We will process your request as soon as possible and get back to you!



Your data will be treated confidentially.

 

Jürgen Günther - antares Informations-Systeme GmbH

Jürgen Günther - Management

Contact for GRC management software

Assistance in selecting the right GRC software solution

mail contact


Would you like to be called back?

We are here for you!



 

E-mail: info@antares-is.de

Phone: +49 7331 3076-0

Fax: +49 7331 3076-76

 


antares Informations-Systeme GmbH

Stuttgarter Straße 99

73312 Geislingen an der Steige 


Your data will be treated confidentially.

Subscribe to our quarterly newsletter and stay informed.


Your data will be treated confidentially.

 

Successful company management with an effective risk management process.

Achieve corporate success with targeted risk control.

Every company is constantly subjected to various risks but is also presented with potential opportunities, both internally and externally. Risk management must ensure that potential threats are identified in a timely, targeted manner.

These are evaluated for their potential impact and managed accordingly in order to achieve defined company objectives and protect company values. After risk analysis (identification and assessment), corresponding measures are introduced to prevent, minimise or transfer risk as well as take advantage of opportunities.

Effective risk management helps comply with internal guidelines and external legislation, and ensures process security.

Risk management process in practice

The risk management process can be divided into 5 steps. After the “risk monitoring” phase, a new cycle is initiated to provide current and reliable information across all areas.

Risk management - process steps

The foundation of successful risk management involves the existence of a company-specific risk strategy. It defines the terms of risk and opportunity and provides a glossary in order to achieve a streamlined basis of understanding within the company.

Furthermore, the upper limits for incoming risks are defined and rules are specified on how to approach these (risk minimisation, risk elimination, risk avoidance, risk acceptance).

From this risk structure, a risk culture can be derived which serves to enhance the risk awareness of company employees. It defines processes which increase the awareness and willingness to identify and report threats.

Along with assessment, identification is the most important phase of the risk management process and belongs with risk analysis. This involves listing existing and potential risks which may negatively or positively impact the existence of the company or company objectives. Both internal and external threats are taken into consideration.

Various methods and tools are used to analyse risk such as a SWOT analysis or potential analysis. This helps to identify customer and market-specific risks and derive strategic factors for success based on the company’s strengths and weaknesses.

To complete the risk identification stage, identified risks from the previous step are analysed and assessed. The analysis involves prioritising them based on their risk potential in order to manage the most critical threats first. The following parameters can play an important role in the assessment: probability of occurrence, extent of damage and expected loss. For this purpose, potential correlations with other risks must be identified as these can increase or compensate each other.

Evaluating the potential effects on results takes place both qualitatively and quantitatively in practice, with both processes if necessary. The risk matrix view is designed to visualise the risk potential and form a basis for strategic decisions.

Finally, the company’s overall risk position and associated risk-bearing capacity can be identified using risk aggregation.

Once the risk assessment phase is complete, suitable control measures for negative and positive risks are defined and introduced with the aim of positively changing the current risk situation. Derived from the strategy determined in advance, decisions are made about how each risk should be handled. Is it negligible and therefore acceptable? Should it be avoided at all costs? Can it be specifically minimised by taking appropriate countermeasures?

Control measures can be categorised as either proactive or reactive measures. The former involves action that is taken before the risk can arise. The aim of this action is to minimise or increase the probability of occurrence of medium or large risks. Reactive measures, on the other hand, are only implemented once a risk has already occurred.

The purpose of risk monitoring is to check the impact of the measures taken on the risk at regular, previously defined intervals. Changes in the probability of occurrence of individual, dangerous events are taken into consideration as well as the direction in which the amount of potential damage has headed. Based on these observations, potential improvements can be identified and implemented. It can also be determined whether possible new risks may emerge.

Monitoring of risk management provides information about the functionality of the process and its effectiveness. Based on the results of this review, conclusions can be drawn about methods for improvement and further development of the risk management process.

Finally, a detailed report about the findings is created and passed on to the person responsible. The report provides a status quo of the company’s risk situation as well as subsequent suggestions for improvement to ensure proper communication within the organisation.

Strategy

The foundation of successful risk management involves the existence of a company-specific risk strategy. It defines the terms of risk and opportunity and provides a glossary in order to achieve a streamlined basis of understanding within the company.

Furthermore, the upper limits for incoming risks are defined and rules are specified on how to approach these (risk minimisation, risk elimination, risk avoidance, risk acceptance).

From this risk structure, a risk culture can be derived which serves to enhance the risk awareness of company employees. It defines processes which increase the awareness and willingness to identify and report threats.

Identification

Along with assessment, identification is the most important phase of the risk management process and belongs with risk analysis. This involves listing existing and potential risks which may negatively or positively impact the existence of the company or company objectives. Both internal and external threats are taken into consideration.

Various methods and tools are used to analyse risk such as a SWOT analysis or potential analysis. This helps to identify customer and market-specific risks and derive strategic factors for success based on the company’s strengths and weaknesses.

Assessment

To complete the risk identification stage, identified risks from the previous step are analysed and assessed. The analysis involves prioritising them based on their risk potential in order to manage the most critical threats first. The following parameters can play an important role in the assessment: probability of occurrence, extent of damage and expected loss. For this purpose, potential correlations with other risks must be identified as these can increase or compensate each other.

Evaluating the potential effects on results takes place both qualitatively and quantitatively in practice, with both processes if necessary. The risk matrix view is designed to visualise the risk potential and form a basis for strategic decisions.

Finally, the company’s overall risk position and associated risk-bearing capacity can be identified using risk aggregation.

Management

Once the risk assessment phase is complete, suitable control measures for negative and positive risks are defined and introduced with the aim of positively changing the current risk situation. Derived from the strategy determined in advance, decisions are made about how each risk should be handled. Is it negligible and therefore acceptable? Should it be avoided at all costs? Can it be specifically minimised by taking appropriate countermeasures?

Control measures can be categorised as either proactive or reactive measures. The former involves action that is taken before the risk can arise. The aim of this action is to minimise or increase the probability of occurrence of medium or large risks. Reactive measures, on the other hand, are only implemented once a risk has already occurred.

Monitoring

The purpose of risk monitoring is to check the impact of the measures taken on the risk at regular, previously defined intervals. Changes in the probability of occurrence of individual, dangerous events are taken into consideration as well as the direction in which the amount of potential damage has headed. Based on these observations, potential improvements can be identified and implemented. It can also be determined whether possible new risks may emerge.

Monitoring of risk management provides information about the functionality of the process and its effectiveness. Based on the results of this review, conclusions can be drawn about methods for improvement and further development of the risk management process.

Finally, a detailed report about the findings is created and passed on to the person responsible. The report provides a status quo of the company’s risk situation as well as subsequent suggestions for improvement to ensure proper communication within the organisation.

Internal approval process - risk management

Within the company, any negative or positive risk identified must undergo an internal approval process. A risk assessment is then carried out by the person who discovered the threat (risk owner). They assess the extent of the damage and probability of occurrence and carry out qualitative/quantitative assessments. Finally, the best-case, worst-case and expected-case scenarios are played out. The potential risk development is assessed with the help of an evaluation of the time period.

After the assessment, the risk is taken to the next level up, where it must be approved by the person responsible. If it is approved, the risk continues upwards or, if unapproved, back to the risk owner who must then reassess the risk.

Process representation via corporate structure

If the risk reaches company management, it is then determined whether it is relevant for the entire group or just the subsidiary company.

Upon approval by the decentralised management, it is transferred to the holding risk management. The parent group collects all of the subsidiary company’s reported risks and aggregates them. Control measures are then identified. Finally, a detailed report is created for the management board which contains all of the relevant key figures and data.

Effective Risk Management with a risk management system

In order to implement effective and reliable risk management, it is advisable to introduce a structured and workflow-based risk management system and to integrate it into the management control system. This ensures the transparency of data and processes and provides a clear view of the risk management process at all times. The mandatory early warning feature of the risk management system puts you in a position to identify potential threats early on to effectively manage risks.

Our established Risk Management software solution antares RiMIS offers you extensive features for Governance, Risk and Compliance management.

  • Jürgen Günther - antares Informations-Systeme GmbH

    Jürgen Günther

    Management

    Contact person for GRC management software

    mail contactxing contactlinkedin contact

     

The best way to show you our software’s abilities is with a live presentation. We’ll present the service portfolio live and at no expense to you, either directly on your screen via a web session or in person at your premises.

We’ll answer your questions to ensure that you can get to know the software properly. We’ll show you solutions to specific requirements.

Choose your preferred option and arrange a live presentation.

Your benefits with antares RiMIS

Predictive

Risks are not only pragmatically indexed; the early risk detection system integrated into our GRC solution enables you to proactively prevent risks and find the ideal path forward with the controlling of measures.

Fast

The short implementation time and individual expandability is seamlessly integrated into your workflow without disruptions. Generate an optimum risk strategy in no time at all with antares RiMIS.

User-friendly

Complex processes are easy to use thanks to the intuitive interface structure and modern, web-based design. Self-explanatory dashboards and graphics simplify day-to-day dealings and achieve fast results, such as the drill-down method.

Approved

Corresponds to § 317 para. 4 HGB and Auditing Standard IDW PS 340, meets BilMoG requirements and paves the way to prevent violation of the Sarbanes-Oxley Act. Takes into account the aspects of KonTraG, ISO 31000, IDW (E) PS 981, COSO II as well as ONR 49000 and ÖNORM S 2410 and is based on IEC 62198.

Customisable

Along with standardised data transfer, optimum integration into your IT environment allows for customisable design which can be adapted to your guidelines and requirements in opportunity and risk management.

Timesaving

The intuitive screen structure and email-supported workflow from creation to automatically created risk reports ensures a seamless and efficient risk management process.

Our promise