Enterprise & Operational Risk Management

A discipline that provides risk professionals with tools and frameworks for Identifying, Evaluating, Monitoring, and Controlling Operational Risk.


Managing multiple types of risks in different business silos, and assessing risks using separate methodologies and measurements, leave risk management teams overwhelmed with their risk workload and make them low-efficient.




  • Provides an aggregated view of risk across your organization.
  • Advises leaders to make more informed decisions.
  • Encourages a consistent approach to risk management; common language, measurements, reports and ratings.
  • Helps to improve your organization’s overall risk posture.


RSA Archer Enterprise & Operational Risk Management offers specific use cases to help you identify, monitor and manage risks, perform risk assessments and root cause analysis, and much more.

RSA Archer Issues Management applies to any risk or compliance-related use case to capture and consolidate risks that exceed acceptable levels and need to be addressed; failed or deficient internal controls; key indicators outside boundaries; and loss events requiring remedial actions. Issues Management enables organizations to catalog their internal and external audit findings, regulatory examination issues, and management self-identified issues; establish accountability for problem resolution; and track remediation plans against commitments and due dates.

The RSA Archer Risk Catalog provides the foundation to record and track risks across your enterprise and establish accountability by business unit and named first line of defense manager. The catalog provides a three level rollup of risk, from a granular level up through enterprise risk statements.

RSA Archer Top-Down Risk Assessment enables practitioners to document risk and control procedures. Risk register statements can be rolled up through a two-level risk hierarchy to provide enterprise-level risk statements.

Core to an effective operational risk management program, RSA Archer Loss Event Management allows you to capture and inventory actual loss events, near misses, and external loss events that may be relevant to your business and industry.

RSA Archer Key Indicator Management provides a means to establish and monitor metrics related to risks, controls, strategies and objectives. With configuration, metrics can also be associated with other elements of a GRC framework, such as products, services and business processes, to monitor quality assurance and performance.

With RSA Archer Bottom-Up Risk Assessment, you can engage in targeted project risk assessments. Projects could include fraud assessments or assessments of new or changing products and services, business processes, mergers or acquisitions. Projects can be documented and questionnaires can be created with custom questions and questions derived from RSA Archer’s extensive library of thousands of out-of-the-box questions.

RSA Archer Operational Risk Management is an umbrella of several risk management activities, including risk and control registers, loss event documentation, root cause analysis and workflow review and approval; risk hierarchy roll-up and risk library; key indicator management, including a key indicator library and approval workflow; Top-Down Risk Assessments; Bottom-Up Risk Assessments; Issues Management; and risk self-assessments campaigns (control self-assessments(CSAs), risk & control self-assessments (RCSAs), and process, risk & control self-assessments (pRCSAs).

Want more information on the solution?

– Introducing a unique offer –

ComplyTec and RSA are pleased to offer you a simple and effective way to gain the benefits of automation in your Enterprise Risk Program. Powered by the industry-leading Integrated Risk Management platform, RSA Archer. The offering will provide key foundational elements you will need to:

  • Establish an automated Risk Register
  • Conduct “top-down” risk assessments
  • Track and manage issues across your enterprise

Read more about our Turnkey Enterprise Risk Management Solution

*By submitting my information, I acknowledge and understand that ComplyTec Inc. will send me communications related to ComplyTec products and services. ComplyTec will collect and use your personal information in accordance with their privacy policy. You can withdraw your consent at any time by clicking on the “unsubscribe” link in your email.

Let's Talk