1. Field of the Invention
The present invention relates to a tool for collecting, analyzing and subsequently displaying information about the risks and controls associated with a plurality of objects of study. In one aspect, it is directed to such a tool configured to study various portfolios of software applications used by an organization.
2. Description of the Related Art
Organizations exist for a purpose. They have a vision, goals and specific objectives aimed at achieving the goals and realizing the vision. Risks are those factors that jeopardize the achievement of the organizational objectives, goals, or vision—that create uncertainty that the desire results will be achieved. Organizations must identify risks that put their objectives in jeopardy and deploy controls to reduce the risk exposure to acceptable levels.
When it comes to examining a portfolio of different endeavors, management is often hampered by the lack of consistent methods for (a) identifying and measuring the risk exposures associated with each endeavor, (b) digesting information about the degree to which controls have been implemented to combat those risks, and (c) linking these to accountability within the organization. This makes it extremely difficult for the organization to set priorities and to achieve an optimal allocation of resources toward risk control across the entire enterprise. This failure to establish an integrated risk and control assessment analysis tool exposes an organization to the chance that (a) a major risk may be overlooked that will prevent the achievement of the organization's objectives; and (b) resources will be wasted on inefficient and/or ineffective risk control efforts.