MX Risk Management Engineering®


The value of risk management goes beyond risk identification. It enhances the knowledge of the organization, tracking the implementation and operations of risk controls as well as allowing auditability of the controls. Risks exist in all organizations and the business activities carried out by the organization. Especially for publicly accountable Organizations, risk management is a mandate activity to demonstrate due diligence by the Management.

Maximus assist organizations to develop an operational risk management program, strategically aligned with the corporate risk management program if any. With this risk management program, Maximus will then facilitate in identifying the risks from various disciplines as well as the corresponding controls that are currently in place to mitigate the risks. Through the use of Maximus semi-quantitative role-based risk management methodology, the Organization will be able to exhaustively and systematically identify all the relevant risks and controls and evaluate the risks quantitatively with clear roles and responsibilities. Upon risk evaluation, risks will be treated accordingly based on the risk appetite and risk treatment plan devised and follow-up.


PROGRAM MANAGEMENT PRACTICE

Risk Management

Traditionally, risk management is often considered merely as an activity mandated from the boards, legislator, regulators and institutional investors, as well as pressured by ratings agencies and public at large. However, with the rise of cybersecurity issues, Management has started to look beyond the traditional needs of performing their due diligence; it is now viewed as the means to understand their environment to stave off threats from various risks the organization faces. 

The idea of performing risk management is not just about staving off threats but rather, managing business values against the risks in which the organization is exposed to. With this holistic understanding, C-suites would be able to better manage their risk appetite, justify their investments and staying accountable for their risk decisions.

Understanding the potential benefits that can be reaped from this service, the Management needs to understand that risk management covers a wide range of risk domains and risk management is not a one-off activity. It should be noted that the quality of risk management depends on the depth of risk management as well as the facilitator’s competence and experience. The shallowness of risk management may not allow Management to “deep-dive” into the problem and the incompetence and/or inexperienced facilitator may point Management in the wrong directions. Making matter worse, in situations where risk management are implemented across multiple locations, due to cultural difference, educational difference, program interpretation differences and through the use of different risk facilitators at various locations, risk results may turn out to be just a bunch of numbers with no analytical value.

With 20 years of experience performing risk management activities for our clients, Maximus has developed a methodology that assures the objectivity, consistency and quality needed for risk management. Maximus believes firmly that all risk assessment originates with a business service in mind, it may be services provisioned for internal functions or chargeable services provisioned to its customer. Each business service is then supported through IT systems and business activities, where in turn they comprise of key assets including operating systems, virtualization, applications, information, outsourced services as well as business processes. Depending on the nature of the key assets the organizational possesses, relevant risks are associated and identified.  

Preparation of Security Profile Map (SPM)

Indentification of Risk Scenarios

Risk Analysis

Risk Evaluation

Risk Treatment

Maximus risk management approach is to get the business owners to identify what they possess and valuate them in terms of business importance as well as getting the custodians to identify their responsibilities and identify the controls which are used to mitigate the risks. With this association, Management would be able to have a holistic view of the business value against the risk levels contributed by their custodians and in any event where incident occurs, the Management would also be able to easily identify the custodian responsible for the matter. The Management is also able to correlate their business investments and business service value against the cybersecurity risks that pose to the business service.

In order to remove risk management ambiguity, Maximus adopts a semi-quantitative risk assessment model which is supported though a pre-defined set of industry aligned risk and control knowledge base. With a pre-defined set of role-based risk and control knowledge base, the organization risk management can be free from assessor and facilitator subjectivity and in addition, able to compare its risk adversity performance against other operators in any environment.

As RiskClipper™ is equipped with a pre-defined set of industry aligned risk and control knowledge base, it is capable of providing principle-based recommendations to the organization on the relative non-performing areas as part of risk treatment. 

our solutions

Risk Management Framework Development

Risk Management 

Process Development

Risk Management 

Exercise

If you want to learn more how we managed to assist organizations in operationalizing and managing multiple risk disciplines, feel free to contact us.

Book a free consultation
We use cookies
Cookie preferences
Below you may find information about the purposes for which we and our partners use cookies and process data. You can exercise your preferences for processing, and/or see details on our partners' websites.
Analytical cookies Disable all
Functional cookies
Other cookies
We use cookies to personalize content and ads, to provide social media features and to analyze our traffic. Learn more about our cookie policy.
Details I understand
Cookies
Report abuse