Active Risk€¦ · Active Risk Manager ARM 7.0 Features & Benefits Matrix August 2014 NEW. This...

7.0ARM

Active Risk ManagerARM 7.0 Features & Benefits Matrix

August 2014

NEW

This document provides a breakdown of the key features and benefits in Active Risk Manager (ARM) to help highlight the capabilities for risk, issue, incident and opportunity management at Project, Program, Portfolio and Enterprise levels.

KEY: A ARM (Core) B ARM Unplugged C ARM Reporting/ARM RPM D ARM Apps

Active Risk ManagerARM 7.0 Features & Benefits

ARM Interface – Views A B C D Benefits

Intuitive look and feel. • • • • Standard menu driven browser solution, instant familiarisation by users, reduced training costs, increased participation.

Zero footprint; 100% Web based. • • • Ease of implementation, reduced support costs for new updates, meets even the most secure web browser platforms. Ease of roll out to "associated" participants in the risk process such as government customers and contractors.

Natural interoperability with Microsoft-based operating platforms and Microsoft applications.

• • • • Reduced costs for deployment and support by IT departments. Minimum resistance to acceptance by users and IT. Reduced learning curve for Microsoft-skilled personnel. Efficient seamless interaction across applications.

Launch relevant portions of risk records from browser shortcuts, portal sites, email, presentations, or anywhere a hyperlink can be embedded.

• • Enables real-time risk information updates and eliminates the need to send spreadsheets or paper forms back and forth between risk owners/managers and risk information contributors. Encourages broader risk process participation by simplifying methods to propose risks and update actions.

Multiple Record Type/Template Interfaces.

• • • • Simplifies data entry and ensures an appropriate level of risk management for any risk. Templates such as assumptions, causes, candidate risks, concerns, risks, issue, change requests, opportunities, incidents and the necessary handling plans, actions, controls and fall backs provide the right degree of risk management for any uncertain situation or actual event. Enables the solution to be used for not just "risks" but associated type information capture - eg Complaints.

Offline client to help facilitate risk management workshops and offline updates.

• Facilitates risk workshop "quick capture" and iterative processes to gather, assign, score and plan for risks in any situation, even when on-line access isn't available. Ensures data integrity and eliminates the need to get data clarifications after risk workshops. Eliminates the need to send spreadsheets back and forth between risk information contributors and risk owners/managers.

Multiple graphical tree displays of reporting structures (organization, objectives, project, activities, project requirements, project cost breakdown structures, KPI’s, assets, financial accounts, compliance structures, oversight & escalation groups, third party entities: JV partners, customers, suppliers, regulators).

• • Enterprise-wide visibility and transparency of information with the ability to drill down to areas of interest or roll up and aggregation through the structures. Provides a holistic view of information at any level with secure, data restricted visibility for any stakeholder group. Facilitates risk awareness, communication, sharing and collaboration amongst all stakeholders.

User-defined highlight of user risk thresholds against each tree structure.

• • Helps provide risk stakeholders with instant information when individual risks breach personal financial risk thresholds. Accelerates focus on areas of concern. Enables a deeper pool of risks to be tracked and managed without overwhelming aggregated risk views.

ARM Interface – Use A B C D Benefits

Menu driven. • • • • Provides an intuitive structure for users that minimizes training time. Offers a wide variety of functionality in a clean interface that considers role-based security to present users with only the functions they're authorized to perform.

Rapid access to key functions using right mouse click.

• • • Increases speed of access to relevant functions and simplifies use.

Checkbox selection in the review pane to perform functions on a selected set of risks on the ARM desktop.

• • Quick selection of appropriate data for analysis, reporting or risk linkage maximizes user efficiency by minimizing mouse clicks and screen navigation.

Dashboard providing quick view of risks and easy navigation to all risk management functions.

• • • • Dashboards provide broader risk insights and facilitate drill-through to areas requiring more focused attention.

Comprehensive and context sensitive on-line help.

• • Promotes self-training by providing a comprehensive explanation of features, related information and example usage scenarios. Includes a glossary of terms and search capability to maximize user efficiency.

Support for integration of on-line tutorials within the application.

• Supports the business process adopted and can be tailored for different user roles minimizing the need for training.

On demand spell checker available in main data entry screens.

• Ensures that all ARM outputs are legible and presentable.

Pop up calendars and lists able to be used for simple date entry.

• • • Increases speed and accuracy of data entry.

Cut, copy and paste risks and risk structures across breakdown structures.

• Support Program and/or Organizational Structure changes whilst preserving links to risk data. This is a significant requirement for fast changing organisations and for the pre-population of new risk registers from existing risk data.

Lightweight, simplified features and functions for non-expert users defined by the role they play in the risk management process.

• • Increases user buy-in, accelerates rollout and reduces training costs.

Configurable record type definition distinguishing between Risks, Issues, Opportunities and other user-defined templates.

• • Define organization specific record types and convert from one record type to the other allowing ARM to reflect your organization’s process, terminology and workflow. Ideal for supporting varied levels of risk maturity while preserving a full audit history of the lifecycle of a risk as it transitions from a concern, to a risk, to an event etc.

Hyperlink to risk records. • • • Makes the risk system transparent to users. Provides easy, secure visibility to risk information from common tools such as email, portal pages and intranet sites.

System activity audit. • • • • Full activity traceability and data management assurance of all risk process information.

Risk Identification A B C D Benefits

Risk Entry - simple entry with approval process and workflow notifications.

• • • Ensures data integrity provided through chain-of-command risk reviews.

Risk, Impact, Plan and Response, Evaluation, Test, Deficiency and Remediation entry.

• • • Provides a comprehensive, stepped approach to managing risk/issue/opportunity lifecycles.

Short form role-based risk entry. • • Speeds up data entry with the ability of viewing all risk/control data on one screen.

Knowledge base/Risk templates. • • • Promotes sharing of knowledge, increases speed and relevance of data entry and prevents duplication. Important when the "centralised" risk management function wants to ensure there is a defined level of risk management pushed out to the organisation.

Integrated Issue Management. • • • Ability to record risks that have impacted (100% probability). These can then be used to analyse the effectiveness of the risk management process. Risks that have impacted can be "converted" to issues for tracking and issue resolution.

KEY: A ARM (Core) B ARM Unplugged C ARM Reporting/ARM RPM D ARM App


Opportunities capture. • • Using the ability to create different "risk objects" the system can be configured to manage Opportunities that deliver increased cost reductions or revenue opportunities to projects and the business. Promotes a positive view of managing value across the program and business while also offsetting the risks. Can be used in both a simplified manner or extended out to deliver significant financial benefits as intended by 6 Sigma Process Excellence type programmes.

Custom ID’s as well as system ID’s. • • • Ability to preserve existing ID’s for all data elements.

Multi-level classification structures within risk records.

• • • The classification structures within risk records help build and convey matrix relationships and facilitate analysis, linking, reporting and resource sharing for risks, opportunities, issues, incidents and their handling plans. Can be administered by the business without reference to IT or external consultants reducing time to value and cost.

Risk Categorization and Attributes. • • Ability to slice and dice the risk data to increase speed of identification from the knowledge base or to enhance relevance of reports. Often referred to as the risk taxonomy this enables consolidated aggregate reporting and monitoring of risk impact across multiple risks, registers and business units. Can be administered by the business without reference to IT or external consultants reducing time to value and cost.

Risk Ownership, Multiple Interested Parties and Raised-by fields.

• • • Visible ownership assignment of risks promotes risk awareness, accountability and possible risk sharing/delegation supported by the email alert management system.

Risk Approval Workflow. • • • Saves considerable time in automating the approval process of risks supported by the email alert management system.

Configurable fields. • • • Helps extend or reduce fields within the records to meet different capturing, reviewing and reporting requirements. Allows the software to be configured to match the risk process(es) within a business. Can be administered by the business without reference to IT or external consultants reducing time to value and cost.

Form designer. • • Enables user data entry forms to be painted by administrators. This helps align the risk capture process with the wider risk process making it more relevant and streamlined, easier for users to understand. It also means that customers can do this themselves at the business level without the need for expensive external consultants or IT involvement.

Label Customization. • • • Improves user familiarization and promotes user buy-in across the program or organization with the ability of having multiple label sets to support multiple processes or languages. Helps different aspects of the risk process (eg HR, Project and HSE) to use terminology that is relevant and understandable by them rather than a generic set of labels. Can be administered by the business without reference to IT or external consultants reducing time to value and cost.

Linked documents. • • Provides a dynamic link to any document to support the relevance of the data entered. This link can be to a SharePoint document (photo, PDF file etc) that is installed on the ARM Server or any document able to be referenced in this way through the customers own document management solution.

Grandparent, Parent and Child risk/ opportunity/issue relationships to manage cross-enterprise risks, issues or opportunities.

• Provides visibility and improves manageability of related risks, driving more effective use of mitigation funds through centralised strategies. Reduces risk duplication and redundancy of mitigation efforts/costs. Helps manage risks that cut across multiple parts of the hierarchical reporting structure that do not fit within a linear view of data.

Linkage of a risk/opportunity/issue to multiple risk breakdown structures (WBS, RBS, OBS, Functions, Processes, Assets, Financial Accounts, Objectives, KPI’s etc.)

• Enables the user to assess and manage multiple impacts of one risk without double-counting, providing more accurate and relevant risk impact assessments including the relevant scoring schemes. Risks linked in this way have their own impact assessment relevant to the node the risk has been linked to.

Association of a risk/opportunity/issue to multiple risk breakdown structures (WBS, RBS, OBS, Functions, Processes, Assets, Financial Accounts, Objectives, KPI’s etc.)

• Enables the user to assess and manage multiple impacts of one risk without double-counting, providing more accurate and relevant risk impact assessments including the relevant scoring schemes. Risks linked this way have a single impact assessment that is the same for each linked folder tree item.

Email alerts from risk entry and data amendments.

• • • Promotes proactive risk/action management and provides even non licensed users the right information at the right time. Also takes workload off the Risk Managers.



Creation of master/copy risks that can be used for monitoring interfaced risks.

• • • Beneficial in pushing out standard corporate risks across the business as copies yet retaining control of the master risk.

Risk Status tracking . • • • • Provides users with an indication of which stage in the lifecycle the risk is at.

ARM Apps for simplified risk capture. • Ability to push risk identification across the company by configuring very small data capture "portlets" to run under Corporate intranets, SharePoint or MS Outlook to enable the entire organisation to record unapproved worries, concerns or risks and therefore capture initial risks at source rather than a centralised process.

Risk review. • Ability to record and monitor formal risk reviews from ARM users on a regular basis as risk reviews are conducted in your program or organization. These are available as "journals" and can be used to audit and monitor the reviews a risk has been through by identifying review comments, reviewer and date.

Risk Feedback. • Ability to record and monitor feedback comments on risks by contributors. These are available as "journals" and can be used to audit and monitor the reviews a risk has been through by identifying review comments, reviewer and date.

Risk Assessment A B C D Benefits

Configurable risk scoring matrices and colours.

• • • Promotes users familiarization and supports multiple processes that may be driven by customers reporting needs or different internal processes.

Opportunity and Threat (Risk) scoring. • • • Supports a positive outcome to effective management of risks and values whilst also distinguishing between risks and opportunities.

Multiple scoring schemes and real time re-assessment (say at project, function and corporate levels.)

• • • Provides users with the ability to assess risk/opportunities using specific qualitative and quantitative scoring templates and helps prompt users with relevant qualitative descriptions of impacts. Increases speed and accuracy of impact assessments whilst simplifying the quantification of an impact. This can be used to re-assess against corporate scoring schemes that reflect higher levels of risk appetite.

Inherent, Current and Target Impact Assessment.

• • • Ensures that risks are managed to an acceptable level of impact and ensures a target impact driven approach linked to the handling plan to promote a more objective driven process including ROI. Provides support for risk processes that define Inherent risk (risk with no controls), current risks (risk with controls in place), target risk (current risk with new actions designed to mitigate risk further to..), residual risk where fallback plans protect levels of risk that cannot be achieved through actions alone and therefore require to be dealt with once they become issues.

Quantitative and Qualitative scoring. • • • Supports an automated conversion between qualitative and quantitative assessments using the appropriate scoring scheme. Risks can be assessed qualitatively or quantitatively (using single or three point estimates). ARM benefits the user by triangulating between these two forms of assessment.

Support for multiple quantitative distribution estimates (single point, triangular, uniform, beta pert, normal and poisson.)

• • • Supports industry standard distributions to ensure accurate estimates of risk, opportunity and issue exposure.

Probability and Frequency based risk and issue assessments.

• • • Provides flexibility to support either Frequency or Probability or both assessment types per impact to forecast accurate risk/issue exposure.

Multiple Impact Categories (e.g. Schedule, cost, performance, legal, EBITDA, reputation etc.)

• • • Ability to assess custom impact categories in support of users’ requirements. Define an unlimited number of impact categories for use over different scoring schemes across your business. Select up to 12 for use in any one impact record per risk/opportunity/issue.

Return on Investment calculations. • • Provides an indicator of whether the mitigation steps provide a sufficient enough return over the impact of the risk or the opportunity.

Multiple scoring groups and templates to aid more accurate assessment.

• • Ensures that different types of users from various programs and business units can make specific estimates based on relevant scoring thresholds. Improves user familiarization. Set the default order of impact categories to appear to the user to ensure a speedy assessment capture. Use existing scoring schemes to create new ones to saving administration time.

Coefficient of variation. • • See the amount of variation contained in an impact expressed as a coefficient to enable you to compare and assess risk impacts in terms of their assessment spread as well as size.


Risk Assessment A B C D Benefits

Next assessment date warning. • Gives an indication to the appropriate risk/control owner of when the next assessment is due.

Expected Monetary Value (EMV). • • Provides an assessment of financial risk factored by probability - called EMV (average impact x probability) of a risk assessment based on the cost impacts identified. If three point estimates and distribution types are used then these are taken into account as part of the calculation.

Mean Cost (MCV). • • Quickly see the true mean or average impact value to understand the full exposure should the risk occur. This is being used by a number of customers around black swan type events whereby probability is removed from the assessment as the risk, if it impacts, is deemed to have catastrophic business, life or environmental harm.

Coefficient of Variation (CV). • • The Coefficient of Variation is an expression of the amount of variance contained within the possible impact, i.e. it expresses how uncertain the impact is if it happens.

Assessment history table and chart. • Provides an indication of the fluctuations of risk scores and the effectiveness of handling plans (actions, controls and fallbacks.)

Dashboard traffic lights based on personal and corporate risk thresholds.

• Helps focus the individual user on the most pertinent risks and provides warnings should personal cost constraints be exceeded.

Aggregated Cost Impact Categories. • Cost impact category aggregations provide the user with the ability to see the total cost impact of a risk/opportunity based on an aggregation of all of the cost based categories used in the risk/opportunity impact assessment.

Management Reserve and Provision and Contingency Management.

• Record the actual costs of mitigation activities and have these drawn down from an overall program, division or function’s management reserve to monitor contingency levels, allowing you to manage contingency more effectively by applying it to manage the risks that provide best return in meeting the programs requirements or business objectives.

Risk Treatment A B C D Benefits

Treatment Plan tracking. • • • Provides an indication of whether mitigation plans are on track or off track in meeting target levels of risk reduction. Reduces the likelihood of investing in non-productive mitigation plans/controls/actions. See graphical representations of a (or multiple) mitigation plans, export, print and copy for use in key presentations and distribution around your organization.

Multiple Responses per Handling Plan. • • • As it is often not possible to reduce a risk to an acceptable level through a single action or control, the provision of a mitigation strategy makes it easier to review the performance and Return on Investment of a group of associated Controls/Actions and facilitates the management or mitigation of both single or multiple risks.

Response scoring. • Users can score individual responses qualitatively or quantitatively in order to record the target and actual risk level achieved by the mitigating action. There is also a feature to enable automatic response scoring when a response is marked ‘complete’.

Response sharing. • Use a response on more than one mitigation plan where circumstances result in the same response being applicable to more than one risk mitigation scenario.

Mitigating Actions. • • • Ensures that risks are managed effectively down to the target level using one off measures that have ownership and due dates.

Controls. • • • Ensures that risks are managed effectively down to the current level using recurring measures (see section on Internal Controls Management in relation to the documentation and effectiveness of controls as part of this process).

Fallback plans. • • • Provides the ability to mitigate residual risk where it is not possible or too expensive to mitigate risks down to an acceptable level through controls and actions (eg for external risks around OPEC Oil pricing). Fallbacks provide a failsafe option normally in the form of insurance policies and contingency plans should a risk impact.

Waterfall charts for tracking mitigation plans.

• • Gives a vital indication of the effectiveness of the Mitigation Plan detailing whether the Actions/Controls are reducing the level of risk.

Provision charts to manage risk management spend .

• Ensures that management allocate the correct sums of contingency to the areas in need, as well providing the ability to track the expenditure of ongoing provision funds. Resulting in better value of provision allocation to realise positive ROI from risk mitigation.


Risk Treatment A B C D Benefits

Tracking of Overdue responses. • • Improves Management’s visibility of Action/Control Owners efficiency.

% Completion of actions/controls. • • Gives more flexibility to Action Owners.

Baseline and back on track. • • To help management or users review whether the mitigation steps are on track or to understand why they have slipped.

Assessment score reduction based on success of response.

• • A useful mechanism to establish what level of reduction an Action/Control will have to reduce the level or risk.

ARM Apps for simplified mitigation task management.

• Ability to provide task owners very simple access to view and update their ARM actions using Corporate intranets, SharePoint or MS Outlook and by making it so simple thereby achieving better buy-in from task owners and enabling tasks to be completed as set and approved.

Filtering & Searching A B C D Benefits

Fast “go to risk” function. • Increases speed of finding relevant risks and prevents entry of duplications.

Advanced parameter driven search criteria operating across risk break down structures, risks, impacts, plans and responses in a single screen.

• • • Promotes buy-in and improved ease of use by providing the user the information they require to see in the order they wish to see it. Increases speed of risk assessment, management and control. Hides the backdrop of complex data structures from users so they can simply construct powerful filters without the need to understand the data model. Can be re-used in reporting as well as online displays.

Use of wildcard search selections across customer defined set of fields.

• On average 20% of management time is spent on searching for information. The ability to apply ‘free-text’ searches therefore results in more effective use of time.

Grouping and sorting criteria set within the same filter conditions.

• • The ability set up personal views of relevant filters ordering data accordingly whilst preserving ARM data security.

Ability to save and assign multiple filter conditions and re-use in on demand searching and reporting - direct from dashboard.

• • Personalises the system to meet the users individual needs improving ease-of-use and speed of accessing the required data throughout the system.

Public and group saved filters. • • • Use public filters to make saved filters available to your whole, or a selection of the risk management community to speed up data retrieval and standardise searching.

Relative filter criteria. • • • Use relative filter criteria such as <current date> and <current user> to create standard filters for use across your organisation such as “My top 10 risks”.

Default filters. • • • Allocate individuals or groups default filters to increase efficiency and simplify tasks.

Ad hoc, column display based filtering. • Further simplifies the look and feel of relevant information, increasing the speed of data access and improving user buy-in with the ability to customise the selected views.

Ability to filter by risk breakdown structures, projects, activities, assets, compliance structures and accounts.

• • Enables users to filter data by multiple reporting structures to meet their area of responsibility. For instance all project activities with WBS beginning with 12.100.2* or all Assets with attributes of "Low Reliance".

Regardless of the filter construct, users can only see data they are allowed to see through the security model.

• • • Confidence that regardless who has the ability to run filters in the application or reports, only data the user is authorised to see will be returned by the filter.

Analysis A B C D Benefits

Multiple Single risk and aggregated Risk and Opportunity Matrix (Probability Impact Diagram or Heat Map.)

• • • Enables organisations to deploy multiple qualitative heat maps within a single instance. Offering benefits around reporting against multiple risk reporting requirements simply.

Provides a priority view of relevant risks scored using the appropriate scoring criteria and shows both current and target levels of risks thereby showing at a glance risks that breach risk appetite levels regardless of the level of appetite of the user. Gives a simplistic picture of which risks need to be focussed on and increases risk awareness.



Caveats and Classifications on all charts and reports (set by risk breakdown structure.)

• • • Enables the system to conform to high level security and data confidentiality information reporting requirements often found in defence and high security organisations.

Schedule Analysis - Monte Carlo Simulation.

• Provides an estimation of time savings on managing projects as a result of successfully managing risk and uncertainty and details the sensitivity on individual project activities.

Risk adjusted Schedule Gantt Chart. • View baseline, pre-mitigation and post mitigation dates for imported project plans or folders to understand exactly how risk and the cost of mitigating is likely to affect your project timescales and budget.

Impact Analysis - Monte Carlo Simulation.

• Provides an estimation of cost savings on selected areas of the business/assets/projects or of the whole company as a result of successfully managing risk and uncertainty. Also provides an estimation of the current level of risk/uncertainty mapped against the target level including the cost of mitigation, to calculate the return on investment of mitigating/managing risk. Configurable running criteria such as confidence levels and number of interactions allow you to run the scenario and see results with different factors considered helping to build up an understanding of the risk profile. Can be used to simulate the risk assessment of any quantifiable objectives such as percentages, weight, velocity etc as well as financial.

Impact Cost Forecast - predict future risk exposure and rate of spend.

• This function provides a view of your likely future cost due to risk exposure, smoothed over a periodic time basis, to give an ongoing rate of spend "Monthly", "Quarterly", etc. based on the likely occurrence of risk in the future. The effect of risk is estimated using Monte Carlo simulations for each future time period, taking into account both Frequency and Probability based risks, although this functionality is particularly relevant when modelling Frequency risks, i.e. those which are expected to recur on a regular basis. Gives an immediate indication to the rate of expenditure over a chosen time period and helps forecast what provision of funds are required to effectively manage risk when considering risk financing against business plans.

Provision management (Planned and Actual.)

• Helps to establish Specific and non-Specific Management Reserves which can be used for the financing of risk mitigation strategies and issues. Providing the ability to build contingency into initial project bids and business cases that establish stronger communication and financial certainty around budgets. Helps risk managers understand the level of provision set aside for risk mitigation and can be used by senior management to understand programme level contingency plans, planned and actual draw down from the contingency.

Impact snapshot (Impacts by risk level and status.)

• Gives a metric view of the number and level of risk impacts to quickly determine the level and type of risks that impact the selected business area.

New and Amended risk chart by status. • Helps management view the increases or decreases of changing status’ of risks.

Risk Status Change chart by Risk Status and Time.

• Gives management an indication of what stage in the risks are in the risk lifecycle over a selected time period.

Impact Trend – Impacts by period and risk level (count and weighted score.)

• Provides management a view of increases or decreased impacts over time to assess whether risks are being reduced.

Increased and Decreased Impacts by risk level.

• Shows the current snap-shot of the risk impact, providing a qualitative indication of risk levels.

Export of quantitative results to Excel for further analysis.

• Supports the ability to benchmark results in other third party analysis tools.

Risk Quad charts. • Provides a convenient way to view summary information about a risk, its impact and its handling plan on a single sheet with configurable layout and colour scheme to meet DoD Customer requirements.

Risk Time Frame Window Chart. • Analyse the impact period of your risk profile in order to tackle and prioritise actions in a timely manner.

Risk Map Chart. • Analyse risks in terms of their uncertainty and overall impact value to help focus mitigation resources to where they are needed most.

Tornado Chart. • Analyses which project tasks are the most sensitive to the risks identified helping you to decide where you should best deploy mitigation resources.



Adaptable Analysis Reporting. • Ability to run analysis reports straight from the ARM desktop based on user defined criteria such as:

• Risk exposure and draw down • Contingency/provision spend charts • Summary/Detail relationships and aggregated cost • Risk Process health checking

Prioritisation of risks based on compound criteria such as Impact, proximity and manageability.

Copy & export of charts to other Microsoft Office applications.

• Increases speed of reporting in external applications (MS Office apps), providing time savings in putting together consolidated presentations or reports.

Risk Escalation A B C D Benefits

Escalate records up through an organisation hierarchy to prioritize items requiring immediate and higher level attention.

• Build an escalation tree that mirrors your escalation process, propose and escalate risks/opportunities or issues up through different levels for actioning. Users are able to propose and escalate records when they require higher level support for either awareness or funding purposes. Use alerts to notify parties of escalation movements. Notify higher levels of management about important risks and transfer ownership where appropriate.

Internal Controls Management

A B C D Benefits

Identify and document different types of management controls that form part of the enterprise control framework.

• • Can be used to help define the control framework of the business from Operational (eg Health & Safety) to Compliance (eg SoX and ABC) to internal financial controls. High degree's of configuration enable different processes to be supported across the business.

Link documents to controls. • • Provide supporting documentation for key controls.

Link controls to multiple risks. • • Re-use of controls to mitigate multiple risks.

Standard libraries for corporate risk/control matrices.

• • Use standard risk/control matrices that they are applied to different business units and sites.

Control effectiveness testing cycles. • • Organisations can manage different control testing cycles and push these out to control owners when due. This enables the organisation to put in place a control evaluation process that validates the effectiveness of the controls in the way they are designed and operated, thereby providing confidence in the current level of risk across the business.

The type of evaluation process can be enhanced or simplified depending on the type of control or its significance to the business.

Documentation of deficiencies, rating of deficiencies and remediation plans.

• • When controls are detected as having deficiencies these can be documented and a robust programme put in place to correct the weaknesses through remediation.

ARM Apps for simplified control evaluation.

• Ability to push simple control evaluation across the company by configuring very small data capture "portlets" to run under Corporate intranets, SharePoint or MS Outlook to enable control owners to perform control evaluations very simply without the overhead of the full risk management process.

Email notification of all control related events from creation, update, control testing due, control testing completed etc.

• • To help ensure controls owners are reminded of their responsibilities the system has a rules based configurable email sub-system that can be configured by customers to send emails to risk, control and action owners when key events have happened or are due.

Control Management Reporting. • • Standard Dashboards and reports are available to help manage internal controls from operational users through to senior management. Standard reports include:

• Control Status Dashboard• Risk Control matrix• Control Evaluation Dashboard• Control Evaluations and Tests

Fully integrated with the ARM RPM Dashboard and Report builder to enable customers to develop their own control process and monitoring dashboards and reports.


Business Continuity A B C D Benefits

Identification and documentation of Business Continuity risks and fallback plans as part of the the top down risk management process dealing with residual risk.

• Supports the capture, analysis and reporting of key risks that threaten the continuity of your business in order to make decisions on where to best deploy resources. From these continuity assessments it is normally found that residual risk remains as a factor outside risk appetite levels and therefore requires a strategy for how to deal with the impact of the risk as opposed to managing the current level of risk or reducing it through other mitigation vehicles.

Risk assessment based on Business Continuity type considerations such as Maximum Outage and Maximum Recovery Time.

• The risk assessment schemes are powerful enough in ARM to be used to assess specific business continuity threats against levels of risk appetite related to the impact caused by outage and recovery time. As well as assessing continuity risks this way, full business impact analysis documents can be linked to the assessment process. This caters for business continuity processes that understand and analyse specific assets, resources and the potential impact of other dependent events that may occur at the same time (ie complex scenario's that can only really be modelled in specialist modelling tools).

Business Continuity mitigation plans supporting residual risk assessments.

• Specialised Business Continuity or Recovery plans can be configured in ARM to support the processes requirements and these are linked to residual risk assessments to help provide confidence that where there are major residual risk levels (probably outside of the ability of the organisation to manage down) then these are managed as part of the overall risk management process.

As these plans form part of the overall risk mitigation strategy it means that business recovery plans can be assessed in terms of significance based on the risks they are managing and the economic value of these plans can also therefore be assessed in a wider part of the investment case for risk management.

Testing of Business Continuity Plans. • The ability to test BCP's as part of the internal control framework can be managed through ARM providing greater confidence that the investment in the plans is 1) prioritised from a risk perspective and 2) that the plans will work if required. Failed test programmes are then supported by remedial action plans and the ability to re-assess the level of risk due to a weakness in the BCP.

Automated email alerting. • At any stage of the process those responsible for BC Threats and the mitigation process can be informed automatically by configurable email alerts. This helps inform owners of business continuity and risk owners when risk thresholds around residual risks as a result of impacts on business process continuity are breached, plans are assigned or due dates for review are approaching.

Standard reporting. • A number of standard BC reports are provided in the system to help managers stay informed of the status of business continuity threats, mitigation strategies and quality of plans. These include:

• Business Continuity Dashboard

• BC Plan Summary

• Key Processes/BCP Report

• BC Plan Detail

• Business Continuity Financing

Custom Dashboards and Reports. • For customers who have deployed the ARM RPM sub-system this is fully integrated into the business continuity data sets in ARM thus enabling customers to develop their own dashboards and reports as required to support their own BC process.


Incident Management A B C D Benefits

Configurable data collection forms for customer defined incident types.

• • Supports the set up of incident/issue/loss processes for various kinds of real world events within the business such as Accidents, Compliance Breeches, Project Issues and Operational losses. Different forms can be configured for each type of incident set up and the characteristics.

Ability to configure screen labels by user.

• Data capture screens can be configured with terminology that is relevant to your process and across different processes for different types of incidents.

Incident forms workflow configuration. • Supports approval of the phases of an incident from initial raising to validation, enriching, investigation and sign off.

Document linking to Incident. • • Provides the ability to link photographic and documentary evidence of the incident and for investigation and remediation purposes.

Link Incidents to multiple reporting structures.

• A single incident may affect more than one process, objective, asset, compliance requirement. Therefore the ability to like an incident to multiple reporting structures is essential in a healthy, information aware culture.

Link incidents to risks. • As a key part of the preventative actions required to reduce recurring incidents, the risk process must be assessed to understand the level of prioritisation and investment case. By linking incidents to risks, risk owners can help determine how effective the risk management process is and to understand whether there are leading indicators that the risk and control may need to be re-assessed.

Summary/Detail linking. • Often a major incident has multiple secondary incidents - such as a train derailment impacting individual assets such as bridges, people etc. The Summary/Detail relationship helps manage these top events while addressing the underlying detailed incidents.

Copy/Paste. • • • Easily move incident and investigation records around the organisation as and when the organisation changes. Also useful when looking to archive incidents.

Spell Checker. • Identify those embarassing typo's in management reporting.

Create configurable investigation records for capturing investigations on Major incidents.

• Use root cause analysis techniques like Taproot® to assess and investigate the causes and required corrective actions for incidents.

Link documents to investigations. • • From simple escalation to investigation stage to full details Investigation documentation (which can be prepared and linked as internal or external documents to the investigation.)

Create configurable incident handling actions data capture forms.

• CAPA (Corrective and Preventative Action) management around incidents that can be configured to match your process. Very powerful when connected to the email alerting subsystem.

Create configurable Incident regulatory reporting data capture forms.

• Ability to assess incidents with regard to notification to regulatory bodies. When, who, how was the incident notified to whom. Part of the compliance reporting requirements of many HSE and Environmental regulations.

Email alerting. • • Keep process owners, incident owners, interested parties and action owners informed of the status of the incident and their required action in the incident process workflow.

Standard reports. • • Standard listings and registers of incidents together with summary aggregate loss analysis from a financial perspective.

ARM Apps. • Ability to push incident management across the company by configuring very small data capture "portlets" to run under Corporate intranets, SharePoint or MS Outlook to enable the entire organisation to record unapproved incidents and therefore capture incidents as they occur at source rather than a centralised process.

Customisable dashboards and reports. • • Very powerful Dashboarding and reporting sub-system that allows customers to develop their own reports. Can leverage off a library of over 100 existing templates to quickly modify and customise. Able to publish back to the application to ensure all security and filtering capability is available to report users. Can export to Excel and Word for Management Reporting requirements.

Audit trail - who made record changes and when.

• • Identify who made a change to an Incident, Investigation and Action and when. Important part of the data integrity and transparency of the incident management process.


Audit Management A B C D Benefits

Create and maintain an audit universe to drive annual audit planning cycles.

• Effective coverage of all processes and business units based on a risk based assessment to prioritise audit plans.

Create and maintain audit capture templates that support the planning, engagement, execution, reporting and follow up process.

• Highly flexible and adaptive process for supporting different types of audits and to adapt as the audit process adapts. Customers able to perform this work themselves so quick time to value and very cost effective.

Creation of different types of audit process - eg Internal Audit, Quality Management, HSE.

• Ability to remove manual processes from across the organisation to provide efficiency, integrity and transparency.

Setup of label sets that reflect the terminology of the specific process.

• Solution is able to adapt to more than one audit process.

Create and maintain audit findings templates.

• Findings/Weakness or other forms of results from the audit process need to be captured and assessed for materiality and ongoing recommendations. These vary in nature so ARM provides the ability to configure this part of the audit process for each different audit type.

Create and maintain audit recommendations/actions/measures templates.

• Follow up actions from the audit findings - sometimes called Audit Recommendations, measures, Actions… ARM supports all terminology and allows the data capture forms to be configured to suit the specific audit process - for instance to identify which business process the action relates to, or who the business process owner is that should also be notified as to the status of the action.

Workflow on forms to allow for approval and sign-off.

• Helps ensure that audit details are not amended accidentally once they have been reviewed, resulting in less errors and embarrassing situations with business process owners.

Structure audit programmes with Parent/Child audits.

• Often audits are very large and need to be managed as a large project. Parent/Child enables audits to be broken down to separate work programmes, each with their own objectives, resources and workflow.

Link documents to audits, findings, actions.

• As an essential part of the audit process involves documents in the form of checklists and interview notes, this feature delivers the benefit of richer information content around the audit itself.

Linkage of ERM risks and controls to audits.

• As part of a risk based approach to auditing the ability to link enterprise risks and their related controls to an audit programme is important if the audit objective of providing governance to the risk process is to be achieved. As ARM already manages the risks and controls these are easy to link into the audit programme so that detailed tests can be constructed to provide confidence around the risk process as well as the business department and process being audited.

Provide data history trail for all changes made.

• All changes to audit, findings and actions records are logged with the change made and the name or the user, data and time stamp of the change. This can be interrogated within the application and is also available through the reporting interface.

Standard reports. • Standard reports include: Engagement Memorandum, Audit Report, Audit Actions Dashboard, Audit Status. In most cases customers prefer to develop their own tailored reports using the RPM module.

Dashboard and custom reports. • ARM RPM provides customers the ability to develop their own dashboards and reports - and modify standard reports to suit their own needs. As reports can be access from simple URL linkages this means reporting information can be accessed from any web browser without the need to login and use the ARM software. This increases communication and ease of use by business managers that just need to be informed of status and what they need to do.

Email alerts. • • Upon any assignment of audits, findings or actions defined users are notified by email of the assignment or change in status to take action. This increases efficiency and integrity of the process especially when managing large numbers of audits and follow up actions.

ARM Apps for simplified Audit Action update by Auditee.

• Provision of a very light touch "portlet" able to run off corporate intranets, SharePoint, MS Outlook to help action owner monitor and update actions they own. Automation benefits means that auditors are then alerted every time an action is updated by an owner so the status can be reviewed and reported on without the need for manual follow up processes.

Knowledge Management A B C D Benefits

Save past risk data for future use. • • Move records in to a non live knowledge repository for use in the future, store lessons learnt, template risks and plans to aid others in the risk management process in future.

Linkage of knowledge base items when used across the business.

• • Understand where standard risks and controls have been used across the organisation to help ensure an aspect of centralised governance and quality.


Risk Connectivity Module A B C D Benefits

Interactive graphical display showing the strength of the relationships (connectivity) between risks based on risk taxonomy and other encoding structures.

• It is well proven that most major incidents occur when more than one risk impact at the same time. The ability to understand the relationship between risks and in particular how low level risks can act as a catalyst for larger risks is increasingly an important consideration for risk analysts.

The out-dated method of manually setting risk correlations between all risks is both prone to subjective error, is very labour intensive and is not dynamic to move as the risk register changes. Risk Connectivity moves this forward by addressing these issues.

Gives Risk Managers and their Stakeholders an ability to see the risks that really matter to determine their connected impact and the source of such a connected exposure. Also prompts better use of Treatment or Handling Plans to control or mitigate connected clusters of risks which in turn saves Treatment Plan costs by reducing duplication.

Is based on proven academic models developed in other fields through the Zachman Enterprise Framework which provides a formal and structured way of viewing and defining an enterprise. This is then applied to the underlying risks for that enterprise to try and establish a connectivity between the risks based on this enterprise model and the risk taxonomy structures.

Standard Reports A B C D Benefits

Suite of over 40 standard Reports including risk registers, metrics and trends.

• Providing a standard reporting mechanism to ensure consistency and speed of reporting hugely reducing management and user overhead.

Use of advanced filtering, saved queries and current node filtering against any standard or custom report directly from the desktop.

• • With the use of generic personal filters users are able to increase their speed of generating reports whilst ensuring the relevance of data content. Reports can be run using the filter selected on the ARM desktop.

Use of application security model. • • Due to the embedded capability of MSRS Reports within ARM, security is maintained resulting in considerable saving from not having to re-write security constraints around the reporting application. Additionally caveat and classification information can be specified as mandatory to ensure security constraints are applied to reports that may be distributed and printed.

Export standard and custom reports to different formats.

• Increases speed and flexibility of using relevant data from reports to manipulate into consolidated external report formats.

Reporting access via MS Outlook or Intranet/ARM Apps.

• • Provides report writers the ability to link specific reports with pre-set parameters to MS Outlook folders or any other ability to call URL's directly providing easy access to all users through a familiar and well used application.

This means that many consumers of reported information do not have to go into the ARM application to see information but can call it from portals, intranets, emails or anywhere that supports direct calling of URL's from a web browser.

Configurable reports menu in ARM that can be tailored to the exact needs of each role, grouping the reports and renaming them as required.

• Simplifies the reporting process by providing access only to the reports required by that user role.

Ability to include associated risks when reporting on Portfolio Tree nodes which enables reporting of risks associated with multiple reporting trees to re-use existing risk scoring.

• Increases ease of use and the ability to apply risks and their assessment to the other reporting structures such as assets, financial accounts and corporate objectives without the need for separate assessment.

Ability to export the configured ARM desktop directly to a CSV file format for further reporting with minimum manipulation.

• Increases ease of use for simple reporting from the configured ARM desktop.

Integration with ARM RPM. • • All standard reports are available to customers who also have RPM to be modified and saved as new custom reports - thereby saving time but more importantly proving tailored reports for each specific customer or reporting process.


Custom Dashboards & Reports (RPM)

A B C D Benefits

Users able to produce their own dashboards and reports including grids, pivot tables and charts.

• Ability for users to create reports in hours not weeks or months without technical help. Empowers users to satisfy Stakeholders with impressive dashboard style outputs or simple wizard driven tables, matrices or charts using ARM datasets whilst preserving ARM security and filters.

Risk Performance Manager is developed and maintained alongside Active Risk Manager so all reports produced will be future-proof and not require redevelopment after subsequent version upgrades.

All available ARM data fields can be incorporated into charts including Risk, Incident and Audit data and all related entities.

Able to report upon historical Risk and Response data as well as relationships between Risks (Summary/Detail and Master/Copy) as well as links between Risks and Incidents and Risks and Audits.

Drill through support. • Dashboards and reports can support drill through to more detailed levels of reporting to help "tell the story" for a user as they want to find out more detailed information about anything that has been aggregated.

Export to MS Office documents and PDF.

• If required for integration with other systems of whatever reason then RPM enables all dashboards and reports to be exported to image, document, Excel and PDF formats.

Use of ARM Filters. • Rather than users having to use simple data queries or understand complex data sets, ARM RPM enables users to utilise the same powerful filters that ARM itself uses, thereby enabling the additional benefit of knowing that the reports will reflect what you see in ARM when filters are run.

Automatic scheduling of reports. • The underlying report scheduling capability of the MS Reporting Server can be used to automatically schedule reports and have them emailed or saved to specific file locations.

Use of the ARM Security model. • A major benefit of the ARM RPM sub-system is that it is fully integrated into the ARM security model. Unlike other reporting systems that would bypass ARM security, RPM is fully integrated so the developer of the report can have total confidence that they can in fact give access to the report itself to anyone in the company, but that the end user would only be able to report on ARM data that they were allowed to see in the system.

Publishing the reports to other users. • Enables any standard report or library of template RPM reports to be modified very quickly and made available through the application menu for other users to access.

Security – Functional A B C D Benefits

Support for both Users and Resources (resources are available as recipients of email alerts.)

• • • Facilitates an enterprise wide awareness and participation in the Risk Management process.

User roles defining access to specific system functions (including add, amend and delete transactions.)

• • • • Provides functionality to only those authorized to perform key business functions. Less error and greater confidence in quality of information.

User Groups. • • • Offers confidence to user groups as to confidential information. As a result users can use the system freely to identify risks leading to better Risk Management.

Security attributes enabling risk level security for cross user group security (e.g. ITAR security, Supplier risks and Board level risks.)

• • • • Offers extreme security for risks that must remain absolutely confidential on a need to know basis only. Enables better Risk Management by providing access to multiple internal or external parties preserving their independence if and when necessary.

Define read/write or read only access against business or project areas.

• • • Helps increase risk and opportunity awareness without compromising quality of information or increased costs. Reduces training costs and needs.

Security Preview - capability to preview different users access and security set up.

• Helps ensure security has been correctly set up and reduces errors.

User and Security Access reports. • • Preserves security model whilst reporting.

Planning Integration Security (Security over Plans through interface.)

• Ensures only authorised staff have access to specific/relevant schedule data and offers greater consistency of security policy.

Scoring Scheme Security. • • • Security permissions allowing select users to update scoring schemes to reflect their local level of risk appetite and thresholds.


Application Configuration A B C D Benefits

Customizable screen field labels to fit standards/process.

• • • Better fit the Risk Management process means less compromises in the way the business works to perform Risk Management. Reduced development costs. Meets changes in future requirements better – protecting investment.

Creation of customized record types. • • Record types to enable you to capture different information in different record types such as Assumptions, Issues, Concerns, Key Risks and turn on/off fields for use in different scenarios to fit your business processes. Apply mandatory and read only settings to different fields on each of your record types to enforce a standard process and quality of data capture.

Risk Matrix (size of matrix, colors, threats & opportunity, scores.)

• • Meets the needs of RM process without having to invest in enhancements. Better fit to process leading to easier adoption. Simpler to modify to meet future requirements.

Multiple Scoring schemes based on risk appetite at different levels.

• • • • Enables different parts of the organisation to have different Risk Management process/scoring assessment. More relevance, more participation, more value.

Additional user defined visible fields on Risks.

• • • Meets the needs of RM process without having to invest in enhancements. Better fit to process leading to easier adoption. Simpler to modify to meet future requirements.

Advanced email alert configuration. • Improved user interaction. More specific information to users for awareness and action.

User options – turn off/on icons, Panes. • • • Meets the needs of individuals better, enabling more buy-in participation in the Risk Management process.

Drop list values in Risk, Impact, Plan and Response data entry.

• • • Meets the needs of RM process without having to invest in enhancements. Better fit to process leading to easier adoption. Simpler to modify to meet future requirements.

Security Caveats & Classifications. • • • • Enables user community to clearly understand the confidentiality of the information they are using leading to reduced unauthorised disclosure of information.

Language sets for different user populations.

• • • • For some customers they can reduce training needs and improve understanding/familiarisation of the Risk Management process. Better data capture.

Local folder administration delegation to allow project managers or department managers to configure and manage their own business folders.

• Distributes ARM administration to the parties in an organisation that need the ability to manage day to day aspects of their folders such as user access. Relying less on IT departments to have single responsibility for all administration tasks.

Configure how resource names are stored in and displayed in ARM.

• Align ARM with company policies around user identification making it familiar to users and increasing take up and allowing an easier searching and ordering of users records.

Configurable drop down lists and multi select fields.

• • • Configure the contents and order of items in drop down lists and multi select fields to fit with your businesses terminology and process.

Configurable Active X usage. • Configure whether or not you use Active X or .NET based charts providing organisation with secure browser lock down policies to gain access to the configurable charts.

Security – User Authentication A B C D Benefits

MS Windows authentication. • • • • Standard, safe and good level of security to prevent unauthorised access.

LDAP Authentication for Assure Access from Entegrity Solutions, and Site Minder from Netegrity.

• • • • Supports IT strategy and identity management. Facilitates improved HR. Control of the user community. Reduces effort in resource management.

LDAP load and update mechanism. • Synchronise the ARM resource and user registry with your organisations LDAP repository.

Security – Encryption A B C D Benefits

Integrated Network Security with SSL 128-bit encryption.

• • • • Offers confidence to users about remote working thus improving collaboration and therefore better Risk Management.


Architecture A B C D Benefits

Platform based on pure MS technology (.NET).

• • • • One of the dominant and long term technology stacks. Only MS, therefore it all works together. Means new MS Technology products work in conjunction. MS technology means least potential conflict with IT technology strategy and lower total cost of ownership.

N-tier design, ability to separate out web, application and database servers for load balancing, performance and resilience.

• • • • We are better able to meet Customer interoperability needs and faster time to deliver. Also protects investment. Matches the spend now with performance needs now. Greater flexibility.

100% designed as a browser based solution (all functions including administration available through browser interface.)

• • • Supports collaborative working, home working globally. Reduced deployment and upgrade costs. Reduced need for expensive client hardware. Fits IT strategy for common office products.

Designed and developed by a leading technology company.

• • • • Confidence in purchase and ability to support. Long term partner. Technical excellence giving stability, performance and future proofing. Confidence over in-house developed solutions and Excel due to supportability and proven quality.

Browser solution enables operation across all networks including home computing and reduced roll out costs.

• • • Supports collaborative working and home working (telecommunting) globally. Reduced deployment and upgrade costs with COTS technology stack. Reduced need for expensive client hardware. Fits into companies existing IT infrastructure and strategy.

Web and Application Server based on MS IIS.

• • • • • Reduced cost of deployment per user. End users of an IIS application can run the application using only a browser; no special software needs to be installed on their computers for the application to work.

• A familiar development environment and model. You can leverage your knowledge of Visual Basic by using the Visual Basic programming environment and standard, compiled Visual Basic code. In addition, you can add classes, modules, or any Visual Basic ActiveX component to your project.

• Access to a broad audience. IIS applications work with a wide variety of browsers and operating systems, so you can easily reach a wide audience.

• An object model that gives you direct access to the resources of the Internet Information Server. The Active Server Pages framework provides an object model that allows you to directly manipulate the objects at the core of IIS. This allows you to retrieve information from a browser, send information to it, and perform complex operations on the contents of a Web page. For more information on the object model, see "The Object Model for IIS Applications."

• Reusable components. Once you have created a webclass, you can easily access it in another webclass. For more information, see "Navigating Between Webclasses."

• Separation of code and HTML. Unlike scripting, your code is not embedded in the HTML document, so you can separate the process of designing the application's user interface from writing, testing, and debugging its code.

• State management across multiple interactions with the client. You can manage state using objects or a database, or you can shuttle state between the client and the server.

Administration A B C D Benefits

Simple wizard installation. • • • • Simple wizard installation requiring little administrator intervention with the ability to specify any server locale.

License Management. • Analyze ARM concurrent usage and manage licences across test and production databases to ensure the most efficient use of your ARM system and highlight the value derived from the system in supporting your risk management process.

User Management. • Distinguish between ARM users and resources that are part of the risk management process but do not consume a licence. Retire users keeping audit history but preventing them from logging into the system; reassign their actions and risks to another user. Use alerts to track the creation of new ARM accounts.

Role Management. • • • Assign users to specific roles, build a role hierarchy to help local administrators assign rights to roles beneath them in the hierarchy to give management abilities where they are needed.


Performance A B C D Benefits

System benchmarked to 500 concurrent users (500 people using the system at the same time) by Active Risk (equivalent to approx 10,000 named users.)

• • • • Confidence in performance and use in Enterprise situations demonstrates quality technology build. Confidence in that we have customers who run this size of user bases.

Operating Platforms A B C D Benefits

Web, Application Server and ARM Unplugged client all run on various MS operating systems (please check platform support matrix for release compatibility.)

• • • • Latest security and performance operating system. Fully supported by Microsoft. Takes advantage of all MS interoperability capability e.g. Biz Talk. Scalability means protection of investment and ability to match operating environmental costs as the needs of the business increases."

Browser based user interface runs on MS Internet Explorer 8 or greater.

Existing delivery mechanism. Industry standard will also support home working. Reduced deployment costs, supports technical strategy increased HR benefits for home working.

Database A B C D Benefits

SQL Server and Oracle supported (please see platform support matrix for which releases support which versions of DBMS tools.)

• • • Offers DBMS choice without compromise. Oracle enables UNIX operating systems to be used.

Hardware independent. • • • • Enables better performance/cost mix. May fit IT strategy better. Enables wider choice. Fewer barriers to change (for acceptance.)

Architecture A B C D Benefits

Works within the cloud. • • • • Achieve economies of scale - increase volume output or productivity with fewer people. Your cost per unit, project or product plummets.

• Reduce spending on technology infrastructure. Maintain easy access to your information with minimal upfront spending. Pay as you go (weekly, quarterly or yearly), based on demand.

• Globalize your workforce on the cheap. People worldwide can access the cloud, provided they have an Internet connection.

• Streamline processes. Get more work done in less time with less people.

• Reduce capital costs. There’s no need to spend big money on hardware, software or licensing fees.

• Improve accessibility. You have access anytime, anywhere, making your life so much easier!

• Monitor projects more effectively. Stay within budget and ahead of completion cycle times.

• Less personnel training is needed. It takes fewer people to do more work on a cloud, with a minimal learning curve on hardware and software issues.

• Minimize licensing new software. Stretch and grow without the need to buy expensive software licenses or programs.

• Improve flexibility. You can change direction without serious “people” or “financial” issues at stake.

Browser solution enables operation across all networks including home computing and reduced roll out costs.

• • • Supports collaborative working, home working globally. Reduced deployment and upgrade costs. Reduced need for expensive client hardware. Fits IT strategy.

Web and Application Server based on MS IIS.

• • • • Supports collaborative working, home working globally. Reduced deployment and upgrade costs. Reduced need for expensive client hardware. Fits IT strategy.


Interfaces – Planning A B C D Benefits

Interface with MS Project supporting update of work breakdown structure in ARM and response linkages between applications.

• Enables consistent and complete Risk Management process against projects. Reduces user effort in manual entry. Enables more considered Risk Management in identifying risks against all activities (facilitates risk identification). Ensures that risk mitigation responses are properly project managed, increasing likelihood of meeting exposure targets.

Interface with Primavera supporting update of work breakdown structures in ARM.

• Enables consistent and complete Risk Management process against projects. Reduces user effort in manual entry. Enables more considered Risk Management in identifying risks against all activities (facilitates risk identification). Ensures that risk mitigation responses are properly project managed, increasing likelihood of meeting exposure targets.

Interfaces – Requirements A B C D Benefits

Interface with Telelogic DOORS enabling modelling of risks to contract requirements.

• Allows the business to determine which business requirements are at risk of not being met. Therefore increasing ability to meet business objectives. Assists risk identification and completeness of Risk Management process.

Interfaces – Excel/Server-to-Server

A B C D Benefits

Interface to export and import risk, impact, plan and response data from ARM to Excel, and from one ARM server to another ARM server selecting the appropriate data (including Risk and Activity and Risk data relationships) to send/receive.

• Offers simplistic method of moving data in and out of the ARM database without loss of information. Reduces effort and increases flexibility in being able to get data in and out of the application. Supports use of ARM in secure environments where data can be sanitized, security cleared and updated on the Universal ARM database automatically (dependent on rules).

Exchange A B C D Benefits

Send URL hyperlinks to colleagues to allow them to access ARM risk data directly from an email or a document.

• • • ARM integrates with common desktop applications and encourages usage and buy in to the risk management process.

Web Services API. • • Integrate ARM with other critical applications using the ARM web services API. Many ARM functions are available through this web based interface.

Email alerting A B C D Benefits

Advanced email and SMS alert editor and configuration manager. Set up alerts per business folder configured for a particular department of projects needs.

• • • Meets majority of email delivery platforms, supporting IT strategy. Increase user participation and awareness of risk by setting alerts for a wide number of events in ARM such as ‘new risk raised’, ‘status changes’ or ‘risk assigned to’ and tailor the information contained in the alert choosing from a wide range of alert parameters. Increasing benefit and collaboration leading to better Risk Management. Monitor alerts that have been sent using the alert audit trail.

Customize alert frequency. • Specify alert frequency on an individual basis and have an option to be sent a digest of alerts.

Service Orientated Architecture

A B C D Benefits

MS SharePoint Services delivered as a native framework.

• ARM Apps can be dropped into Sharepoint which can deliver role based views to users faster. Meets specific user group needs better (tailored interaction with Risk Management and Incident Management process). Enables high levels of front-end integration with other applications.

Web Service based API to support MS Sharepoint and Java based Portals (WebSphere, WindChill, Deltek Compass, PlumTree, Oracle, SAP).

• • • ARM Apps are portal independent providing high levels of interoperability. Increase benefits basis on investment. Removes proprietary arguments about COTS solutions.


EMEA Headquarters

Sword Active Risk 1 Grenfell Road Maidenhead Berks SL6 1HN UNITED KINGDOM

Tel: +44 (0)1628 582500

US Headquarters

Sword Active Risk, Inc. 13221 Woodland Park Road Suite 440 Herndon, VA 20171 UNITED STATES

Tel: +1 (703) 673 9580

Australia

Sword Active Risk Pty Ltd 40/140 William Street Melbourne VIC 3000 AUSTRALIA

Tel: +61 3 9229 3850

www.sword-activerisk.com [email protected] Twitter @SwordActiveRisk

Date post:	08-Aug-2020
Category:	Documents
Upload:	others
View:	1 times
Download:	0 times

Active Risk€¦ · Active Risk Manager ARM 7.0 Features & Benefits Matrix August 2014 NEW. This...

Documents