Quantitative Risk Register
What is a risk register?
A risk register, sometimes called a risk log, is a database of risks used to identify, assess and manage risks, particularly operational risks (losses caused by human error, failed processes, fraud, etc.). It is also typically used to fulfill regulatory compliance by documenting and reporting identified risks.
A risk register will list the risks that are considered the most threatening to the organization. The risks often have some potential financial impact, but they can also include other dimensions like injury, environmental impact, and loss of reputation.
How a risk register supports risk management
Identifying all the operational risks that are faced by an organization, and then assessing their likelihood and potential impact, enables the organization to rank risks and focus mitigation efforts on managing the most important risks. Listing all the control and mitigation efforts, along with who is responsible for ensuring those efforts are implemented and maintained, makes it possible for an internal audit function to check whether the processes are being followed.
A risk register mostly addresses event-driven operational risks like accidents, failures to comply with a law, fraud, errors in business processes, etc. It is unsuitable for assessing commercial risks that threaten the strategic objectives of an organization, like the effects of competition, changes in market size, inflation, supply chain uncertainty, cost overruns, or delays in launching key products. Other analytic tools like ModelRisk and Tamara are used for assessing these risks.
The value of a quantitative risk register
Qualitative risk registers, although common, do not provide the necessary information for effective risk management. Pelican’s risk register is fully quantitative. Risk quantification provides numerous benefits that are not possible with qualitative methods:
- Unify the risk management strategies across the different disciplines of an organization
- Unambiguous, flexible evaluation of risks that make the greatest use of available information
- Precise risk ranking to identify the key risks that jeopardize the achievement of corporate objectives
- Aggregation of risk exposure and compare against your risk tolerance
- Evaluate and optimize the effectiveness of risk management strategies
- Use cost-benefit analysis to maximize the efficiency of risk treatment
- Save on insurance premiums by optimizing coverage parameters
Trusted by
Pelican Risk Register Use Cases
Risk and Insurance Manager
Kate
Kate is able to save money each quarter by investing in the most cost-effective risk treatments and insurance
Risk Assessor
George
George uses bowties to clearly describe complex risk scenarios and develop effective risk management strategies
Risk Owner
Rachel
Pelican is connected to Rachel's calendar to remind her in good time of the risk treatment tasks she is responsible for
Stakeholder
User identifies a possible risk issue
and submits it for assessment
Book a session to discuss whether Pelican Risk Register is right for you
Key features of the Pelican Risk Register
Incorporate multiple impact types into one analysis
- Extend beyond purely financial losses to risks that impact safety, the environment, ESG measures, service availability and other key performance metrics
- Assign suitable impact scales by entity, e.g. by each entity’s financial capacity
- Maintain global definitions of impacts that match your organisation’s good corporate citizenship policy
- Balance how to assign resources appropriately where there are several impact types
Interconnected Bowtie diagram
- See your risk management strategy immediately with easy and natural visual description about how a risk event can occur, what the consequences might be, which controls you can add that could stop that risk from occurring or reduce the chance or size of the consequences.
- Understand how risks interact with each other.
- Use the Bowtie editor for brainstorming
Risk Management overview
- A live, user-friendly and customizable risk reporting and monitoring platform, accessible by PC, tablet or smartphone
- Reports tracking the top risks, their evolution and the execution of critical risk management tasks
- Customizable key performance indicators for each entity
- Customizable key risk indicators to track emerging trends in risk exposure
- Comparison of risk profiles and metrics across different entities, projects and regions
- Rich and customizable ability to describe, integrate and compare any types of possible risk consequences – from financial loss to H&S, from availability to project delay
- A hierarchal structure for the enterprise, down to any required level
Detailed risk strategy information
- Assignment of specific risk treatment tasks and responsibilities to individuals
- Tools for identifying the weak points in the overall risk treatment
- Methods for visually mapping out the strategy around each risk, with automated quantitative risk evaluation and mapping to the risk appetite
- A harmonized risk appetite tool that can be tailored to each business entity or project
- Automated analysis to show your business’ dependence on third parties for the management of your risk exposure
- Tools for evaluating the cost-effectiveness of individual risk management controls, accounting for the different types of impacts that can be faced, and any cascading risks
Powerful risk analysis tools
- Tools for evaluating the capital that should be allocated to cover potential financial losses at a required level of confidence
- Tools to reflect the interactions between risks at any level of complexity, and to show the resultant influence, importance and cost-effectiveness of any specific risk treatment
Implementation and monitoring of risk management strategy
- Individual profile pages displaying risk management tasks that need to be completed
- Overview of owners of risks, their management components and consequences showing how much reliance is placed on key individuals
Auditing and reporting features
- A complete log and recorded history
- Customizable online and published reporting
- Ability to drill down and search for any risk, review the status of any risk treatment action, review the performance of any actor
- Risk management tools to achieve compliance with all current regulatory standards including ISO 31000, COSO ERM framework, BS 31100, OCEG Red Book, and FERMA
Pelican Risk Register features overview
Quantitative heat map showing top risks and effect of controls and mitigations
Quantitative KPIs of any design using data help in Pelican
Analysis of dependency on third parties for managing risk
Full quantitative bowtie risk analysis with multiple consequence types
Risks can be linked to other risks to describe cascading effects
Interconnected risk maps to automatically view the whole causal chain
Drivers (causal factors) shared across risks creating natural interdependencies
Consequences can be shared across risks to show the same consequence can arise from several risks
Automatic log of any changes to risk data. Attach files and comments.
Deep level of analysis of individual risks. Includes FAIR-style analysis for cyber risks
Scenario analysis to automatically determine the most cost-effective way of managing a risk
Automated simulation and aggregation of financial exposure by entity and comparison with risk tolerance thresholds
View list of top financial risks ranked by their VaR
See which people are most relied on for managing risks and ensure the responsibility is well-distributed for greater resilience
Simple data entry for individual risks, or use bulk data entry tables
A library of ready-made report templates to generate new reports with a couple of clicks
Create your own report template with drag and drop. Edit or duplicate existing reports.
Book a demo
What the Pelican Risk Register is not
The Pelican Risk Register is not a Governance, Risk and Compliance (GRC) system. GRC systems offer flexible workflow configurations designed to operationalize business processes and ensure that people follow them. GRC systems manage strict and complex regulatory and industry requirements across corporate environments and may involve thousands of users. A by-product of such systems is the evaluation of the risk of failing to meet such requirements.
The Pelican Risk Register can be integrated with a GRC system to import the risk evaluations into its register and thus incorporate GRC risks into the broader picture provided the GRC system uses quantitative evaluations in their risk assessment. One such example is Archer, the largest GRC system vendor. Archer Insight is Archer’s risk quantification offering. A version of Pelican, rebranded as Archer Insight Workbench, offers Archer clients the full suite of Pelican tools that incorporate Archer data.
How much does the Pelican Risk Register cost?
The following prices are indicative, based on the number of Pelican users we typically see for different company sizes. Organisations with a larger than usual fraction of employees involved in manual labour, lower regulatory restrictions or operating in a low risk environment will have fewer Pelican users relative to its size, and vice versa. The actual cost will depend on the number of registered users, technical aspects associated with installation, and any customized configurations. Training and consulting are available and priced separately.
| Number of employees | One-off installation and configuration | Annual license fee | Time to go live (weeks) |
|---|---|---|---|
| < 5000 | 20k - 40k | 40k - 60k | 2-4 |
| 5,000 – 20,000 | 30k - 60k | 80k - 150k | 2-6 |
| 20,000-100,000 | 40k - 80k | 100k - 200k | 4-8 |
| 100,000+ | 60k - 100k | 150k - 300k | 6-10 |
Get a better idea of how much Pelican Risk Register would cost you
The Pelican Advantage
Complete understanding of risks
The control and mitigation strategies for these risks are coordinated across the enterprise and seek to protect and enhance the value of the enterprise, not just one element of the business.
Consistent evaluation of risks
The evaluation of these risks is based on a methodology that is consistent throughout the enterprise and allows the portfolio of risks to be aggregated up through the entity structure of the enterprise.
Coordinated management of risks
The control and mitigation strategies for these risks are coordinated across the enterprise and seek to protect and enhance the value of the enterprise, not just one element of the business.
Shared responsibility for risk
The responsibility for executing the risk management plan is shared appropriately amongst the employees of the enterprise. In essence, employees work as a team. Risk (and opportunity) identification, assessment, management and communication is a shared responsibility and an integral part of the enterprise’s culture.