Strategy, formerly known as Risk Manager, received some much deserved love from our Product Design team and has undergone a major facelift. First, we have renamed this module to better reflect the emphasis on using this tool to manage your top-level enterprise risks that relate to the strategic goals of your organization. With this in mind, we have incorporated some core capabilities within Strategy to support your organization’s enterprise risk management process. In this newsletter, we will go through two major capabilities in detail.

Strategic Risk Library

Need some inspiration to start your enterprise risk assessments? We’ve got just the thing! Introducing Risk Library, a collection of common key risks, curated and normalized from the S&P 500 10-K reports, that you can easily import into your organization’s Risk Profile. Once you have imported the risks into your Risk Profile, you can either use them as they are, or customize the details as needed. ACL will regularly update the risks in Risk Library to ensure the content is relevant and current.

Strategic Risk Library

You may ask, “Can I add risks to my Risk Profile both manually and through the Risk Library?” You can certainly use a combination of both methods! Take a look at the benefits for the two different methods:

Methods for adding risks

For more information about Risk Library, please visit the ACL Help Doc.

Strategic Risk Workshop

Do you feel like you’re herding cats when you’re trying to get your colleagues involved in the risk assessment process? Facilitate a Risk Workshop! This is one of the latest Strategy features that allows you to collaborate with other stakeholders in one centralized location. As a facilitator, you can set up a Strategy map, configure the risk scoring, invite participants, view real-time responses and votes, and apply the risk assessments to the Risk Profile.

You can find out more information about being a Facilitator for a Risk Workshop in ACL Help Docs.

Risk Workshop

Here is a quick comparison of using Risk Workshop vs. individually assessing risk in Risk Profile:

Using Risk Workshop vs. individually assessing risk in Risk Profile

Frequently Asked Questions

When participating in a Risk Workshop do I need to click on a submit button or save it somehow?

No, when you input your answers, it is automatically pulled into the facilitator’s view.

How are inherent, residual, and assurance risks calculated and how does ACL define these?


ACL’s Definition

Inherent risk

All risk scoring factors are multiplied together, with each risk scoring factor multiplied by its assigned weight

Derives from an assessment of an untreated risk. It is the raw risk an organization faces if no controls or other mitigating factors have been put in place.

Residual risk

Inherent risk score x (1-Treatment%)

Derives from an assessment of how much risk remains after controls and other mitigating factors have been put in place.

Risk assurance

Calculated through the combination of Expected Risk and Actual Risk scores.

Normalized value that allows you to benchmark how well the organization is doing across different control objectives so resources can be allocated appropriately.

What is ACL’s methodology based on?

ACL’s methodology is compliant with the COSO and ISO ERM frameworks.