Our vision on Risk Self Assessment
Self Assessment as a continuous thermometer
Run risk self assessments (CRSA/RSA)< /span> is an ideal way to quickly understand risks, controls and its status regarding standards and laws. This applies to the internal organization, but also to all parties with whom we work together. By continuously measure the proverbial temperature valuable time can be spent on those things that matter do.
Full Trial
Only 30 minutes
Without obligation
The three steps of a self assessment
Prepare questionnaire
An effective questionnaire is created by translating matters such as a standard, control or risk into an unambiguous set of questions. The aim is that this questionnaire can be widely distributed; both inside and outside the organization.
Turn off self-assessment
In the ideal world, questionnaires are distributed digitally among the intended target group. Respondents can then easily answer a questionnaire. At a time and location that suits them best.
Analyze and follow up results
The answers obtained are aggregated and scored. With this overview, the organization is then able to analyze the self-assessments, prioritize risks and define an action plan.
Gain insight into risks, controls and compliance
Meet departments, suppliers and partners to the GRC frameworks to which the organization commits? That question is always central when running risk self assessments. It is therefore an effective tool that can be used easily, scalable and frequently. It helps – optimal and objectifiable – view at risk, controls and compliance. Putting one set of questions to different departments, suppliers or partners creates thereby < span class="NormalTextRun SCXW223104520 BCX0">a unambiguous image. The results can then become afgeset against the yardstick of the organization. This sets priority and focus for the actions and follow-up necessary to be and remain in control. The repetitive nature provides a fascinating insight into the way in which risk profiles develop over time.
Three Lines Model
1st line
2nd line
3rd line
The Three Lines of Defense model from The Global Institute of Internal Auditors was updated in July 2020.
The functions are not only intended to protect the value of the organization, but also to increase it. As a result, we no longer talk about ‘lines of defense’ or ‘lines of defence’.
The goals of the organization are central to all functions. The functions are not silos, but coordinate and work together; each from his own role. The design of the model must be geared to the risks and specific situation of the organization.
The 3LM establishes a stronger link with the objectives of the organization.
1st line
This group is ultimately responsible for the choices made and the risks taken in daily practice .
You want to optimally support the people who are responsible for the most important activities and processes in an organization. GRC information is relevant, but often only if you have to. How do you make it easier for them? How is risk management going to live for them? Do they know within which frameworks they have to operate? And how do you effectively conduct a Privacy Impact Assessment without immediately bombarding all teams with a questionnaire of more than 100 questions?
Key words are: Accountability and reporting.
< p>
2nd line
This group develops the systems for a good process of risk management and control , always supporting the ‘business’.
The risk manager, controller, auditor, compliance or security officer (CISO) wants a clear register of risks, controls, compliance sets and, for example, related incidents. NARIS GRC helps the GRC Professional with insight, completeness. Whether you work on the basis of a Risk Control Framework or only do control testing, want to do internal and external audits, or want to comply with a standard. With our knowledge and the flexibility of NARIS GRC you can steer with guts.
Keywords are: Delegation, direction, resources, supervision
3rd line
This group provides assurance to top leadership (assurance) on the quality of direction and control in certain areas within the organization.
Supervisors, Boards of Directors/Supervision/Commissioners, external auditors or accountants, as an internal auditor you want to report in an effective and relevant way. NARIS GRC can help you with those reports; whether it concerns assurance of audits or controls, risks at chain partners or objectives of the organization itself. From detail to dashboard, internally or externally; look back to steer forward. Fueled by useful GRC information so that the right assurance can be given.
Keywords are: Alignment, communication, coordination, cooperation
Create Respondent-Friendly Questionnaires
The quality of a self assessment can be increased significantly when g user-friendly questionnaires are used as a base . Help texts, clear expectations and progress indication are ways to achieve this. NARIS GRC < span class="NormalTextRun SCXW231517358 BCX0">allows for for respondents GRC frames to stake and answer. Deadlines, save in the meantime and notifications accompany the respondent to answer the questions in time and the process successful to be completed
Turn off a reusable questionnaire at the touch of a button
The added value of < /span>self assessments are increased when they become frequent used . Reusable questionnaires allows you to create a questionnaire at the touch of a button self assessment to be repeated. The use of GRC software also provides insight into the questionnaires present and NARIS GRC even goes a step further by providing a basic set. Owhether it concerns a DPIA or a request tovconnected pparts ; such self assessments hooves not to be reprocessed every time. This makes it simple mwith a certain frequency the same questionnaire en de results (with previous moments) to compare.
Immediate insight into results
Visual reports help to create diverse insights and at a glance perspectives get in the degree to which the GRC frames. Not only the improvement potential, but also the positive results contribute to the risk and compliance culture. Holding self assessments in professional GRC software helps to visualize an overall view of the organization. In addition, you can zoom in on departments, teams and external parties. In addition, benchmarks and comparisons are available to help the organization make improvements or take action span>. For example, the GRC frames continuously monitored and enhanced.
Inspiration around self assessments.
GRC – Is it a Necessity?
Topics for Discussion As a Governance, Risk and Compliance (GRC) expert, there are a number of discussion topics that are
Don’t Become a Lone Wolf!
One of the most interesting statements I recently heard from the CEO of a large company was about the usefulness
NARIS launches groundbreaking integral GRC software
Today, NARIS GRC announces the launch of their fully updated – and expanded – Governance, Risk & Compliance (GRC) software.
Let's talk
Do you have questions about our solutions for your organization? Please feel free to contact us
Fill out the form or
call Kim:
Contact us without obligation
Would you like to know what we can do for your organization? Fill in the form below.
The Netherlands
Plantageweg 1C
3833 AZ Leusden
Auke Vleerstraat 8
7521 PG Enschede
Germany
Hohenzollernring 57
50672 Köln
About NARIS
Partners
GRC tooling
Support
