LinkResQ has released a new software tool aimed at helping CIOs achieve best practice in enterprise risk management. The Limerick company has already trialled the software with several organisations in Ireland and this is the first in a planned series of risk tools.
Called CalQRisk-CIO, it is a self-assessment tool that poses a series of individually weighted questions designed to expose any gaps in an organisation’s risk strategy.
“If you want to know how well you are managing your risk, CalQRisk will tell you,” said Gerry Joyce, chief technology officer with LinkResQ. Joyce was an Irish representative on the international working group which drafted the latest risk management standard, ISO 31000:2009.
Before installing the software, each company first undergoes a two-hour workshop to establish its objectives, which could be maintaining a certain level of profit or revenue. Failure to meet those objectives is then represented on a risk register, which is a sliding scale of risk. For example, a 35pc drop of revenue might lead to the company going out of business.
“We establish a common currency so that finance, IT and HR has the same yardstick for assessing risk. In the workshop we set the hymn sheet for everyone to sing to,” said Joyce.
CIO questions
For CIOs, many of the questions centre on steps the organisation takes to store, retrieve and protect its essential data – where it is held, the backup and recovery practices, the levels of protection and the people who have access to it. According to Joyce, an IT department could expect to complete the risk questionnaire in less than two days.
After the workshop and questionnaire have been completed, the software provides a to-do list of action items an organisation can complete in order to better manage its risk. The tool also allows for the concept of compensation control, whereby if a company can’t take the ideal step to reduce the risk, it takes some other action to achieve the same result. “You get credit for everything you do to reduce risk,” said Joyce.
CalQRisk is intended to be used on an ongoing basis so that an organisation has a live snapshot of its risk exposure at any given moment in time. Many of the recommendations cost very little for an organisation to implement, added Joyce. “I would bet 25pc are low or even zero cost. It’s just a practice that might take 30 seconds of somebody’s time each day.”
LinkResQ is in discussions with partners to sell the software in the public sector and another in the IT services sector. Once version 2 of CalQRisk has been developed, the company intends to sell in the US and other international markets.
LinkResQ intends the software to be equally applicable to large and small firms, but Joyce believes it’s more likely to find a home in larger companies where there tends to be higher awareness of the need for risk management.
Organisations can also use CalQRisk-CIO for compliance and auditing purposes, said Joyce, because the software is based on the best practice of an internationally recognised standard. “You can demand a significant reduction in your audit fee if you’re doing this,” he said. “You’re getting answers to questions you didn’t have the expertise to ask in the first place.”
