Enterprise Risk Management

Closely aligned with the risk management process from ISO 31000, Abriska® 31000 was designed to provide organisations with an intuitive tool for assessing and managing all types of risk from different functions and departments.

Its purpose is to ensures that risk management is an integral part of management and governance, is embedded into the culture and practices, and is tailored to the needs of an organisation.

You will find the configuration options vary to that within the RA Management for the Information Security 27001 module.

Initial Setup

Risk Variables

Abriska allows the risk methodology it uses to be tailored to an organisation's specific requirements, by allowing different risk variables to be used, for example, impact, likelihood, probability or proximity. A risk framework needs to be identified along with a risk matrix.

The setup will differ for Abriska 31000 (Enterprise Risk Management) and Abriska 27001 (Information Security Risk Management) due to the comprehension of the methodology per module.
URM will initially set up the product to utilise its own risk assessment methodology, which can then be tailored to reflect an organisation specific risk appetite or any existing model.

Please find further information on risk variables here: Enterprise Risk Management Variables
Organisation setup steps can be followed from our general Organisation Setup page.

Abriska 31000 Process Overview

• Enterprise Risk Management Setup
• Using the Enterprise Risk Register
• Generating Reports

Return to Abriska User Guides