Typically, ERM implementation also requires the ability to create various divisions, departments, risk categories, and other segmentations within an organization. Such segmentations are required because data entered for the risk registers later can be sliced and diced every which way, as well as being in compliance with COSO Integrated Risk Framework.
Figure 2.3 shows the PEAT ERM software’s Risk Groups section. A multitude of Risk Divisions, Risk G.O.P.A.D., Risk Category, and Risk Managers can be set up here. Cumulatively, these categories represent the Risk Taxonomy of the ERM system.
For example, multiple businesses or operational divisions within a company can be created, such that the company can manage multiple risk profiles for each division. Users can also create and assign various G.O.P.A.D. (geographic, operations, products, activity or process, and department) categories such that a company’s risk profile can be analyzed from multiple points of view.
Start by creating one or more divisions, then the G.O.P.A.D. categories, then the risk categories, and, finally, risk managers or people in charge of certain aspects of the company. When creating risk categories, PEAT’s default library of predefined risk categories can also be called up to assist, via the Load Risk Inventory Library button. Once categories are created, these will be displayed in the data grid at the bottom. Click on the Edit pencil icon to edit a particular item.
Click on the Report button to generate an Excel report of the created categories. This report can serve as an archive or as a template to import additional or new categories. For instance, by generating a report from this current default example model, you can then clear the report, enter any new categories into the Excel worksheets, and subsequently Import them into the software. Importing data will allow a large number of categories to be entered quickly. Manual inputs are optimal when only a few categories are needed. Regardless of the approach, it is highly recommended that category names be brief but descriptive. For example, the finance department can be named D-Finance or oil and gas products can be named P-Oil. Brief category names tend to generate more visually pleasing reports.