Risk Mapper and Profiler
  • 26 Jan 2024
  • 6 Minutes to read
  • Dark
    Light

Risk Mapper and Profiler

  • Dark
    Light

Article summary

Risk Mapper and Profiler   

Risk Mapper & Profiler

The CobbleStone® Risk Assessment feature set provides a risk rating engine that enables your organization to define risk categories for exposures to your organization. These exposure and risk levels can be entered on each Contract, Vendor/Customer, Sourcing, or Purchase Order record and enables your team to assess the amount of risk for each exposure category and define the probability (or likelihood) the risk may occur. Overtime, and as your organization rates each high-risk item on contracts, vendors, purchases, and/or sourcing records, your organization can quickly identify high risk items that are outside acceptable range of risk. This provides a standards-based method to identify risk and re-evaluate the outlying risks on these records. Some of the notable goals of risk management enable organizations to:

  • Identify significant risk categories (items) from an organization’s operations;
  • Establish organization wide risk acceptance policies and guidance by risk category;
  • Rank and identify high level of risk to the organization with a high probably the risk may negatively impact the organization;
  • Review and log risk events by quantifying the risk and logging the risk (typically on high risk contracts, vendors/customers, purchases);
  • Recognize trends with risk and implement practices to routine review risk;
  • Implement strategies and techniques or practices to reduce the risk exposure or reduce the probability or likelihood the risk will occur;
  • Monitor risk, reduce the risk, and/or avoid the risk


Risk Graphic

 

The CobbleStone® Software Risk Mapper and Risk Profiler tool enables authorized contract managers, procurement specialists, and risk managers (any authorized users) to track risk for each contract record (or vendor/customer, sourcing, or purchase order records) and easily summarize, plot, and identify high risk items. It gives legal, procurement and risk managers a simple yet advanced tool to identify and reduce risk items that fall outside an acceptable boundary as established by a specific organizations policies and rules. As a rule of thumb, always seek legal and professional advice for any risk related to contracts.

For this documentation, we will be entering and monitoring risk for contract records. The steps to enter and monitor risk for sourcing, vendor/customer, and purchase order records are similar.

 

Enter Risk Rating for Each Exposure

1. To enter a risk rating on a contract, log in as an authorized system admin user and navigate to Contracts - Find/Search Contracts.


Find/Search Contracts

 

2. Search the available contracts.


Find/Search Contracts Find WhereFind/Search Contracts Find Where

 

3. Click View for the desired record to open its Contract Details screen.


Find/Search Contracts View Link

 

4. The Contract Details screen appears. Scroll down and, on the side menu, click Risk Rate.


Risk Rate on side menu

 

5. The Risk Assessment Risk Mapper screen appears for this record showing defined ratings for this record.

6. A progress indicator denotes how many risk ratings were entered in the last 180 days. If prior risk items were entered, the Risk Matrix mapper appears.


Risk Assessment Matrix

 

Bar graphs and trends show for prior rating items for this record.


Financial Exposure Trend Details

 

7. To enter a new Risk Rating item, select The Rating Category (to manage Risk Rating Category Items, use the Risk Rating Category List item screen described later in this document).

8. Select the Exposure Level based on a percentage. For example, if for a specified Risk Item, the organization can accept $5,000,000 in exposure, and the contract has $2,500,000 in exposure for the rated category, select 50%. If the highest exposure allowable for this risk category is $10,000,000 and the contract has $10,000,000 actual exposure, select 100% (tip: using percentages helps with comparison with risk categories and is standard method for risk probably rating).

9. Enter the actual quantitative value for risk exposure. In this example, we entered 1,000,000. Then, select the probability this exposure may happen. In this example, we select 15% indicating there is a 15% chance (likelihood) this will occur).

10. Enter a description of the risk to help later with identifying the risk.

11. Enter any controls or mitigation procedures that have been/can be performed to reduce this risk.

12. Click Save Risk Rating.


New Risk Assessment Rating Item

 

The newly entered Risk Rating Item is saved and shown on the bar graph. If there are prior entries for the same Risk Rating Item, the bar graph shows a trend. In the example below, the Indemnification Exposure risk exposure is trending downward.


Indemnification Exposure Trend Details

 

In addition, a detail grid of the prior Risk Items entered are shown on the Risk Profile Records details.


Risk Profile Records

 

Moreover, a summarized Risk Mapper plot (matrix) is displayed showing the most recent risk items, plotted on a standard risk map (sample seen below). We can quickly identify rated items that are risky (they are plotted in the upper-right hand area).


Risk Assessment Matrix

 

Monitoring Risk

The CobbleStone® Software Risk Mapper and Risk Profile tool includes a handy feature to help monitor high risk records from a holistic view. This tool provides risk managers [authorized users] the ability to view high risk exposures that fall outside the acceptable bounds for the last 1,000 rated items ordered by the higher risk items (higher risk items are determined by the Risk Probability Percentage multiplied by the Risk-Exposure-Level).

 

1. To view the Risk Mapper Profile tool as an overall view, navigate to Reports/SearchesRisk AnalysisRisk Mitigation Tools.

2. The Risk Mitigation Tool screen displays.


Risk Mitigation Tools

 

3. Scroll down and locate the Risk Assessment Profiler Mapper option (the item number may change based on the version of CobbleStone® utilized).

4. Click Use the Risk Assessment Profiler Tool to view the Risk Mapper Matrix.


Risk Assessment Profiler Mapper

 

5. The Risk Profile Map displays. Select the Area (Parent Object) on which to filter. For this example, we selected the Contract Details object.


Risk Assessment

 

6. Click Apply Filter. The Risk Assessment Matrix Map displays. In our example below, we see two Risk Rating items that are at the upper right of the map plot (towards the red section seen below). We should review these items to see if we can reduce risk. The Risk Map Plot shows that both rated items are on Record ID 132 (in this case, it is a Contract Record ID). By scrolling down lower on the page, we can see the details for this record and view the contract details for these Risk Items.


Risk Assessment Matrix Map

 

7. Click View for the record to review.

8. Next, it is up to the Risk Manager on how to reduce risk. Some typical risk reduction. If each of the Risk Items that are rated are documented properly, the Risk Manager can review the risk reduction recommendations that the entered previously in the Mitigation Effort column.


Mitigation Effort

 

Below are additional items that typically can reduce contract risk (but is not a complete list as each risk situation varies):

  • the contract can be re-negotiated
  • an amendment can be made to reduce risk
  • insurance can be purchased to offsite liability
  • the risk can be transferred to a third-party
  • carve-outs may be an option
  • contract cancellation
  • security controls or audits can be implemented
  • legal advice can be sought

No matter the method of reducing risk, as always, seek legal advice from an attorney.

Routinely re-rate the risk items on the record. In this case, we will re-rate as we amended our subcontract:


New Risk Assessment Item

 

Our financial exposure is now in the white area and shows as acceptable.


Risk Assessment

 

Configuring Risk Mapper Category Items

1. To configure risk mapper category items, log into the system as a system administrator.

2. Navigate to Manage/Setup - Application Configuration - Risk Mapper Category List (the menu item may be named differently).


Manage Risk Category List

 

3. The Risk Mapper Category List displays. To add a new Risk Category, click Add Record.


Risk Profile Categories List

 

4. The Risk Category Add Screen displays. Enter the Risk Category Name, set the Is Active field to true by selecting the checkbox, and set the Parent Record to include [Parent Object]. In this example, we are configuring a Risk Category for the Contract Records parent object.

5. Click Save & Continue.


Fields on Risk Category Add Screen

 

6. To manage the columns that appear for this configuration list, click Manage Columns.


Manage Columns in side menu

 

For our example, the following field columns were assigned: Risk Category Name, Is Active, Parents Records to include.


Assigned Columns

 

7.Click Back to List on the side menu.


Risk Profile Categories List

 

 

 

 

 

Risk Profile Categories List



Was this article helpful?