t-Risk was developed to support corporate security risk managers in their integrated risk analysis and security planning. It is an analytical tool that helps in the identification, analysis and assessment of risks. In other words, it covers the entire process that occurs between data collection and risk management planning.
The t-Risk platform uses a deconstructive method, as it transforms a large and difficult problem into small problems. It will help you find solutions that harmonize property security with business development, acting to reduce the vulnerabilities that affect the critical success factors (FCS) and objectives of your organization or client company.
Click in one of the projects, the user will find the menus of the large work blocks:
Customers, Parameters, Risk Assessment and Settings.
In the Customers block, customer data are registered and your projects. The system shows the updated comparison of performance indicators.
In the Parameters block, the user provides information on monthly invoicing, number of employees, existing controls (resources) etc. Following the instructions, the user defines the risk profile of the organization, the profiles of the evaluators and the weight that each one will have in the allocation of values.
These two blocks, Customers and Parameters, gather the data for the setting the context. In them, for example, the Critical Success Factors of the Reference System (company or organization) and the risk tolerance profile obtained from the customer are informed. In a later step, the system will show whether the controls will leave the Reference System (company or organization) within the risk tolerance profile indicated by the customer.
The Risk Assessment block is dedicated to identifying, analyzing and evaluate the state of the Reference System, in relation to property security, and define the appropriate security controls. By filling in the data, the user will complete the following assessment modules: Risk level; Risk x Risk Matrix; Matrix Critical success factors; Existing control x Necessary control; Reduction of expected loss; SWOT matrix; Action plan; and Completion report.
The establishment of the risk level begins with the Mosler method, which deals with the factors involved in a given risk with the least possible subjectivity. The Mosler method is based on six criteria, which are assigned weights from 1 to 5, depending on the degree of influence. These are the criteria: function, substitution, depth, extent, probability and financial impact. More details are provided by tutorials on t-Risk.
Weight allocation may require the work of a consultant in conjunction with people who know the SR in depth. In such cases, it is recommended to set up a small committee with representatives from different areas of the client company. The more diverse the profiles, the more balanced the weights will be. The weights given by the consultant may be worth two or three times higher than the others. It is recommended that there be one or more evaluators for every 500 employees. T-Risk records and points out the degree of reliability of the assessment.
Still using the Mosler method, the system creates four new columns in the table: importance of success, damage caused, magnitude of risk, expected loss and risk evolution.
Risk evolution (ER) leads to the classification of risks in order of importance for the organization''s objectives and Critical Success Factors.
Right next, t-Risk shows the Risk Level matrix, of four cells, with the relationship between the risk factors and their consequences.
This matrix leads to two tables: the first one contains recommendations for treatment and the second shows how the risk classification would look with the treatments indicated.
Risk x Risk Matrix
In this block, the user assigns weights to the degree of influence that each risk has over the others. T-Risk calculates the motricity of a risk to drive other risks and the dependence on each one. Tutorials and explanatory tables guide the step by step for the user to reach the Risk x Risk matrix, an important element of analysis.
Critical success factors Matrix
To quantify the degree of influence of each risk on Critical Success Factors, the user assigns weights ranging from zero (no influence) to four (high influence). In return, the system produces tables and graphs that demonstrate the vulnerability of each Critical Success Factor listed.
Existing control and necessary control
The user assigns points to reduce each risk in the presence of controls. The points range from minus 10 (big reduction) to zero (no change). The system issues a report on the efficiency of handling risks, with tables and graphs. The results form the basis for the next step, which is the grading of controls into levels.
The system generates a highly informative graph comparing the existing controls with the necessary controls.
A table with the security controls, in its three modalities (human, organizational and technical) guides the user as to the recommendations that he should make to his client.
Reduction of expected loss
New table informs the expected loss in cash, which provides an estimate for the volume of effort and capital to be invested in the controls for each particular risk.
In the next step, the expected loss reduction values are obtained after implantation of the recommended controls - RPE. T-Risk spells out investment priorities, with cash values. The decrease in expected loss allows the client to reason about ROI in risk mitigation.
A SWOT matrix helps the user to see the best ways to take care of controls and points of attention.
In this step, the user applies his expertise to make his recommendations regarding the actions to be taken. External physical barriers, alarm system, closed circuit television, access control, policies, standards, procedures, electronic systems are some of the most efficient security features known.
The first risks to be addressed can be those with very high motor skills and very high dependency. The destination of investments, however, will be decided by the client.
However the action plan may be, there will always be residual risks. To eliminate the risk for good, it would be necessary to eliminate the generating activity.
Finally, the system generates a report
Best practices for managing risks
The t-Risk Platform follows international best practices for managing corporate security risks.
What is the international standard ISO 31000 and what is it for?
The ISO 31000 Standard is a set of principles to be followed in order for risk management to be efficient, consistent and effective. It is a guidance document for organizations to implement and develop integrated risk management systems.
It was designed to be applied by any type of organization (private company, public company, community entity, association, group or even individual), in the most different actions, such as decisions, strategies, operations, processes, functions, projects, in addition to management of products, services and assets.
Increasingly, companies are establishing formal risk management processes. Using ISO 31000 as a basis for the analysis of practices and processes is to manage risks by identifying them, analyzing them and evaluating them according to the organization's risk criteria.
The application of ISO 31000 brings direct and indirect benefits, since the systematic, transparent and reliable management of risks affects the operation of the entire company. The benefits start with establishing the context, directly linked to the understanding of the organizational objectives, the internal and external environments, the stakeholders and what risk means for each organization in particular.
The ISO 31000 Standard directly addresses the needs of these stakeholders:
- those responsible for developing the risk management policy;
- those responsible for ensuring that risks are effectively managed;
- those who need to assess an organization's effectiveness in managing risk;
- developers of standards, guides, procedures and codes of practice.
Risk management guided by ISO 31000 enables the organization to solidify the pursuit of its objectives, inspire proactive management, pay attention to risks throughout the organization, better identify its threats and opportunities, adhere to international standards and regulatory requirements, improve its governance, minimize losses, and many other benefits.