OpRiskControl - Mitratech


Mitratech’s OpRiskControl product is an enterprise risk management (ERM) solution for growing organizations that understand managing risks and incidents in spreadsheets and paper files is no longer sustainable. According to OCEG®, 53% of organizations are managing GRC in spreadsheets, documents and e-mail, and only 27% feel their technology is aligned with their risk management needs. When operating across multiple departments, not all risks are adequately monitored and incidents may not be reported. This leaves the organization without an auditable trail and makes the susceptible to monetary and reputational damages. OpRiskControl reduces the manual and administrative burden, allowing the company to focus on proactive and effective risk management.


Organizations that select OpRiskControl as their enterprise risk management solution understand that failure to properly manage and track operational risks can cost their organization millions of dollars and irreparable damage to the state and reputation of their business.

How OpRiskControl solved similar challenges for our clients

Our clients needed an ERM solution that provided greater control, visibility, and accountability of risk throughout their organization. Faced with information scattered in paper files, Excel spreadsheets, and emails, our clients recognized the need for a central repository of corporate compliance information to streamline the entire compliance management process from identification, assessment, and evaluation, through to mitigation, monitoring, and reporting. Full management and tracking of incidents enable staff to record risk events as they occur, regardless of location, with associated causes and remedial actions being addressed by risk leaders across the business. In cases where a client needed to create a new risk following an incident, the new risk form is automatically linked to that incident, ensuring a full and accurate system of record. This bundling of risks and incidents ensures a full and complete audit trail to prove compliance.

While there may be one department in the organization responsible for risk management, all employees need to be accountable for doing their part in mitigating risk. OpRiskControl allows each department head to take responsibility and ownership for their risks while providing real-time oversight to Senior Management, Risk, Compliance and Audit Managers. OpRiskControl allows the risk management team to provide information to key stakeholders in detail or at a high level, based on their preference – for example, risks can be summarized with a risk matrix, with a clearly visible RAG status (Red, Amber, Green) for analysis of all risks.

Our clients also understand that while tracking and managing risks is critical, there may be a point in time where they need to prove they have taken all measures to remain compliant. With OpRiskControl, our clients can rest assured knowing they are able to articulate to both auditors and regulators that inherent risks are being duly mitigated and residual values are accurate, both for current and historic periods. OpRiskControl supports standards such as ISO 31000, Sarbanes-Oxley, Information Security Risks to ISO 27000, and the requirements of FCPA/UKBA and BS 10500, for example.

The tools to help you thrive in challenging situations

Whether implemented to replace manual risk tracking or as an ERM solution, OpRiskControl provides a proven, flexible solution.

  • Identify, Assess, and Prioritize – OpRiskControl’s Risk Register provides quick access to identified risks at any time via a sophisticated and flexible search facility. Holding all risk information in one central and searchable repository eliminates the need for risk managers to collate, view, and analyze several different documents in several different formats in order to produce accurate reports.
  • Minimize and Control – Once a risk has been recorded, controls must be put in place or be planned to mitigate the risk. By identifying and proactively addressing risks, businesses can protect all their stakeholders, including shareholders, employees, customers and regulators.
  • Monitor and Report – OpRiskControl provides consistent reporting so the board has real-time and accurate risk information assisting decision making allows you to intuitively track and monitor trends.
  • Business Process – Automatic reminders and actions can be set, which routinely email the user who is required to perform an action. Coordinating and presenting risk information consistently across the organization, is a challenge for all risk managers, who must ensure that any threats are dealt with effectively. OpRiskControl helps risk managers embed a proactive risk culture throughout the organization.