If as a child you marveled at watching the simple, fascinating micro-example of physics of a pebble dropped into a puddle, you know what the results are. The pebble drops; the water's surface is broken; ripples fan out from the point of impact... such an unassuming yet beautiful study of cause and effect. Now, imagine instead of a puddle, it's a lake, with stones dropping at a continuous and rapid rate, all in different spots. I am sure you can visualize the effect - the water agitated in all directions, waves tossing to and fro...
Many organizations today face this churn when it comes to risk. It is not that organizations aren't thinking about risk. Survey after survey indicate risk is a board-level topic, but rocks keep falling. Those tasked with managing risk are riding the roiling waves. Issues are identified through a variety of sources, such as audits, risk assessments and security assessments, but are not managed properly to closure. Prioritization of these issues is near impossible because there is no common understanding of the business criticality of assets and processes affected by these issues. Companies then lack any consolidated view of general risks or have a very manual-based (spreadsheet) approach to cataloging and assigning risks. And the lake isn't always in the control of your company. Third parties (outsourcers, contractors, service providers, business partners, etc.) are becoming increasingly important and organizations just don't know what entities are impacting their risk profile.
To address this churn, RSA Archer® is pleased to announce the RSA Archer Ignition program - a fast track approach to launching a business risk management strategy. To strategically address risk, enterprises need a strong program foundation. While the risk management program vision may be a long term initiative, there are specific areas that need to be addressed at the outset to provide quick value to the organization and set up a much healthier and sounder foundation for the future. A strategic foundation needs:
- A process for Issues Management to eliminate 'churn' around risk and compliance issues from audits, risk assessments, and internal compliance processes;
- A Business Impact Analysis framework to catalog and prioritize assets and build the context to connect risk issues to impacts to the business;
- The ability to catalog and monitor risks to establish a strategic method to view and understand risks across the enterprise; and
- The ability to identify and track third parties used by the business to understand the emerging ecosystem that affects business risk.
The RSA Archer Ignition package includes integrated use cases addressing these four key areas via RSA Archer Use Cases with Quick Launch services and education offerings to get your program off the ground quickly. This package is priced and scoped based on the size of the organization allowing you to maximize your initial return on investment. Once your organization puts these processes in place, RSA Archer provides a maturity-driven approach to build on these foundations to develop a strategic approach for Business Risk Management. Our suite of use cases allows you to grow your risk management program to the level of maturity necessary for your business and ensure your lake, while still full of waves, is manageable and navigable.
Author: Steve Schlarman
Category: Archive, GRC
Keywords: Business Risk Management, Compliance, Ignition, Risk, RSA Archer