When the module starts, you will begin in the Global Settings section. Start with steps 1–3 by first establishing the Date Settings (MM/DD/YYYY or DD/MM/YYYY) as well as Key Risk Indicators (KRI). The KRI Matrix is a color-coded n × n matrix made up of Risk Likelihood or Frequency and Risk Impact or Severity levels, which can be set as 1–5 or 1–10 (from low to high), with customizable color codes (Figure 2.2). Note that the KRI is computed as Risk Likelihood × Risk Impact. For instance, a risk item that has a likelihood frequency category of 5 and a risk impact severity category of 6 would yield a KRI of 30. The higher the likelihood or impact, the higher the KRI, indicating a higher risk condition. The default setting is 10 categories for likelihood and impact with 5 different colors. The color scheme goes from dark green (very low risk) to red (very high risk), and the labels on the horizontal and vertical axes have some predefined values such as average or above average risk, and so on. These can all be changed by clicking on the Customize button. In other words, the entire KRI matrix can be customized as needed, from the color codes to the category names.
Step 4 provides an option for Risk Controls. These are typically % weights and are selected by default. These weights are used later on in the Risk Register section. Alternatively, integer weights (discussed later) can be used. Step 5 provides the ability to customize the variables measured, that is, risk impact or severity versus risk likelihood or frequency. Some companies may wish to measure other elements such as risk of business losses, human resource impact, impact to the environment, and so forth. Any such modifications can be made here. Typically, most ERM performed in corporations tends to use the standard risk impact or severity versus risk likelihood or frequency matrix (the default setting in PEAT ERM).
Step 6 provides the ability to use global units or unique units for risk registers. For instance, if a firm is only concerned with the risk of financial impacts, it might use $ or £ for all its risk elements. This may be globally applied, which means for all risks, the selected unit will be used. In contrast, a multinational with businesses running in various currencies may require unique currency settings for each risk register. Finally, the droplist allows the use of other nonstandard units such as hours, joules, megawatt hours, and so forth, for firms interested in measuring their manufacturing and output capacity risks in these units.