Origami Risk: Configurable GRC Technology

Robert Petrie, CEO

The management of a comprehensive GRC program requires technology solutions with the capacity to account for organizational complexities, the dynamic nature of risk, and ever-changing regulatory environments. Such are the GRC/ERM offerings advanced by Chicago-based Origami Risk, a leading software provider for the risk and insurance industry.

Built on a secure, cloud-based platform accessible from any internet browser or mobile device, Origami Risk’s configurable GRC technology solution provides a single, centralized location for collecting data from across the organization for use in the identification, management, and mitigation of risk—irrespective of existing risk framework or level of risk maturity. The system combines intuitive reporting and assessment (audit) functionality with the ability to streamline processes and drive accountability through the use of automated workflow tools.

Development of the solution has been informed by close collaboration with Origami’s client partners. Robert Petrie, CEO of Origami Risk points out, “Origami Risk’s focus on our customers is at the heart of all of our business decisions. From product design and technology investment to our heavy focus on hiring deeply experienced experts, Origami Risk strives to deliver superior client service, fuelled by a steady stream of innovation and thought leadership.”

Increased program visibility

The adoption and sustainability of a GRC program involve “buy in” throughout the organization. How program data is presented to stakeholders plays a significant part in a program’s success. To increase transparency and foster greater understanding of program objectives, dashboards and individual interactive dashboard elements in Origami Risk can be tailored to present users with information critical to their role or function.

A dashboard created for board members and executive leadership may convey program performance against defined KPI’s, display target risk scores, and employ calculations that roll-up individual risk scores into defined high-level categories. Concurrently, for a stakeholder at a specific business unit, a dashboard may be set up to include a list of all risks that apply to the location, along with a list of upcoming due dates for the implementation or review of controls.

Customizable Risk Management and Mitigation Elements

Critical to the success of a GRC technology solution is the ability to easily create and define the core data elements that shape a program: risks, controls, and other risk-related records.

Innovative technology— designed and supported by industry experts—for managing, identifying, and reducing risk

In Origami Risk, the individual screens, sections, and labels of these records are completely customizable. They can also be modified, as needed, to keep pace with business expansion and changes in policy, risk, or compliance standards.

In the case of risk records, categories and sub-categories, risk ownership, risk appetite, risk objectives, and more, can be defined based on recognized standards (i.e., ISO 31000 or COSO ERM), an organization-specific approach, or a combination of the two. Furthermore, risk assessment ratings that measure inherent impact and likelihood are color-coded so that high-level risks (red) stand out when listed on screens, dashboards, and reports. Additional options allow for the application of customizable formulas—from the most basic to the most complex—that calculates a residual impact and likelihood score once controls have been implemented, as well as setting target risk scores to track program progress.

Control records define the actions a business is taking relative to risk. In Origami Risk, these records can be linked to multiple risk records for providing a clear picture of the risks the control is intended to mitigate. This can also help to ensure mitigation efforts are not duplicated by different departments in the organization. If required, non-structured data—email, files, photographs, and documents—can be attached to controls to provide historical documentation.

Assessments and Accountability

A key element of any sustainable GRC program is the periodic evaluation of the effectiveness of controls. To accomplish this, most organizations perform internal audits to gauge the success of controls in mitigating risk. Integrated audit functionality in Origami Risk keeps the audit process—including results and any the status of action plan execution—in a single system.

With risk-related data stored in a single system, Origami Risk’s automated workflow tools—that include the generation of tasks and transmission of email notifications—can be configured to streamline the processes of defining risk, implementing controls, and assessing the efficacy of controls. And since all data in the system can be reported upon, ownership of risk and controls, along with the status of assignments is made more clear.

About Origami Risk

Founded in 2010 by a small group of RMIS industry veterans, Origami Risk has grown to become the widely recognized as the leading software provider for the risk and insurance industry. The company’s approach to providing software and support is modelled on a collaborative partnership with their customers.

Origami Risk’s integrated risk, safety, and claims management solutions are used in a number of industries, including Insurance, Education, Government, Healthcare, Real Estate, Energy, and Transportation. Origami Risk remains well positioned to be a flexible, agile, and highly effective solution provider capable of assisting organizations—regardless of sector—in dealing with complex GRC requirements, as well as a leading innovator in the development of new GRC-related functionalities.