RiskMaster for Creatio

RiskMaster for Creatio makes risk registration and management processes easy, transparent and manageable.

Use cases:

Risk management is a crucial task that every organization is facing. Applying basics of risk management contribute to achieving company’s goals and carrying out its tasks, even though it does not ensure zero probability of occurrence of various risks.
RiskMaster Creatio is designed to be used as a single general register of the risks in a company of any size. The risk management system is developed on Creatio platform which enables it to be configured for modelling and automation of any specific business processes of the company and flexible adaptation to the peculiarities of business.
RiskMaster Creatio is originally designed to manage operational risks, but it can be easily adapted to manage other enterprise risks as well.

Key features:

• Business objects

The Business Objects section is intended for registering business objects, storing information about business objects for which risks are assessed, and subsequently registering incidents and cases of risk realization. Categories of business objects can be business process, products, systems, suppliers or any other object according to your Risk Management Policy.

• Risk and control self-assessment (RCSA)

RCSA (Risk Control Self-Assessment) is an integral part of a quality risk management system. Through this process, management and responsible employees, business object holders are able to collectively identify and assess risks and associated controls. The result of the self-assessment is to identify the exposure of a particular business object to risks and determine preventive actions to minimize them.

• Risk catalogue

Catalogue section is a directory of possible risks. The system functionality allows grouping operational risks according to company methodology and quickly configuring own grouping structure. The system provides risk taxonomy that can be used in risk assessment process. 

• Incident registration

Register incidents indicating probable occurrence of risk. Ensure automated registration of an incident via email sent to a specifically created email address for incidents registration. Upon necessity, configure automated import of incidents (e.g., IT incidents) from external systems.

• Investigate incidents

Once the incident has been assessed and a decision has been made that the incident is indeed a case of risk realization, the risk itself is recorded (in the Risk Case section).
The Risk Cases section registers risks and risk management-related processes of the following types: Preventive case, Audit recommendation, Risk and control self-assessment, New risk assessment or other types of investigations according to your Risk Management Policy).

• Risk documents

The Risk Documents section is meticulously designed to provide a convenient and efficient document storage solution tailored for risk management needs. This section allows users to store, organize, and manage documents related to various objects within the system.
Documents are organized into a convenient two-level hierarchy consisting of 'Type' and 'Subtype' categories, simplifying the classification and retrieval process. The system supports both static folders for predefined document storage and dynamic folders that use filters to automatically organize documents based on specific criteria. This flexibility allows users to maintain an organized and up-to-date document repository effortlessly.
Each document is accompanied by a detailed document card that includes extensive metadata. This metadata includes information such as document name, number, date of creation, validity end date, and other relevant attributes. The rich metadata ensures that documents are easily searchable and can be cross-referenced with related objects, enhancing overall document management capabilities within the risk management workflow.

• Planning preventive measures

Section Preventive actions allows to organize and systematize measures to minimize risks. In the section you can set up a warning action with automatic creation of Risk Cases for a specified period (for example, annual regular risk assessment of a separate business object).

• Audit

Internal and external audits are an integral part of the risk management system, as one of the objectives of each audit is to identify deficiencies and errors in the reports and activities of an enterprise or its individual business object (process, procedure, etc.).
Section Audit cases includes the following stages of audit: Planning of audit; Drafting procedures based on which the audit is carried out; Recommendations for elimination of deficiencies detected in the course of audit.

• Business rules

It is possible to customize scenarios (business rules in the area of risk management) that require a response from a company employee or provide automatic notification to an individual company employee. The flexible mechanism for customizing new rules allows to use any data from the system. As a result of triggering a condition, there is an option to send an alert to a certain employee or structural units, create an incident or start a new predefined business process with its own logic.

• Ensuring control

Use centralized incident, investigation, and process registers for efficient control of compliance in general. The system offers grouping by source, type of risk, business process, person in charge; searching for a separate dossier or process, obtaining detailed information (history of registration and processing, explanatory memos, expert’s assessments, comments, documents, decisions made and history of their execution); planning preventive risk mitigation measures; automatically generated tasks for employees, based on the scheduled activities; business process of control over execution of actions and approval of results; preinstalled report panel for tracking the presence of new incidents and other important indicators.