Software Functionality and Features
Overview of the most relevant VirtueSpark software features.
Manage risks in context
The system enables you to connect risks to other risks and objectives, assets, processes and all other types of objects in the system. Establishing the context allows all stakeholders to see and understand risks from their perspective.
Furtheron, the algorithms in the system use the contextual information to suggest relations between risks that may not have been obvious to the user.
Risk management functionality
- Creation of new risks upon identification (ad-hoc, from template, etc.)
- Visual display of related objects and links
- Definition of object relations and impact on assets, units and processes
- Mapping of actions, controls and tasks to the risk
- View and edit risk information
- Assign clear ownership
- Risk level definition
- Treatment decision and justification
- Risk activity lifecycle management
- Cause-consequence analysis
- Multiple risk scenarios
- Identification of causes with relations to vulnerabilities and feeding risks
- Identification of consequences and relations to impacted risks
- Track risk status and due dates, get automatic notifications and reminders
- See related assets and controls with status and due dates
- Highlight overdue tasks for risks and related objects
- Full audit and trace log for all changes on the risk
- Point-in-time comparison to report on risk progress
- Comprehensive risk reports
- Tools to collaborate and communicate with peers in the software and via email
- Export to Excel and PowerPoint
- Manage risk revisions
- View and report point-in-time status of risks at any date
Risk aggregation and reporting across the organization
Having risks context allows for smarter aggregation of risks. With the documentation of dependencies, knock-on effects between risks can be identified across multiple level. As a result, operational risks can be brought in relation with enterprise risks and objectives.
Change the way ERM operates
ERM reporting is no longer a list of independent risks per unit. With an integrated view not only the time to collect key risks from units is reduced to a split factor and turned into a brief verification activity instead. ERM reporting also changes fundamentally. Senior management has the ability to drill down into the operational root causes of risks and decide on mitigations where they make the most sense.
Aggregation and systemic decision making
Having relations and impact factors between risk nodes allows for a more comprehensive view. VirtueSpark's underlying graph theory algorithms use this information to create dependency trees. This allows to calculate the total impact of a particular risk across the organization.
Decisions on where to apply risk mitigation with the highest cost-benefit ratio have a new source of information. Instead of applying risk mitigation in isolated units, decisions can be made on a systemic scope.
Contact us for your individual demonstration.
Compliance and Control Assessments
Schedule automatic controls
Schedule your operational controls based on pre-defined control templates to be triggered automatically.
Or define your own controls. The high degree of configuration flexibility allows you to define controls for first and second line of defense or, if you don't follow the lines of defense concept, even define your own levels of control.
Operational control approval and deviation management
Apply an automated approval workflow to ensure your control assessment was accurately performed and escalate deviations. Send the controls to reassessments or directly create actions to mitigate deviations.
Controls management functionality
- Setup and management of controls
- Assignment of control activities
- Definition of control automation and schedules
- Control testing
- Control maturity assessment
- Storage of control assessment evidence
- Deviation management
- Monitoring of control status and due dates
- System notification and reminders for upcoming and overdue tasks
- Ability to use standardized control templates
- Individual definition of control templates
- Ability to map and automatically populate control templates to different asset and object types
- Relation to standardized control frameworks
- Visual display of control scope and context
- Map controls to risks and other related objects
Control framework mapping
No matter if you need to be ISO or NIST compliant. Define control frameworks to your individual needs and map them with established control standards.
In VirtueSpark you can create your own control frameworks and assess your organization against them.
By mapping your framework controls to each other and to established standards, you can automatically assess your maturity against the standard frameworks based on your operational controls. As this way you only have to assess the controls once and use the results for all frameworks you save a lot of time.
Control catalogue and framework assessment
- Creation and setup of individual control frameworks.
- Assignment of control templates based on assessment target types
- Import from our set of existing standard control frameworks
- Optionally add one of the VirtueSpark standard control frameworks or a framework of our partner companies
- Schedule framework assessments
- Assign controls as a bulk or as individual controls to the testers
- Results reporting based on maturity
- Aggregated reporting with drill-down on individual tests
- Time-based reports to evaluate progress or assessments over longer periods
- Radar diagram reporting
- Export results to PowerPoint
Create control assessment reports against frameworks assessments or your individual controls.
Export to PowerPoint for easy management reporting.