Click an icon to get in touch
Risk is defined as 'the effect of uncertainty on our objectives'
Our ERM is a business-continuous process, according to the ISO 31000 Risk Management standard, led by our senior leadership, that extends the concepts of risk management and includes:
The purpose of the ERM program at Cytrack is to provide a comprehensive framework to proactively manage risks and opportunities that our leadership team collectively agrees are the most important to the achievement of Cytrack's strategic objectives.
ERM promotes an ongoing, risk-conscious culture across Cytrack to enable our decision makers to perform a risk-reward analysis of choices, and make decisions with an understanding of implications of such actions, while pursuing our mission and goals. It is a continuous process and a tool for our leadership team to use in managing existing and emerging risks within our activities.
A Risk Management Team, comprised of a cross-functional representation of our business, provides direction and insight to the ERM process. This group applies their expertise to any identified risk to assess if the risk is actual or perceived, validates the likelihood and impact a risk could impart upon Cytrack, and helps to prioritize risks based on alignment with strategic priorities, among other duties.
A risk is defined as any event or action that impacts Cytrack's ability to achieve its objectives, both positive and negative. In support of this definition, our ERM addresses risks and opportunities that may have an impact on Cytrack's strategic goals and objectives. As such, ERM looks across the entirety of Cytrack using a forward-thinking approach and open communication.
ERM also examines potential risks and opportunities outside of Cytrack that could have an impact, as well as regional, national, and global risks that have the potential to impact Cytrack. ERM examines risk from these perspectives to capitalize on thought leadership, identify lessons learned, and benchmark upon best practices. ERM examines potential risks and opportunities based upon the following risk categories:
Risks or opportunities related to Cytrack's reputation are inherent in all our activities and encompass every risk category. Therefore, the reputation of Cytrack is taken into account for every risk.
Risks or opportunities related to injury, damage, or health and safety of the Cytrack team, including impacts caused by accidental or unintentional acts, errors or omissions, and external events such as natural disasters.
Risks or opportunities related to physical assets or financial resources, such as: government support, R&D funding, budget, accounting and reporting, investments, credit rating, fraud, cash management, insurance, audit, financial plans, debt, etc.
Risks or opportunities related to Cytrack's mission to transform customer experience, improve our customers productivity and save them costs through effective interaction and communication technology. Our mission is to assist companies move their telephony and contact centre services to the cloud. A key factor in our success comes from our inhouse software engineering team with nimble agility and responsiveness to tailor, customise and fine-tune our software and cloud platforms to our customer's specific and unique business requirements according to our ISO 9001 quality management process accreditation.
Risks or opportunities related to management of day to day Cytrack services, activities, infrastructure (including technology), our operations according to our ISO 9001 quality management process accreditation, and the efficient, effective and prudent use of Cytrack resources.
Risks or opportunities related to violations of federal laws and regulations, state laws and regulations, local laws, case law, accreditation standards, Cytrack policies and procedures, and contractual obligations, including contractual agreements and employment contracts.
Risks or opportunities related to Data breach or fraud, Impact to availability of critical information systems, Security incidents at critical third parties affecting business operations.
Risks or opportunities related to severe-weather events such as storms and flooding, use of unsustainable materials, aspect related to climate change.
The first line of defence owns and manages risks. Contrary to how risk management is perceived, individual risks and the controls that mitigate them are not owned by risk or compliance professionals. Rather, our operational management and senior leadership are responsible for ongoing activities that include:
The second line of defence oversees risks. It is at this line of defence where functions associated with risk are found, including Enterprise Risk Management. Functions of the second line of defence include:
The third line of defence provides independent assurance. Internal Audits form the third line of defence, and provides assurance on the effectiveness of governance, risk management, and internal controls.
It assesses the effectiveness of the first and second lines of defence in achieving risk management objectives, and the effectiveness of our risk management and internal control frameworks.
Cytrack also subjects to external auditors for the continuing accreditation and improvement according to the ISO 9001 Quality Management System standard.
For risks identified, prioritized, and assessed, a response and management action plan is captured by ERM in collaboration with the Risk Owner(s). The purpose is to provide awareness and transparency to Cytrack leadership of the actions being taken to ensure that risks outside of Cytrack's appetite are managed to reduce the likelihood and severity of occurrence.
Additionally, for risks that are outside of Cytrack's capability to effectively manage due to internal and/or external factors, this provides an opportunity for any residual risks to be highlighted. Risk responses may include one or several the following:
The risk and current mitigation activities are within the risk appetite of Cytrack, and will continue to be monitored for any changes.
The risk and current mitigation activities are outside of the risk appetite of Cytrack, and will undergo further mitigation and control activities until the risk demonstrates improvement with a reduction in potential likelihood and severity of occurrence.
The risk and current mitigation activities are outside of the risk appetite of Cytrack, and will be transferred to a third party for additional management to lessen the burden of the likelihood and severity of occurrence.
The risk and current mitigation activities are outside of the risk appetite of Cytrack, and will be avoided by discontinuing the activities that are resulting in the increasing likelihood and severity of occurrence.
Our Risk Management and Monitoring systems enables the implementation of a common language and clear ownership of action plans through the capture and reporting of data.
Through training and awareness, Risk Owners have the ability to independently take on ownership and accountability of their risks through this method, and have the ability to continually track and monitor their risk management performance. A Risk Profile is also provided as a condensed, more visual report of the risk to complement the more comprehensive reporting systems.