From Blank Page to Best Practice with Origami Risk’s AI Risk and Control Explorer

Well, welcome and good morning or good afternoon to everyone. Thank you so much for joining us for today’s solution showcase. We’re calling it from blank page to best practice with Origami AI’s, Origami’s AI risk and control explorer. I’m Raina Hathorne. I’ll be guiding you through today’s session, and I’m joined by my colleague, Paul, who will be walking us through the heart of today’s event, the demo. Over the next twenty minutes or so, you can expect, that we will set the stage by talking about the challenge of building a risk register. We’ll introduce our brand new risk and control explorer and how it addresses those challenges, and then the centerpiece, a demo where you’ll see the origami tool in action. And then we’ll close with some key takeaways and open the floor for your questions. So if you have any questions in the meantime, please be sure to drop those in the q and a box, and we’ll get to those as we can. So, Paul, let’s get started by looking at the challenges. Yeah. Of course. Thanks, Reina. So some of you may know, if you’ve ever launched a risk register, you know that getting it right can be kinda difficult. It’s not as easy as it sounds. In my conversations with a lot of organic risk clients, there are three key points or different areas that come up again and again. You know, first, just starting with a blank page. It doesn’t have to be a risk register, but really anything. It’s tough to get going where you really don’t know where to go, and you’re just looking at nothing. Where do you even begin? You know, the second is coverage gaps. You know, even mature risk registers, teams that have had them for years and years, maybe even decades, can miss critical risk and controls, especially as regulations evolve, which continues to speed up, in our environment. And then third, you know, typically just manual upkeep. Keeping frameworks current is a heavy lift and often leads to inconsistencies. The ultimate result is time spent managing the risk register instead of actually using it to drive more value, to drive better risk management. Thanks, Rayna. Yeah. And thanks, Paul. That’s where we see the AI risk and control or where that comes into the story. With a single natural language prompt, natural language being, you know, everyday English, or yeah. This solution can help you generate AI curated risks and controls that are aligned to your business, your industry, your regulatory environment. Whatever details you wanna add to that prompt, it can pull in that as guidance on which risks and controls that it it, suggests. It can help you identify and fill in gaps as, mentioned, and then it can help you improve audit and risk coverage by, surfacing overlooked areas in your risk or control register. And it can quickly create a tailored starting point for different teams or regions. So if you have a risk register for kind of your core operations and you want to expand into new areas, this is a really great tool for getting started for that as well. And this is, I think, the most important and exciting part for me It’s that our AI tool is not just generating a random list. As I kind of indicated, it intelligently highlights the most relevant risk and controls for your environment based on the information that you provided in the prompt, which helps you benchmark your current state and identify your current blind spots. So to bring this to life, Paul is gonna walk us through our demo today. Perfect. Let’s check-in. Well, let’s jump into the demo now. It’s really what everyone joined this webinar for, so the reason to hold off on that. We’re gonna start at our risk register risk listing. We call it a registered origami, but everybody’s got a different name. And our AI risk and control explorer is gonna live right here. You can see it up, right there in the top right hand corner, which we’ll get to here in a second. But I do wanna mention, you know, we’ve talked about a little bit, you know, a big value of this is being able to identify those gaps. So we have this explorer embedded within a risk register on purpose. We need to not only be able to prompt and find what risks and controls maybe we’re not aware of out there through all the data AI can get into, but it needs to be able to then read into our actual register to identify those gaps and make sure it’s not giving us duplicative controls and risks. So that’s really our logic here with having that explorer live right here in the top right hand corner on our risk register. We’ll get back to this register later on, but for now, let’s jump into the actual explorer itself. So this is what that go is gonna look like. Over on the left hand side here, we’re gonna have our prompts. This is where we’re gonna suggest, you know, what we’re looking at we’re looking for from a risk and control perspective. So a lot of times, what is our organization? What frameworks are we working with? You know, who are our stakeholders? You know, really get as granular as you want to, but you don’t have to get super specific. But, obviously, the results will be a little bit better the more specific you get. I picked a hypothetical not real company based in Arizona and Chicago. You know, that may bring up different regulations, depending on the location of your organization, what technology we’re working with, different regulatory requirements we’re already aware of. Of course, the Explorer could find other ones that, you know, maybe we’re we’re not aware of due to some new regulation or law. The size of our company, those key stakeholders I talked about, maybe some cybersecurity infrastructure, but really just a a generic top topic to showcase, you know, the broad capabilities of this explorer here. So I just click suggest, and then it’s gonna create those recommendations for me. For the sake of this webinar, you know, I went ahead and did that. It would take maybe a minute or two to calculate it, but nobody wants to sit here and watch a screen, slowly generate these risk and control. So, just want to be transparent there as well. But down here at the bottom, I’m also gonna have my history. You know, when we get these recommendations, we might always not be the right time for us to go ahead and implement those controls or those risks. So maybe later on, I wanna go back to that history of that prompt I put in a month or two ago because there is a risk or a control that I now want to implement. So you’re always gonna have access to the previous prompts that you already have put in there. So now once I’ve run my prompt, I’ve gathered those suggestions. I now can actually get into the risk and control information from over here. I’ve got about ten plus risks that, our explorer identified for me, and so now I can begin the review. You can see right here in the middle of different categories, information security, regulatory compliance, operational. I can always drill down into the details, which I’ll do here later on. But also I can see the high level risk name, right there up at the top and then the controls underneath it. So not only is the Explorer identifying the risk I need to be concerned with, it’s in identifying the controls and the specific frameworks where those controls are gonna cover off on, different standards or, recommendations from those frameworks. I’ll scroll down a little bit further here. Supply chain, technical talent attrition, regulatory noncompliance, AI analytics, and tool reliability. It’s really across the board, of being able to identify all risks that are inter that could potentially impact, you know, your enterprise or organization. But now from here, let’s get into the weeds of it a little bit. So I can edit the details of this risk right from this page and get it into my register. It already created a name, which we’ll see later on in the register. So I’ve got my number, name, status of it, and then I can make other updates as needed. I’ll just do a quick little change here. Maybe we’ll, you know, update the vertical and the grouping just so we can see these updates, you know, flow later on into that register. Not everything needs to be updated from here, but what you do know, go ahead and put in to this form so it’s just something you don’t have to do later on. Can add that risk description if I already know who that owner is. Can even take it a step further, the executive owner or really any type of stakeholders you wanna add to this. This is just my demo environment, so we’re seeing two, you know, generic risk ownership, fields there. But then also just as important, that risk tolerance and treatment. I’d imagine a lot of times you might not have that data. That’s okay. We’ll be able to put it in later on. But if you do, go ahead and put it in there right now. But from here, I can save those changes, and that’s automatically getting pushed into that risk register for me. So you can see add this risk, and I can hide all the ones that I’ve decided to not not push into my register at this moment. Now from here we can go back into that risk register and see the risk that we just added. So if I go back into here and search for that r zero zero eight six that we saw earlier, and there they are. So now I can drill into this risk and really get to work. Now the value here is, like we talked about earlier, I didn’t have to start with a blank slate, kinda wonder what do I really need to be focusing on. I can leverage the technology of AI to go ahead and get me started and then use my expertise, my experience, you know, to change the finer details or to really get into the assessment, you know, adding more value back into the enterprise instead of just worrying about where to start, what risk should I even be thinking about. This is really just to, enhance your capabilities or your team’s capabilities. So from here, we’re gonna see that risk information that we already saw, that risk grouping data change, that risk vertical construction. I think we all probably can remember that. So it is nice. When I’m in that explorer and I’m making those updates, it’s automatically flowing into the rest of the system. And then there’s those controls as well. So don’t spend your time worrying about what you create, what risks do I need to worry about. Go ahead and get them into here, and then we can start actually doing the work, adding, you know, more value back to our company from here. So I can start making more updates. I could start sending emails based off in this control, add those additional owners that we talked about. What Origami is really great at is being able to associate different data. So if now I wanna go ahead and add this risk to somebody within third party or a vendor that we’re working with, or I wanna add it to a policy, or strategic objectives of the organization, I can start making those additions already right from here. Or I could even get into already performing that risk assessment. So we could already go ahead and get this sent out to somebody. They could be performing that risk assessment, and we can be getting our inherent residual risk assessments right from here. So from there, I can complete it, and I’m really off to the races. That’s how quick we can identify risk, get into the system, and even perform that assessment. And it doesn’t stop just at the risk assessments either. I already have those controls in here too. So if I wanted to go start assigning who the control owners are for these controls, go ahead and perform some type of assessment. I may already know that this control really isn’t effective yet, and we need to be paying attention to it. I’m gonna go ahead and say we’re partially effective. And I’m gonna go in here and go ahead and create an action plan for it as well. So, again, getting rid of that manual, boring work that we don’t wanna do, getting to the information that we really need that’s gonna have impact on our organization, and hitting the ground running by go ahead and be able to perform those assessments very, very quickly, leveraging the AI technology that’s out there, and specifically what lives within Origami risk and on the GRC side of our platform. Awesome. Thank you so much, Paul. That was fantastic. So here are some the big takeaways that I from what you just saw that I think are kind of key. So with Origami’s AI risk and control explorer, like we’ve talked about, you move from zero to best practice risk register with ease, Just a few clicks there as you saw to kind of prompt the engine, get the risks and controls that you need to kind of get your program up and running. You can fine tune those results by adding specific company details, such as your industry, geography, size, regulations, more, anything really you wanna put in there. And you can continuously strengthen coverage by filling in those gaps and reducing blind spots in any existing registers and origami risk. So, yes, it’s about saving time. But more importantly, it’s about building confidence in your risk programs and enabling resilience across your organizations. Yeah. And if you’d like to explore how this could work in your environment, we’d love to connect. Please reach out to your origami team or fill up the survey at the end of the webinar, and we can we can arrange a deeper dive, tailored to your industry and use case. Absolutely. Of course. So now we’d love to hear from you. If you haven’t already, please drop any questions you have into the q and a panel, and, we’ll get to as many as we can. If we don’t get to your question today, please, be sure to, not submit it anonymously, and we will follow-up with you via email. Alright. Let’s see. It looks like we’ve got a few questions coming in. The first one here is from Shannon. She asked, how does the AI know which risk and controls are relevant for my industry? That’s a good one. That makes sense to ask that as well. So the way we did it, our AI risk and control explorer draws from a deep pool of risk and control content. You know, that’s across different industries, frameworks, and regulatory sources. It can recognize patterns and intelligently recommends, the relevant items, you know, environment. So it’s not just generic. It it knows what it’s really looking for in the context of you. That way you’re not just getting generic output. You’re getting aligned suggestions for your industry, for your business. Yeah. Absolutely. Thanks, Paul. Looks like we have another question. It says they say, can I customize or edit the risk after the AI generates them? I think we showed this right in the demo today, but I’ll let you answer too. Yeah. Of course. So it’s gonna give you more of a structured starting point. But everything it generates is gonna be editable. So we solve some of that in there, but I know it’s pretty quick. You can add, remove, or refine risk and controls and make sure they reflect your organization’s unique context. You know, you can kinda think of it like a launchpad to accelerate the hard part, and then you can configure tailor it from there. Yeah. Configuration is really a key element of everything we do here at Origami Risk, and we offer across our solutions. Alright. Looking at the clock, I think we’ve got just enough time for one last question. How about this one from Jerome? They ask, how often should we use the tool, to update an existing risk register? Okay. That’s a good one. So we’re gonna see most of our clients at least use it as a starting point. But it’s also a great solution for keeping registers aligned with evolving risk. So we’ve seen some two tools bring this into their yearly, quarterly, process or maybe just ad hoc when it makes sense, but not just as a starting point. Really, whenever a new regulation or risk emerges, it’s flexible so you can use it to get up and running and and also as an ongoing check-in to strengthen coverage as well. Thanks for that one. Yeah. I like that. Alright. So I think we’ll call it there. Thank you guys so much for joining us today. On behalf of the entire origami risk team, we hope you found this session valuable, and, we hope you have a wonderful rest of your day. Thanks. Bye.