Cytrack Logo

Click an icon to get in touch

Click to start a web chat Click to start a web chat
Click to send us an email Click to send us an email
Click to request a call-back Click to request
a call-back
Send us an SMS on +61 480 018 370 Send us an SMS on:
+61 480 018 370
Contact us via WhatsApp on +61 1300 296 647 Contact us via WhatsApp
+61 1300 296 647
Click to view all our calling options Click to view our
call options

Defining Cytrack's Enterprise Risk Management (ERM)

Risk is defined as 'the effect of uncertainty on our objectives'

Our ERM is a business-continuous process, according to the ISO 31000 Risk Management standard, led by our senior leadership, that extends the concepts of risk management and includes:

  • Identifying risks across our entire enterprise.
  • Assessing the impact of risks that affect our customers and parners, reputation, operations and mission.
  • Developing and practicing response of mitigation plans.
  • Monitoring the identified risks, holding the risk owner accountable, and consistently scanning for emerging risks.

Enterprise Risk Management at Cytrack

The purpose of the ERM program at Cytrack is to provide a comprehensive framework to proactively manage risks and opportunities that our leadership team collectively agrees are the most important to the achievement of Cytrack's strategic objectives.

ERM promotes an ongoing, risk-conscious culture across Cytrack to enable our decision makers to perform a risk-reward analysis of choices, and make decisions with an understanding of implications of such actions, while pursuing our mission and goals. It is a continuous process and a tool for our leadership team to use in managing existing and emerging risks within our activities.

A Risk Management Team, comprised of a cross-functional representation of our business, provides direction and insight to the ERM process. This group applies their expertise to any identified risk to assess if the risk is actual or perceived, validates the likelihood and impact a risk could impart upon Cytrack, and helps to prioritize risks based on alignment with strategic priorities, among other duties.


Benefits of the Program:

  • Identifying risks across Cytrack.
  • Assessing the impact of risks to our operations and mission.
  • Minimization of negative risks that may affect our operations and services to customers and partners.
  • Enabling risk-informed pursuit of opportunities.
  • Enabling risk-informed decision-making across Cytrack, empowering Cytrack to more fruitfully pursue strategic objectives.

Definition and Scope of Risk

A risk is defined as any event or action that impacts Cytrack's ability to achieve its objectives, both positive and negative. In support of this definition, our ERM addresses risks and opportunities that may have an impact on Cytrack's strategic goals and objectives. As such, ERM looks across the entirety of Cytrack using a forward-thinking approach and open communication.

ERM also examines potential risks and opportunities outside of Cytrack that could have an impact, as well as regional, national, and global risks that have the potential to impact Cytrack. ERM examines risk from these perspectives to capitalize on thought leadership, identify lessons learned, and benchmark upon best practices. ERM examines potential risks and opportunities based upon the following risk categories:


Risks or opportunities related to Cytrack's reputation are inherent in all our activities and encompass every risk category. Therefore, the reputation of Cytrack is taken into account for every risk.

Life / Health Safety

Risks or opportunities related to injury, damage, or health and safety of the Cytrack team, including impacts caused by accidental or unintentional acts, errors or omissions, and external events such as natural disasters.


Risks or opportunities related to physical assets or financial resources, such as: government support, R&D funding, budget, accounting and reporting, investments, credit rating, fraud, cash management, insurance, audit, financial plans, debt, etc.


Risks or opportunities related to Cytrack's mission to transform customer experience, improve our customers productivity and save them costs through effective interaction and communication technology. Our mission is to assist companies move their telephony and contact centre services to the cloud. A key factor in our success comes from our inhouse software engineering team with nimble agility and responsiveness to tailor, customise and fine-tune our software and cloud platforms to our customer's specific and unique business requirements according to our ISO 9001 quality management process accreditation.


Risks or opportunities related to management of day to day Cytrack services, activities, infrastructure (including technology), our operations according to our ISO 9001 quality management process accreditation, and the efficient, effective and prudent use of Cytrack resources.

Compliance / Legal

Risks or opportunities related to violations of federal laws and regulations, state laws and regulations, local laws, case law, accreditation standards, Cytrack policies and procedures, and contractual obligations, including contractual agreements and employment contracts.


Risks or opportunities related to Data breach or fraud, Impact to availability of critical information systems, Security incidents at critical third parties affecting business operations.


Risks or opportunities related to severe-weather events such as storms and flooding, use of unsustainable materials, aspect related to climate change.

First Line of Defence

The first line of defence owns and manages risks. Contrary to how risk management is perceived, individual risks and the controls that mitigate them are not owned by risk or compliance professionals. Rather, our operational management and senior leadership are responsible for ongoing activities that include:

  • Owning and managing risks.
  • Identifying, assessing and mitigating risks.
  • Implementing corrective actions.
  • Implementing and maintaining internal controls.
  • Conducting evaluations of internal controls.
  • Executing risk and control procedures on a daily basis.

Second Line of Defence

The second line of defence oversees risks. It is at this line of defence where functions associated with risk are found, including Enterprise Risk Management. Functions of the second line of defence include:

  • Ensuring that operational management and our senior leadership are implementing effective risk management practices.
  • Assisting risk owners with risk evaluation by taking into account Cytrack's risk appetite.
  • Helping risk owners report risk related information throughout Cytrack.
  • Providing updates on the status of risk and resiliency to our senior leadership team.

Third Line of Defence

The third line of defence provides independent assurance. Internal Audits form the third line of defence, and provides assurance on the effectiveness of governance, risk management, and internal controls.

It assesses the effectiveness of the first and second lines of defence in achieving risk management objectives, and the effectiveness of our risk management and internal control frameworks.

Cytrack also subjects to external auditors for the continuing accreditation and improvement according to the ISO 9001 Quality Management System standard.

Risk Response and Management Actions:

For risks identified, prioritized, and assessed, a response and management action plan is captured by ERM in collaboration with the Risk Owner(s). The purpose is to provide awareness and transparency to Cytrack leadership of the actions being taken to ensure that risks outside of Cytrack's appetite are managed to reduce the likelihood and severity of occurrence.

Additionally, for risks that are outside of Cytrack's capability to effectively manage due to internal and/or external factors, this provides an opportunity for any residual risks to be highlighted. Risk responses may include one or several the following:

Risk Acceptance with Further Monitoring

The risk and current mitigation activities are within the risk appetite of Cytrack, and will continue to be monitored for any changes.

Additional Mitigation

The risk and current mitigation activities are outside of the risk appetite of Cytrack, and will undergo further mitigation and control activities until the risk demonstrates improvement with a reduction in potential likelihood and severity of occurrence.

Risk Transfer

The risk and current mitigation activities are outside of the risk appetite of Cytrack, and will be transferred to a third party for additional management to lessen the burden of the likelihood and severity of occurrence.

Risk Avoidance

The risk and current mitigation activities are outside of the risk appetite of Cytrack, and will be avoided by discontinuing the activities that are resulting in the increasing likelihood and severity of occurrence.

Risk Management and Monitoring Report:

Our Risk Management and Monitoring systems enables the implementation of a common language and clear ownership of action plans through the capture and reporting of data.

Through training and awareness, Risk Owners have the ability to independently take on ownership and accountability of their risks through this method, and have the ability to continually track and monitor their risk management performance. A Risk Profile is also provided as a condensed, more visual report of the risk to complement the more comprehensive reporting systems.