Pelican
Quantitative Risk Register
What is a risk register?
A risk register, sometimes called a risk log, is a database of risks used to identify, assess and manage risks, particularly operational risks (losses caused by human error, failed processes, fraud, etc.). It is also typically used to fulfill regulatory compliance by documenting and reporting identified risks.
A risk register will list the risks that are considered the most threatening to the organization. The risks often have some potential financial impact, but they can also include other dimensions like injury, environmental impact, and loss of reputation.
How a risk register supports risk management
Identifying all the operational risks that are faced by an organization, and then assessing their likelihood and potential impact, enables the organization to rank risks and focus mitigation efforts on managing the most important risks. Listing all the control and mitigation efforts, along with who is responsible for ensuring those efforts are implemented and maintained, makes it possible for an internal audit function to check whether the processes are being followed.
A risk register mostly addresses event-driven operational risks like accidents, failures to comply with a law, fraud, errors in business processes, etc. It is unsuitable for assessing commercial risks that threaten the strategic objectives of an organization, like the effects of competition, changes in market size, inflation, supply chain uncertainty, cost overruns, or delays in launching key products. Other analytic tools like ModelRisk and Tamara are used for assessing these risks.
The value of a quantitative risk register
Qualitative risk registers, although common, do not provide the necessary information for effective risk management. Pelican’s risk register is fully quantitative. Risk quantification provides numerous benefits that are not possible with qualitative methods:
-
Unify the risk management strategies across the different disciplines of an organization
-
Unambiguous, flexible evaluation of risks that make the greatest use of available information
-
Precise risk ranking to identify the key risks that jeopardize the achievement of corporate objectives
-
Aggregation of risk exposure and compare against your risk tolerance
-
Evaluate and optimize the effectiveness of risk management strategies
-
Use cost-benefit analysis to maximize the efficiency of risk treatment
-
Save on insurance premiums by optimizing coverage parameters
Trusted By:
Key features of the Pelican Risk Register
Incorporate multiple impact types into one analysis
-
Extend beyond purely financial losses to risks that impact safety, the environment, ESG measures, service availability and other key performance metrics
-
Assign suitable impact scales by entity, e.g. by each entity’s financial capacity
-
Maintain global definitions of impacts that match your organisation’s good corporate citizenship policy
-
Balance how to assign resources appropriately where there are several impact types
Interconnected Bowtie diagram
-
See your risk management strategy immediately with easy and natural visual description about how a risk event can occur, what the consequences might be, which controls you can add that could stop that risk from occurring or reduce the chance or size of the consequences.
-
Understand how risks interact with each other.
-
Use the Bowtie editor for brainstorming
Risk Management overview
-
A live, user-friendly and customizable risk reporting and monitoring platform, accessible by PC, tablet or smartphone
-
Reports tracking the top risks, their evolution and the execution of critical risk management tasks
-
Customizable key performance indicators for each entity
-
Customizable key risk indicators to track emerging trends in risk exposure
-
Comparison of risk profiles and metrics across different entities, projects and regions
-
Rich and customizable ability to describe, integrate and compare any types of possible risk consequences – from financial loss to H&S, from availability to project delay
-
A hierarchal structure for the enterprise, down to any required level
Detailed risk strategy information
-
Assignment of specific risk treatment tasks and responsibilities to individuals
-
Tools for identifying the weak points in the overall risk treatment
-
Methods for visually mapping out the strategy around each risk, with automated quantitative risk evaluation and mapping to the risk appetite
-
A harmonized risk appetite tool that can be tailored to each business entity or project
-
Automated analysis to show your business’ dependence on third parties for the management of your risk exposure
-
Tools for evaluating the cost-effectiveness of individual risk management controls, accounting for the different types of impacts that can be faced, and any cascading risks
Powerful risk analysis tools
-
Tools for evaluating the capital that should be allocated to cover potential financial losses at a required level of confidence
-
Tools to reflect the interactions between risks at any level of complexity, and to show the resultant influence, importance and cost-effectiveness of any specific risk treatment
Implementation and monitoring of risk management strategy
-
Individual profile pages displaying risk management tasks that need to be completed
-
Overview of owners of risks, their management components and consequences showing how much reliance is placed on key individuals
Auditing and reporting features
-
A complete log and recorded history
-
Customizable online and published reporting
-
Ability to drill down and search for any risk, review the status of any risk treatment action, review the performance of any actor
-
Risk management tools to achieve compliance with all current regulatory standards including ISO 31000, COSO ERM framework, BS 31100, OCEG Red Book, and FERMA
Pelican Risk Register features overview
What the Pelican Risk Register is not
The Pelican Risk Register is not a Governance, Risk and Compliance (GRC) system. GRC systems offer flexible workflow configurations designed to operationalize business processes and ensure that people follow them. GRC systems manage strict and complex regulatory and industry requirements across corporate environments and may involve thousands of users. A by-product of such systems is the evaluation of the risk of failing to meet such requirements.
The Pelican Risk Register can be integrated with a GRC system to import the risk evaluations into its register and thus incorporate GRC risks into the broader picture provided the GRC system uses quantitative evaluations in their risk assessment. One such example is Archer, the largest GRC system vendor. Archer Insight is Archer’s risk quantification offering. A version of Pelican, rebranded as Archer Insight Workbench, offers Archer clients the full suite of Pelican tools that incorporate Archer data.
The Pelican Advantage
Complete understanding of risks
The control and mitigation strategies for these risks are coordinated across the enterprise and seek to protect and enhance the value of the enterprise, not just one element of the business.
Coordinated management of risks
The control and mitigation strategies for these risks are coordinated across the enterprise and seek to protect and enhance the value of the enterprise, not just one element of the business.
Consistent evaluation of risks
The evaluation of these risks is based on a methodology that is consistent throughout the enterprise and allows the portfolio of risks to be aggregated up through the entity structure of the enterprise.
Shared responsibility for risk
The responsibility for executing the risk management plan is shared appropriately amongst the employees of the enterprise. In essence, employees work as a team. Risk (and opportunity) identification, assessment, management and communication is a shared responsibility and an integral part of the enterprise’s culture.