Important Update: Community URLs redirect issues are partially resolved. Learn More. .

cancel
Showing results for 
Search instead for 
Did you mean: 
No ratings
BobbiIreton
Archer Employee
Archer Employee

Summary

Archer announces the general availability of Archer Insight with enterprise-wide risk quantification capabilities which improve the prioritization of risks and controls.  Archer's implementation offers real enterprise risk quantification. Other quantification tools are decoupled from GRC and existing risk inventories, or have a narrow focus on cyber only.

 

Platforms

Available to SaaS (software as a service), and on-premises customers on Archer Platform Version 2024.03 and later.

 

Details

Archer Insight has reinvented the process for facilitating risk managers in moving from qualitative to quantitative risk management programs. The Risks application, formerly known as Risk Register, contains process updates for creating, managing, and aggregating financial expected loss for quantitative risks.  Organizations can analyze meaningful, aggregated risk exposure across existing hierarchy structures such as assets, regions, divisions, functions, etc.  Archer Insight provides an intuitive and robust user-interface offering risk managers 3 options for assessing risks:

  • Actual - actual state of a risk without knowing the specific control environment.  Actual assessment alleviates the process to provide specific controls that differentiate uncontrolled (inherent) rates and impacts versus the actual rates and impacts. Requires minimal input of an actual rate of occurrence for a risk event.  Actual rate is leverage to define a probability distribution, indicating the probability for different number of annual occurrences for the risk event. Users also provide minimal inputs for both economic and non-economic consequences of a risk event which are then utilized to calculate the annualized expected loss.
  • Inherent / Actual – comparison of inherent and actual state of a risk without knowing the specific control environment. With this assessment approach, a user provides both an actual and inherent rate for the risk event, where Insight then calculates the value of collective controls, still without providing specifics for the control environment.  Both the inherent and actual rates are leveraged to define a probability distribution, indicating the probability for different number of annual occurrences for the risk event. And users continue to provide minimal inputs for both economic and non-economic consequences of a risk event which are then utilized to calculate the annualized expected loss.
  • Control Specification - comparison of inherent, actual, and full state of a risk, by indicating specifics about the control environment. The Control Specification assessment provides visibility into the effectiveness and value that each control contributes to preventing the risk occurrence or mitigating its impacts. With this assessment, we also consider the lifecycle and testing of the controls allowing for easy comparison of the risk impact in three control environments: fully functional controls, actual current state, and completely uncontrolled. 

The concept of a Lifecycle Status has been added to control procedures to facilitate workflows around the lifecycle of a control. And by leveraging the combination of the Lifecycle Status and the Compliance status, we determine an actual control value.  Users assess the aggregate control values and the control costs to understand each control’s full return on investment (ROI) in managing risks.

The Risk Statements application, formerly known as the Risk Register Library, not only continues to serve as a template for risk generation, but now also functions as an additional aggregation level for both qualitative and quantitative risks. Risks are now truly an instantiation of the Risk Statement.

A new Risk Generator application has been also added which allows users to quickly generate multiple Risks records, based on the combination of selected Risk Statements and target applications. A risk is generated per unique combination of statement and target upon execution. 

 

Quick Links

 

Download

Please contact your account representative for details on deploying and installing the Archer Insight use case.

One of the following use cases is a pre-req to Archer Insight:

  • IT Risk Management or
  • Top-Down Risk Assessment

 

End of Product Support Policy

Archer has a defined End of Primary Support policy associated with all major versions. For additional details, refer to the Product Version Life Cycle.

Was this article helpful? Yes No
Version history
Last update:
‎2024-04-16 12:17 PM
Updated by: