Product Update: Introducing Anecdotes’ New Automated Risk Calculation

New automation makes continuous residual risk monitoring possible

In addition to Anecdotes’ data-powered continuous control monitoring capabilities, the platform now empowers users to continuously monitor their risk program. Automated risk calculation leverages live system data and automatically updates residual risk levels when changes in mitigating controls occur. This gives GRC teams a live window into their organization’s risk posture.

Many organizations struggle to keep risk registers up to date

A robust and updated risk register is the basis of a strong GRC program, however managing one on a continuous basis is no easy feat. First, the GRC team must identify all relevant risks to the organization. Next, they define and implement the strategy that is right for the organization’s risk appetite. Finally, and perhaps most importantly, the team needs to monitor the implementation of those strategies and the mitigating controls that have been put in place to ensure the residual risk remains within the organization’s risk appetite. Until now, calculating residual risk has been a manual, time consuming and subjective process.

Shift the focus from audits to true risk management

While aspiring towards continuous monitoring, many organizations have settled for performing an assessment annually at audit time or, at best, monthly. Anecdotes developed automated risk calculation to bring the focus back to risk management. This new feature lets GRC teams see the impact of changes in mitigating controls on residual risk from moment to moment without getting mired in quantitative, subjective, or complex risk assessments.

How to use it

Anecdotes' automated risk calculation uses live system data to monitor the real-time status of mitigating controls. As changes in controls occur, the residual risk levels are automatically updated. The automation is simple to set up and use.

Define the inherent risk level: Enter the likelihoods and impacts of the risk.

Link mitigating controls to the risk and define the residual risk level: Associate mitigating controls with the risk and determine the residual risk level.
Define control weights: For each control, assign weights (in percentages). The impact of different mitigating controls on the likelihood and impact of a risk are not necessarily the same. This new feature allows you to define the weight of each control.

Review changing risk levels: Changes in control statuses, such as a gap detected in a control, will trigger a recalculation of risk levels using the preset weights and notifications will be sent to stakeholders. Users can accept the new risk level or adjust the weighting if necessary before approval.

Regularly review settings: Keep control weighting up to date to ensure accurate calculations.

Automated monitoring happens in the background, and automated recalculation saves the GRC team time and effort. The human-in-the-loop approval process ensures transparency and trust.

Another leap forward in pursuit of data-powered risk management

Anecdotes is the first vendor to support traditional GRC risk assessments — calculating impact and likelihood of risk — based on data automatically collected from organizational assets. By automating risk calculation, Anecdotes leads the industry further on the path to data-powered risk management.