Our vision on risk management
Without risk, we will not progress
The most innovative companies have a high risk appetite, but take risk management seriously. The risk management models are therefore not easy to drag on. Time for an integrated approach!
Full Trial
Only 30 minutes
Without obligation
Risk management is more than the introduction of a tool! Our approach goes further
People
80% of the risks are caused by human actions. Increasing risk awareness = risk management.
Process
This is about how we do things, how we improve the different risk and control processes and how we achieve synergy.
Technology
Technology should support the process and help the organization to be demonstrably in control in accordance with the 3 Lines Model.
What is Risk Management?
Risk management is typically a term that everyone has an idea of. Managing risks will probably have something to do with:
a) mapping risks.
b) shaping risks to your liking.
c) ultimately reducing risks.
Or is it different? Yes, because how it can ultimately contribute to a better strategy for your organization is still often unknown. That’s why this page.
Three Lines Model
1st line
2nd line
3rd line
The Three Lines of Defense model from The Global Institute of Internal Auditors was updated in July 2020.
The functions are not only intended to protect the value of the organization, but also to increase it. As a result, we no longer talk about ‘lines of defense’ or ‘lines of defence’.
The goals of the organization are central to all functions. The functions are not silos, but coordinate and work together; each from his own role. The design of the model must be geared to the risks and specific situation of the organization.
The 3LM establishes a stronger link with the objectives of the organization.
1st line
This group is ultimately responsible for the choices made and the risks taken in daily practice .
You want to optimally support the people who are responsible for the most important activities and processes in an organization. GRC information is relevant, but often only if you have to. How do you make it easier for them? How is risk management going to live for them? Do they know within which frameworks they have to operate? And how do you effectively conduct a Privacy Impact Assessment without immediately bombarding all teams with a questionnaire of more than 100 questions?
Key words are: Accountability and reporting.
< p>
2nd line
This group develops the systems for a good process of risk management and control , always supporting the ‘business’.
The risk manager, controller, auditor, compliance or security officer (CISO) wants a clear register of risks, controls, compliance sets and, for example, related incidents. NARIS GRC helps the GRC Professional with insight, completeness. Whether you work on the basis of a Risk Control Framework or only do control testing, want to do internal and external audits, or want to comply with a standard. With our knowledge and the flexibility of NARIS GRC you can steer with guts.
Keywords are: Delegation, direction, resources, supervision
3rd line
This group provides assurance to top leadership (assurance) on the quality of direction and control in certain areas within the organization.
Supervisors, Boards of Directors/Supervision/Commissioners, external auditors or accountants, as an internal auditor you want to report in an effective and relevant way. NARIS GRC can help you with those reports; whether it concerns assurance of audits or controls, risks at chain partners or objectives of the organization itself. From detail to dashboard, internally or externally; look back to steer forward. Fueled by useful GRC information so that the right assurance can be given.
Keywords are: Alignment, communication, coordination, cooperation
Link risks to the strategy
Zonder risk appetite, geen strategie én geen risico’s. Dankzij de risicostrategie kaart van NARIS GRC zijn risico’s en controls te koppelen aan de strategie van jouw organisatie. Hierdoor wordt risicomanagement een integraal onderdeel van de sturing en ‘geen lijstje, om het lijstje’.
Drie stappen om eenvoudig je Risk Appetite vast te stellen >
Bepaal gezamenlijk de belangrijkste risico’s
=
The joint discussion of risks and underlying perception differences ensures support towards a final top 10. With Naris GRC allows employees to participate in a risk dialogue. For example, people can chat about the risks, add causes and ultimately vote on probability x impact.
Building knowledge base of risk and controls
With one control you can several risks are covered. It is therefore important to carefully describe risks and controls. This avoids a chaos of risk descriptions that are basically the same. Thanks to Naris Next a risk is only entered once and from department-specific information provided.
Inspiration around risk management.
GRC – Is it a Necessity?
Topics for Discussion As a Governance, Risk and Compliance (GRC) expert, there are a number of discussion topics that are
Don’t Become a Lone Wolf!
One of the most interesting statements I recently heard from the CEO of a large company was about the usefulness
NARIS launches groundbreaking integral GRC software
Today, NARIS GRC announces the launch of their fully updated – and expanded – Governance, Risk & Compliance (GRC) software.
Let's talk
Do you have questions about our solutions for your organization? Please feel free to contact us
Fill out the form or
call Floor:
Contact us without obligation
Would you like to know what we can do for your organization? Fill in the form below.
The Netherlands
Plantageweg 1C
3833 AZ Leusden
Auke Vleerstraat 8
7521 PG Enschede
Germany
Hohenzollernring 57
50672 Köln
About NARIS
Partners
GRC tooling
Support
