The assessment of IT risks requires the use of all available information sources to identify priorities in prudential terms.

With this in mind, it detects the need to allow the Risk Manager and the IT function to proceed with IT Risk Self Assessment sessions (hereinafter: IRSA) capable of analysing the Bank’s IT risk profile through a process that involves all the structures attributable to the systems exposed.

AIT Risk offers the possibility to conduct IT risks assessment activities through the adoption of methodologies based on industry standards and/or internal policies that allow to determine their potential impact.

More specifically, following a specific mapping of IT risks within the perimeter limited by the expected scenarios (including adverse scenarios related to critical IT systems), the system allows to apply a parameterizable “methodological framework” able to involve, through a workflow, all responsible users called upon to define the levels of impact, frequency and adequacy of the control system.

This flow allows to manage with particular accuracy the segregation of roles and contents, allowing each user involved to make the evaluation only and exclusively with reference to the calculation index of its own pertinence and, above all, only the information for which it is actually responsible.

With A.IT Risk the Risk Manager can take advantage of an instrument characterized by great ease of use, high configurability, innate predisposition to the documentability of sessions.

During an evaluation session, the system facilitates the coordination of the users involved through automatic messages addressed to those who, following a status change, are directly involved in the successive phases.

At the end of the evaluations, the system provides structured reporting of the session outcomes, offering synthesis frameworks that can be “navigated” according to a “drill-down” logic.