Archer Insight provides a built-in quantitative risk assessment methodology for enterprise risk management. Our quantitative assessment replaces the traditional heat map (or risk matrix) with a series of simple questions. It is designed to be carried out by the same people who carry out qualitative assessments using the same information and workflows, although it also provides scope for the consistent leverage of proprietary and industry loss data if desired.
Quantitative ERM is transformative because unlike traditional heatmap assessments, quantitative assessments address clearly defined, measurable quantities of risk occurrence and impact. Quantification removes subjectivity from risk assessment and allows like-for-like comparison of risks across the enterprise and over different categories of risk.
Our simple quantitative model delivers on the goals of the enterprise risk management program, enabling objective prioritization of risks according to how much loss they incur (expected loss, value at risk, conditional value at risk). This delivers significant value through reduction of incurred losses by ensuring that resources, time and attention are directed at the most important (and expensive) risks.
Though simple, our quantitative assessment contains sufficient information to allow the losses and impacts from risks to be calculated in aggregate and individually. Insight leverages the Archer platform to represent business and risk taxonomies within the enterprise, such as organizational hierarchies, functional hierarchies, risk taxonomy, product and asset catalogs, or any other structures identified in Archer. Risks are assigned to various entities or categories within these structures, often in connection with the assignment of ownership to specific individuals. Insight can then provide a like-for-like comparison between the total annual losses across these entities and categories.
Quantification uniquely delivers the ability to defragment the highly fractured risk landscape that results from 100s, perhaps thousands, of instances of risk. Quantification provides a clear, but multi-faceted view of how risk exposure is distributed across the enterprise. This delivers substantial value by ensuring that resources, time, and attention are focused on the right risks in the right parts and levels of the enterprise.
One of the key goals of all Enterprise Risk Management is to establish a framework within which controls may be monitored and audited. Archer Insight also supports quantitative risk and control assessments, which tie directly to the Controls Procedure library established in Archer. The output of this workflow is an explicit calculation of the loss prevented by each control assessed in the control framework. Quantitative ERM not only works to help reduce
losses but also supports cost-benefit analysis, allowing a comparison between the costs of controls and the loss savings they deliver.
Features
• Built in GRC quantitative risk, does not require integrations or third-party contracts.
• Flexibility of Archer data model with prescriptive quantitative method.
• Builds on familiar risk management practices and risk register.
• Designed for risk owners with point of departure in the same information and workflows.
• Calculates expected loss, median loss (p50), value at risk and conditional value at risk (conditional expected shortfall) for risks and aggregations.
• Near-instantaneous calculation time using proprietary analytical convolution method.
• Simple assessment of current risk exposure.
• Assessment of combined effects of current controls through assessment of inherent risk exposure.
• Full assessment of individual controls through risk and control Assessment.
Benefits
• Reduce losses by prioritizing management of the most important and expensive risks.
• Remove the subjectivity from risk assessments.
• Enable cost-benefit analysis and control optimization.
• Enable aggregation at enterprise and entity levels for greater visibility, clearer prioritization of risk management resources and further reductions.
• Transform your risk management program from a cost center to a value center.
