I do not see any place where I can document the Key Risk Indicators in the Risk Module in Eramba. Is this functionality available at all? In case not, do you have it on your development roadmap?
I am actually refering to the indicators used to measure risk levels in comparison to defined risk thresholds, so that the organization receives an alert when a risk level approaches an unacceptable level.
Examples:
Number of instances of service level agreements (SLAs) exceeding thresholds.
High average downtime due to operational incidents.
Average time to deploy new security patches to servers.
I don’t believe this feature exists in Eramba. While I think it would be cool, I think you may be able to do this with a workaround.
For example, you could create a new compliance package with the KRIs. Then, you would create controls for each… Then audit those controls. This can be done in the community version, but with Enterprise you’d be able.to create custom fields and store your KRI values there, then run reports on those.
Personally, I don’t know that I’d do this. I’d probably just create a dashboard in Excel. But, this would allow you to leverage Eramba as a reminder, immutable repository of the data, and a method for the collection (ie, email the owners).
I’d love to see this as a feature in a future release, reverting to spreadsheets is exactly what we should not be doing, and custom fields don’t work as well with reporting.