalies; suggest changes in job definitions as might be indicated by organization chart
  • Kick off - Fragile Artifacts; Technology Resource Risk
  • Collect Application Names; System Names; Factors for review of system based Risk
  • Determine minimum monitoring profile and automated source data

Week Four:

  • Assist managers to document risks
  • Generate Agenda and Post Minutes
  • Conduct Third Meeting
  • Train new Risk Coordinator
  • Input and validate controlled objects; adding some items to RiskWatch as determined by significance and relative risk

Week Five:

  • Team confirmation of final risk criteria matrix; documented model explaining relationships between core systems and established risks
  • Continue to assist managers in documenting risks
  • Generate Agenda and Post Minutes
  • Conduct Fourth Meeting
  • Create Custom Reports and modify web forms using agreed logo and style sheet

Week Six:

  • Assist managers to document risks
  • Generate Agenda and Post Minutes
  • Conduct Fifth Meeting
  • Provide Peer Review to New Risk Coordinator
  • Refine Custom Reports and modify web forms for usability and consistency with other in-house products

Weeks Seven and Eight: 
(Remote support/teleconference 4 hours, project management 16 hours)

  • Critique risks as they relate to compliance requirements;
  • Supervise posting agenda and minutes;
  • Attend and critique risk watch meeting;
  • Further customize reports and data access to support custom lists such as usernames, application names, infrastructure items, provide risk response implementation plan oversight
  • Provide final Risk Management Assessment as measured by ISO/IEC 27001, COSO ERM and CobiT PO9 control titled "Assess Risk" and as relates to their specific industry regulatory requirements and business priorities

Form and Recording - RiskWatch Items

  • EnterpriseGRC Solutions will provide process and recording of key classes in Risk, allowing for an accredited process is Risk Management.

Figure 8 Application for Management and Reporting Enterprise Risk – Meets AS5 and OMB related requirements

RiskWatch process is built for Technology, Enterprise Corporate, Project Management Office and Internal Audit

Figure 8 Application for Management and Reporting Enterprise Risk – Meets AS5 and OMB related requirements

Application for Management and Reporting Enterprise Risk – Meets AS5 and OMB related requirements

Figure 9 Immediate High Level Reporting – One of hundreds existing reports – Easily customized

Immediate High Level Reporting – One of hundreds existing reports – Easily customized

Figure 10 Heat Map Shows Residual and Inherent Risk – Accounting Oversight Ready

Heat Map Shows Residual and Inherent Risk – Accounting Oversight Ready

Figure 11 Source Documentation shows Regulation and Standards – Instantaneous regulatory background reporting

Regulatory Mapping and associated laws that might also benefit or be affected by same requirements

<script src="//platform.linkedin.com/in.js" type="text/javascript"> lang: en_US</script>
<script type="IN/Share" data-counter="right"></script>