231 risk assessment

A 231 risk assessment is about assessing the risk of the criminal offences under the Italian Legislative Decree No. 231/2001 being committed in carrying out various company actions/processes.

Risk definition and risk assessment: the digital approach

We use a digital platform to manage risk assessment, making all the tasks necessary to carry out this process that much easier.

Our digital platform allows you to:

  • digitalise data entry and processing
  • enhance user experience
  • create a digital library of company actions/processes associated with predicate offences and the related control protocols and rules of conduct
  • automate risk assessment updates and record changes to risk levels
  • access cloud data without having to implement an IT project
  • generate advanced reports and interactive dashboards to view and monitor risks and protocols, e.g., by group company, department, process, and criminal offence

The preliminary stage of business process mapping entails identifying the individual groups of activities that go into each process. Furthermore, organisational charts, delegated powers and powers of attorney are all taken into account to identify the process owners – i.e., the people responsible for the various phases of each process – to be involved in risk mapping and risk assessment. The preliminary stage concludes with the identification of potential business associates.

A new way to engage process owners

Process owners are given access to a dedicated web app that allows them to perform risk assessments as and when they see fit. They can identify the activities that go into business processes exposed to 231 risks and associate each sensitive activity with the corresponding offence category and means of commission (risk definition). Process owners can then fill in risk assessment surveys through the web app. The surveys are processed by the platform, which, based on the answers provided, identifies the 231 risks associated with the given organisation’s operations and classifies them according to the risk assessment metrics previously agreed with the client and set up on the platform.

The platform helps process owners identify and plan out the actions needed to strengthen internal control systems and thus limit the likelihood of risk events occurring and mitigate any aggravating factors (action plan).

The importance of reporting in risk assessments

Reports on the results of 231 risk analyses can be customised to your needs – by department, business unit, geographical area, company, and so on – complete with statistics and indicators relating to the various risks.