Periscope's November Update
Updated: Feb 25, 2021
What is Trending?
Some of Periscope’s recent client activities are briefly described below:
Periscope has established an IT security risk register including control frameworks for an existing client.
Periscope is working with an existing client to test a public facing online complaints system that would be available on the client’s webpage. This is being integrated within the existing complaints management module.
One of Periscope’s large government clients has been working on categorising its controls based on the COSO framework (https://www.coso.org/) for its Audit Management System. This client also advised that after implementing some new notifications, reporting on overdue audit actions and engaging with relevant staff, the Department had reduced the number of overdue audit actions from approximately 40% to less than 5% in the last six months.
Periscope recently met with one of its water clients to review its current water quality risk management system. Consideration is being given to how best to accommodate water quality health based targets within the form https://www.wsaa.asn.au/publication/health-based-targets-manual.
Periscope has conducted presentations recently on the following:
A case management system for a Government agency
An incident reporting and feedback system for a disability organisation
Periscope is currently scoping a procurement management system for a large energy generation company covering supplier pre-qualification, contract management and supplier performance. The ultimate aim of the system is to take data feeds from a finance system for contract expenditure and incident reporting system for incidents associated with suppliers.
Periscope recently submitted a proposal for a risk and compliance management system to a prospective energy retail client. It has also been approached by an energy retail and generation company regarding a complaints management system.
Periscope has submitted a proposal to a rural water authority for the provision of a risk management system including threat and opportunity assessment.
Periscope has also scoped a complaints management system for one of its water clients.
Significant work has been undertaken in developing a comprehensive health and safety statistical reporting system across a wide variety of indicators. Periscope is presenting the system to a number of clients in the coming weeks.
Periscope was pleased to hear that two of its clients had recently collaborated to discuss approaches to compliance management. One of the benefits of being part of the Periscope network is that the majority of our clients are happy to share their knowledge and experience, and it is something that we actively encourage.
Periscope will be represented on a Panel for the Governance Institute of Australia on Tuesday 3 December. The subject of the Panel session is “Hypothetical series:The Algorithm in the Boardroom.”
Further details can be found at https://tinyurl.com/gia-periscope
Periscope Case Study – Risk: Threat and Opportunity
Over the last few years, some organisations have adopted the use of threat and opportunity within their risk management system. The types of systems have varied from:
Simply tagging a risk as a threat or opportunity with all other fields remaining the same.
Using the same language for threat and opportunity but different assessment matrices i.e the threat matrix reflects likelihood and consequence while the opportunity matrix reflects likelihood and benefits.
Having different workflows and language for threat and opportunity.
Periscope has recently built a proof of concept for a prospective client that uses threat and opportunity. During the course of build it raised some interesting questions, which included:
Risk appetite – how effectively do risk appetites reflect the distinction between threat and opportunity? At what point does a high risk appetite for certain activities actually reflect an opportunity rather than a threat?
Risk language – does the language used clearly articulate what is appropriate for a threat or opportunity? One of the more obvious ones is using the term consequence for a threat and benefit for an opportunity.
Risk control – when assessing an opportunity, are existing controls considered i.e what controls are in place to allow the pursuit of this opportunity? In a threat context, controls are used to inform the assessment of the current risk rating.
Risk tolerance – how do you decide whether to accept or treat an opportunity? Usually when we see risk as a threat, we decide what level of threat the organisation is prepared to tolerate and what treatment might be required to reduce it to an acceptable level. Are treatments or actions considered to further enhance an opportunity?
As always, at Periscope, we enjoy seeing different approaches to managing governance activities.