Self-evaluation risk
The operational risk is inherent in all activities and processes of an organization. In the operational risk self-evaluation, the risk matrix is constructed according to the frequency and impact of the events (Incident, Problem or Workflow). Self-evaluation is designed to identify and assess the potential risks that may arise and in particular those that can cause considerable losses. It is a quantitative evaluation technique whose base is the information collected on the events that occurred.
Risk plan revalidation
From this version, it is possible to make the management about risk plans revalidation that have revisions. With that, one can anticipate a risk plan revalidation. The plan revalidation functionality of the risk plan is an important tool to ensure that the risk and control analyzes are updated periodically.
Evolution in treatment management and response to risk
The treatment of risks involves the selection of one or more options to modify the risks and the implementation of these options. This planning step aims to develop alternatives and actions to increase opportunities in relation to risks with a positive impact and reduce the threats related to risks with negative impact. The availability of the treatment and risk response screen, together with the risk analysis data and the view of the treatments in the structure of the risk plan, helps in the objective of developing options to modify the risk.
Importing risk and control attributes
To import values for the attributes of the risk and control, the RICONTROLATTRIBUTE (Value of the control attribute) and RIRISKATTRIBUTE (Value of the risk attribute). The documentation of the new interfaces is in the Integration guide of the SE Suite 2.0.
Customization of the terms in the view profile
Risk evaluation have various terminologies depending on the context in which the risk analyzes are being carried out. For example, we may have inherent or gross risk evaluation when referring to the first risk evaluation, regardless of the controls and treatments. Based on this, in the view profile screen, it is possible to choose the terms and acronyms that best represent the context of the organization that is doing the risk management.
Allow changing name, icon, color and description of the results of released evaluation methods
Some evaluation method information can be revised without the need to create a new revision. In this way, the change of the name, icon and description of the results of the evaluation method was made available, mainly because the information that undergoes many changes during the implementation phase of risk management, therefore, it is not necessary to create new revisions if the structure of the method of evaluation remains the same.
"Detective + Preventive" configuration for the control
In some cases, the control can be detective and preventive and in this way, the residual risk calculation should consider the effectiveness of the control for the two axes of the risk matrix. Due to these situations, the "Detective + Preventive" option was included as control characteristic.
New general parameters
The General parameters are configurations for customizing the SE Risk on customers. Therefore, in this version were made available three new parameters. The first two parameters are to make the filling in the "Automation type" and "Control characteristic" fields mandatory, on the record and control analysis screen and the third parameter is the customization of the "Response to risk" for the treatments.
View risk – Risk and risk analysis vision
In the risk view it is possible to visualize all the risk analyzes and their evaluations and from this version, a view of the risk was added. The view of the risk groups all risk analyzes, controls, events and action plans of a risk.
