many organizations are not mature enough to be able to identify risks individually to assess them individually so having an ability to have an overall risk assessment is extremely beneficial being able to identify risk for any object whether that's a change management request a location is critical and then being able to automate those responses and we're going to see a demo about how we can do that be able to pull the data from the platform makes real time risk a reality and then real time dashboards being able to communicate at all levels and across the organization in the same language but let's see what that looks like in action so i'm going to be carrie the compliance manager and i'm looking at my regulatory risk dashboard where the system has already computed several things for me including my two high risks and three control weaknesses i also have other reports where i can actually drill into the specific authority documents and find out where the issues are in addition i've got my heat maps but what i'm really concerned about are these two high risks they could possibly impact my business so the one i want to look at here is the pci dss risk when i get in there i see that i've got a high inherent risk i've got weak control effectiveness and this weak control effectiveness is what's leading to my high residual risk i also have a variety of assessments which i know are old so i'm going to reassess this risk i'm going to do it as self-assessor so i'm putting my name in here and then i'm going to select submit the system opens up a task for me which i select and then i say yes please i would like to assess very intelligently the system says you already have results would you like to use those well that sounds great that makes a lot easier for me so i am here now in my inherent risk assessment and i see a variety of categories operational impact to business number of businesses impacted and the financial impact i'm going to manually assess these which means i'm going to select high medium or low now i've been doing a lot of these so i know what low means but if i didn't i could hit this question mark on the right hand side and i can open up a screen that shows me guidance so now i know exactly what low medium or high means i can select what i need to select put on my justification and calculate my risk now i haven't changed anything so not surprisingly when we scroll down here we see that i have a high inherent risk so now that i've done this i want to now go and do my control assessment i'm going to select that i'm going to get into my control assessment and i'm going to see a variety of factors now these controls what i'm doing here is trying to test whether or not the controls i have in place are actually mitigating the risks these are automated controls that means that the system is actually going in and selecting the information from the platform from the control tests so there's no manual intervention they're grayed out because it is an automated process and if an assessment changes these numbers will automatically change this is what we mean by real time risk assessments if i wanted to find out how these values were calculated i could click on the question mark to the right and it would bring up the calculations in a an excel spreadsheet and here i can see under design effectiveness that i have two effective controls i have four controls that are ineffective and i have two that were not assessed so that means that of the six that were actually assessed only two of them are effective so 2 out of 6 is the 33 so i can do the same thing for operational effectiveness and for my other factors now i'm not going to change my other factors i'm just going to leave those as weak and you can see my results right now are weak if i go up and i calculate those results again double click when i scroll down here you'll see that my control effectiveness has not changed it's still weak i can overwrite that if i need to and say it's adequate or strong but i'm going to leave it where it is i just need to add a justification now these two methodologies inherent risk and control effectiveness are what's going to be used to calculate my residual risk which the system is going to do for me when i get in there i see that my inherent risk is high my control effectiveness is weak and that's leading to my high residual risk as you can see advanced risk makes the assessment process much simpler and by automating the collection of responses you can not only gain real-time visibility into your compliance posture but you can also make better risk informed decisions if i want someone to review my work i have the workflows to allow me to do that all i have to do is click that request request approval put in my comments you add something here hit submit and now my work is done thank you and have a nice day