Internal Environment
The internal environment includes the culture and spirit of the organization. It sets the basis for how risk is viewed and addressed by all entity co-workers, particularly risk management philosophy and risk appetite, integrity and ethical values, and the environment in which the organization operates.
At this stage it is possible to determine:
• the list of strategic objectives of the organization and the associated requirements
Objectives must exist before management can identify the events that may affect their achievement. Risk management ensures that objectives are in line with the mission of the organization and its risk appetite.
• What exists in the enterprise (Organizational Chart, processes, management rules, control systems, responsibilities, etc.)
Defining the internal environment ensures that risk management acknowledges the major objectives of the organization.
Organization of internal org-units
The different org-units concerned must be involved at each step of the risk management project via a communication and consultation process.
This enables building a solution that will be better accepted by the different stakeholders.
To access all entities of the organization with the Process Manager profile from the Processes navigation pane:
Select Hierarchy and expand the Org-Units folder.To define the list of org-units concerned, HOPEX Risk Mapper enables you to enter the enterprise organizational chart.
You can also define objectives and requirements for each organization unit.
For more information on defining objectives, see Organization objectives and requirements.Organization objectives and requirements
To activate the option that allows you to view objectives and requirements: in the left pane of the Options window, select HOPEX Solution > Common Features on the left and check Objectives and requirements modeling box. Certain key documents, such as strategic plans, the business plan, annual reports, economic analyses and other relevant documentation related to the organization and its aims may be consulted to define its objectives and requirements.
An objective is a goal that a company/organization wants to achieve, or is the target set by a process or an operation. An objective allows you to highlight the features in a process or operation that require improvement.A requirement is a need or expectation explicitly expressed, imposed as a constraint to be respected within the context of a project. This project can be a certification project, or an enterprise information system organization or modification project.With HOPEX Risk Mapper, the objectives and requirements of your organization are defined in the properties of the org-unit that represents the organization.
To define the objectives and requirements of each org-unit:
1. Open the Characteristics property page of the Org-Unit.
2. Expand the Strategy and Decisionssection,
3. Select the Achieved objectives tab or Imposed Requirements tab.
Here you can create new objectives and requirements or connect those which already exist.
For more information on the definition of objectives and requirements, see "Objectives and Requirements" in HOPEX Common Features.Organization Processes
To access the organization processes tree:
From the Processes pane, select Hierarchy and expand the Organizational Process folder.If you expand the folder of a process, you can display the sub-processes owned by the current process.
The specific property pages of a process
The process Characteristics property page presents the following sections:
• Responsibilities: to present the persons responsible for the process. For more details, see RACI on a risk.
• Controls and Risks: lists the controls and the risks that relate to the process. For more details, see Assessing Risks.