The world’s first software-as-a-service (SaaS) IT Risk Assessment Tool
The Information Technology Risk Assessment Tool makes it easy to identify, assess, mitigate and manage IT risks
Configuring the Information Technology Risk Assessment Tool
Configuring Risk Factors by Industry Sector
The Information Technology Risk Assessment Tool comes pre-loaded with over 650 different risk factors, which have been set to default settings based on the relevance and relative importance of the risk factor to the industry sector and the type of assessment being conducted, for example, some risk factors are relevant to certain sectors or only apply when only conducting external risk only assessments (e.g. where there is reliance on a third party).
The ‘company administrator’ role has user permissions to configure and calibrate the Information Technology Risk Assessment Tool to meet the organisations requirements. This usually involves reviewing questions and determining which ones should be disabled or adjusting the risk score (if required) from the default setting, which impacts the weighting and score for a particular risk factor.Simply click the edit button and the screen becomes editable…
Modifying Risk Scores by Risk Factor
Now the risk factors are ready to be configured, the ‘company administrator’ user can reduce or increase the weighting of a particular risk factor by industry sector from 0 to 5. The score assigned determines the weight that the question receives and is used in the Model Assessment Rating Scores section of the PDF report (see Generating the IT Risk Assessment Report section). If 0 is selected, this has the effect of disabling the risk factor, so that it never appears when the ‘end user’ conducts and assessment. Where the risk scores are adjusted from the default settings a comments field will appear so that the rationale for the modification can be explained for future audit purposes. Using the edit mode, the user can modify the language used in the question or assumptions, the group, category or sub-category, as well as the answer type can be modified. There are different answer types since sometimes answering Yes can be positive (and not score) or can be negative (and included in the score).
Modify Weighting of Categories and Sub-Categories
The Information Technology Risk Assessment Tool also allows ‘company administrators’ with user permissions to adjust the weighting scale at either (or both) the Category and Sub-Category level (this screen depicts an adjustment at the Category level). The effect of this is determining for a set of risk factors (which are grouped in a hierarchy, first under a sub-category, then category, then group) what constitutes a Low, Medium or High result.
For example, if there were 5 risk factors under a sub-category, each with a maximum weight of 5 the maximum score for these risk factors would be 25, but an organisation may consider that across the 5 questions even if a score of 15 was obtained that this should be considered High risk and therefore could adjust this accordingly, along with adjusting the slider for the Low threshold. This has the effect of allowing every different category and sub-category to determine the ‘threshold cutoffs’ for each threshold.
Jurisdiction Risk Rating
The Information Technology Risk Assessment Tool includes a jurisdiction risk dimension (as well as a dynamic ‘drillable map’), which assesses the risks of doing business in over 260 different countries and territories.
The inputs to the jurisdiction risk assessment are from another of our product offerings – www.countryriskassessment.comwhich assesses 25+ different sources (e.g. transparency international, world bank, united nation surveys, freedom index etc.) and has the various rating scales used on these different surveys to normalise this on a scale from 1 to 10 (low to high).The ‘company administrator’ can use the default settings or they have the ability to edit and adjust the country risk rating, where required. There is also a comments field where any adjustments to the out-of-the-box default settings can be explained for future audit purposes.
Add New Group
The Information Technology Risk Assessment Tool is fully customisable and allows organisations to add different dimensions across the entire model whilst maintaining the complex calculation logic that underpins the model. There is a 4 tier hierarchy used in the model – Group, Category, Sub-Category and Risk Factors (Questions).
This screen can be used to add a new Group to the core dimensions of the model. By setting the assessment type (e.g. Full, External Risk Factors Only or Internal Risk Factors Only), this determines when the Group will appear in the model.
To remove Groups from the model click the X first and then the Bin icon, but be careful, removing elements of the out-of-the-box settings is not (easily) undone!
Add New Category
Similarly, the Information Technology Risk Assessment Tool allows new Categories to be added to the model and a weighting applied, which serves to adjust the relative weighting of categories against each other.
Add New Sub-Category
The Information Technology Risk Assessment Tool also allows company administrator users to add new Sub-Categories or modify/delete existing sub-categories. Setting the risk score thresholds to determine the cutoffs for what risk score constitutes a Low, Medium or High score is easily achieved using the slider control.
Add New Global Model Questions (Risk Factors)
The Information Technology Risk Assessment Tool allows additional risk factors (questions) to be added at the click of a button. Simply click the ‘Add New Global Model Question’ link and add the Question, Risk Assumption, Answer Type, Risk Score, Assessment Type and click save and the added question will appear in all future risk assessments and will be automatically be included in the Model Assessment Rating Score section of the PDF report.
The Information Technology Risk Assessment Tool contains a slider control for adjusting the threshold cutoffs for determining Low, Medium or High risk across all dimensions of the model (e.g. Group, Category or Sub-Category). On the right hand side is the default range and the custom range is on the left hand side can be adjusted using the slider with a place for comments to explain the rationale for changing the default range.
Why not sign up for an obligation free trial today?
Contact us and we will provide you with access to a limited functionality no obligation free trial today!