Risk management is the identification, evaluation, and prioritization of risks followed by coordinated and economical application of resources to minimize, monitor, and control the probability or impact of unfortunate events or to maximize the realization of opportunities.
The definition of a risk consists of set of controls. A control failure may or may to lead to a risk e.g. a user who has an access to the development transaction in a production system, but do not have a development key to do the development, can not do any direct development in production system. Thus, there is no risk although there is a control failure that the user has access to the development transaction. Do you consider a SoD Conflict for a user has a risk, even though the mitigating process
control is in place? It depends on your risk appetite.
Conteliga offers a risk framework, where a risk can be defined with the set of controls and distinguish among the control failures which leads to a risk and the control failure which do not lead to the risk, so that you can prioritizes the mitigation tasks accordingly. The complete evaluation is done automatically and the respective risk and control owners are informed automatically like a ticketing system, where each steps taken to resolve the failure is documented and traced. Moreover, the dashboard helps to track the performance.
Lot of risks can be identified via looking into the system configuration. his system configuration can be on..
RISK BASED APPROACH
Conteliga distinguish between a control failure which leads to a risk and the control failure which do not lead to a risk.