We take a process engineering approach to risk management and focus on designing and building process control systems for enterprise value chains (e.g. customer-facing operational systems, integrated PDLC/SDLC supply chains, and GRC Systems Engineering) according to specified requirements.
We are capable of addressing enterprise risk issues for regulatory compliance purposes and operational risk. However, we prefer to design, engineer, and deploy process control systems, more than discussing the theory of risk modeling in an abstract context. Never the less, designing robust control practices for regulatory compliance does require some understanding of the theory, an effective taxonomy, and heuristics to define metrics that are both meaningful and properly aligned to applicable engineering reference models.
We use modeling techniques to efficiently design (or link to an existing) a risk management program to derive Value Chain Maps, which are then used to define metrics to measure performance against baselines. As an example, presented below is an architecture map for a large-scale internet operation, created using a derivation of the Rummler-Brache process modeling methodology.
Process Engineering Services
ERM - Value Chain Decomposition Maps, Risk Management Metrics, Risk Control Matrices, Risk Quadrants for ISO 31000 & COSO ERM enterprise-level framework initiatives.
Metrics Life Cycle - Definition, design, development, & deployment: UML Modeling Diagrams, Process Maps, & Product Breakdown Specifications (PBS).
Risk Assessments - Gap Analysis, Remediation Strategies, Risk Matrices, and Remediation Strategy Road Maps for due diligence reviews in conjunction with mergers, acquisitions, & IPO’s.
IT Governance - Phase Gate Quality Reviews for Architecture Review Board, Software Engineering, Development, & Change Control Review Board. Monitoring, compliance, and quality review of deliverables for business process modeling, blueprinting, development, configuration, testing, controls validation, quality, go-live, and post-production support activities.
Data Governance - Program design, project management, process mapping & modeling for the deployment of Data Governance processes, Master Data Management, and meta-data repositories.
Quality and Standards Systems Certification - Documentation of quality management methods, procedures, and metrics in support of ISO 9001 & ISO 27001 ISMS programs compliance.
