Building blocks of our risk management!
In order to assess the criticality of a risk, our risk rule sets comprehensibly show the individual …
- targets and
- Possible risk treatments
The aim is the technically sound integration of the rule sets into the company’s existing internal control system.
The following risks are considered and described for the authorisations:
- Business management
- Data protection law
Impact / Risk level
The risk potential of an authorisation is classified by forming a criticality score.
The following areas are evaluated here:
- Regularity (accuracy, completeness…)
- Security (confidentiality, integrity…)
- Other criteria (fraud, data protection…)
Scope of application / Process description
The following aspects form the basis of the description:
- Detailed scenario description
- Comprehensible derivation of the risk
- Qualitative description of damage
Four important aspects are considered and described for goal setting:
- Target (ideal state of the scenario)
- Objective through compliance with the target
- Risk treatment (active or passive)
- Organisational compensating controls