Product Capability Overview

Transcription

1 ACtive Risk MAnAgeR Product Capability Overview Active Risk Manager (ARM) is recognized by independent analysts as having the most extensive range of ERM (enterprise risk management) capabilities currently available. ENTERPRISE-WIDE GOVERNANCE RISK & COMPLIANCE Customer surveys verify that ARM is being actively used in a wide range of business functions and to address numerous issues currently facing today s organizations. This is a short taster of the areas addressed by ARM which cover the breadth and depth of enterprise-wide governance risk and compliance needs. Asset & facilities Risk MAnAgeMent ARM gives confidence to asset managers and provides an enterprise-wide auditable view. For the board, ARM demonstrates that shareholder value around assets is being maximized but also provides the solid information to prove that personal legal responsibilities are being met and business continuity issues are addressed. ARM enables: the linking of risks to asset breakdown structures the handling of insurance and fallback plans in the event of asset failure the management of controls around key assets from procurement to maintenance to retirement the linking of compliance risks to assets the effective identification and management of both known and emerging risks ARM has been developed to address the specific needs of Asset and Facilities Risk Management all within the wider project, program and enterprise context of ERM. ARM improves compliance to regulatory requirements and adherence to company policies and procedures. ARM also addresses specific asset management standards such as PAS55, which look at methods to deliver against corporate objectives by focusing on how these objectives link to the assets of the business.

2 ARM Product Capability Overview Business Continuity & Crisis Management ARM provides Business Continuity and Crisis Management capabilities as part of a full, integrated enterprise risk management solution. This brings BC together with related disciplines such as Insurance Management and Supply Chain Risk Management. ARM provides both the complete picture for the board and the detailed planning needed for operational management, all within a single system. ARM will present the financial options to decision makers and indicate the most cost-effective course of action. With ARM the BC process is no longer reliant on spreadsheets or periodic paper-based exercises. It can be handled in real time and is accessible around the globe 24 hours a day. BC plans, controls, actions and fallbacks can be directly linked to related risks and accessed remotely should a Business Continuity threat actually occur. ARM supports a range of international BC standards including BS 25999, HB 292 and 221 and NFPA ARM makes the whole process more comprehensive and robust. It increases confidence not only within the organization but also for investors, insurers and regulators. Compliance Management The ability to demonstrate to regulators, investors, internal stakeholders and the public at large that your business is being managed and monitored against key regulatory and industry standards is an increasingly important objective for all organizations and it is has been an increasingly expensive process. ARM brings the process and costs under control by recording and managing the growing range of compliance standards into a single system. This means they can be prioritized and resources allocated accordingly against other potential investments. ARM provides: a structured process for identifying key compliance requirements a means to record threats against non-compliance a way to assess the impact of the non-compliance such as fines, the loss of trading licences, damage to reputation and brand value a way to create and share a plan to address any non-compliances ARM s enterprise-wide approach provides greater transparency and a clear audit trail. Controls Management Active Risk Manager supports operational, financial and regulatory controls management. ARM marries a set of advanced capabilities which address both external compliance requirements, such as Sarbanes- Oxley, together with internal enterprise-wide control frameworks for health and safety, IT, human resources and quality management. ARM further allows the tracking and management of controls relating to operations, performance and risk. ARM s easy-to-use interface is configurable for the needs of the varied user communities and job roles involved in this integrated environment. Unlike some other systems where configurability is limited to changing a few screen headings, ARM s adaptable screens, portals, reports and dashboards provide the views appropriate for each level of the organization or partner community. ARM makes viable a long-term strategy to meet multiple regulatory, legal and audit requirements with a single enterprise-wide system. Using ARM will reduce the cost of controls management and help identify better investment options around the financing of IT, financial, health & safety, HR, and quality management processes. ARM customers can sunset their stand-alone specialist controls management products and turn what is often seen as a cost of doing business into a system which can drive improved business performance. Corporate Governance & Ethics From the Sarbanes-Oxley Act through similar rulings and legislation around the world to SEC , there is renewed emphasis being placed on good corporate governance and ethical behaviour. There is an increasing need for transparency, proof of the processes followed and the reasoning behind decisions taken. SEC focuses on compensation packages which over-incentivize individuals to take risks with material impact and the need to provide information about the board s role in risk oversight. ARM provides the enterprise-wide view to enable both risk oversight and insight in a single system with clear reporting and audit trails. Active Risk Manager highlights where governance issues may occur. ARM shows where in the business regions, functions, lines of business etc. - are the greatest risks of non-compliance both to external legislation and to internal ethical standards and polices. ARM links risks to existing controls and highlights where specific mitigation strategies are needed such as

3 Active Risk Ltd. All rights reserved. employee education programs on appropriate behaviour or in managing an ethical supply chain. ARM s breadth means that governance and ethics can be handled in the same system as related domains such as Corporate Social Responsibility, Reputation Management and Controls Management. Corporate & Strategic Risk Management ARM brings into one system the ability to identify and manage risks and opportunities top-down from the corporate level and bottom-up from the operational levels. ARM has both the reporting and analysis capabilities needed by management and the depth of functionality necessary to support projects and operations. Bringing all the elements together in a single, enterprisewide system ensures that what the board is focusing on accurately reflects what s happening in the organization. Corporate performance and business planning can be risk-adjusted based on real information to give the true picture. This makes forecasts more accurate and increases confidence in the messages given externally to the market, credit rating agencies and insurers. ARM represents risks and opportunities both qualitatively and quantitatively so that information can be aggregated across different business functions and rolled up to the board. This approach means patterns can be spotted and emerging risks acted on rapidly. ARM s dashboards and reports present risk information in ways senior management can digest and respond to. ARM provides transparency across the whole business and brings an evidence-based approach to decision making. Emerging Risk & Opportunity Identification As global economic events over the last few years prove, the ability to spot trends and emerging risks as early as possible is vital to give your organization the greatest window to respond. This can be a matter of survival or, in the case of emerging opportunities, provide competitive advantage. ARM brings into one enterprise-wide system all risks, opportunities and related information. ARM scores this data in both quantitative and qualitative ways. ARM provides a monetized view of risk together with probabilities and the costs related to mitigating these risks so a CFO can instantly see company-wide comparisons to inform investment decisions. ARM additionally gives the back-up audit trail for those decisions. ARM interfaces seamlessly with your transactional systems and provides a range of simple-thru - sophisticated input options so that all levels of employees across projects, programs and divisions can be involved as risk and opportunity spotters so that nothing gets missed. Environmental Risk All organizations are looking at the environmental impact of how they do business. How companies are seen to address green issues is having an increasing relevance to corporate reputation and brand value. In many industries, the ability to demonstrate an effective environmental policy is one of the key selection criteria in the bid and tender process especially when doing business with government. For all types of business, ARM s enterprise-wide capabilities will not only highlight and record environmental risk areas but demonstrate how these are linked to plans and controls to mitigate these risks. In specific industries mining for example the importance of environmental concerns is even higher. Being able to provide a good environmental track record and concrete plans can make the difference between winning or losing licences to operate and major contracts. Again the evidence-based approach which ARM underpins makes it simple to provide the detailed proof needed to secure deals. Financial Risk & Controls Many organizations have increased their emphasis on financial controls in recent times. A major catalyst for this was section 404 of the US Sarbanes-Oxley Act, but continued SEC rulings, for example, on the board s role in risk oversight, and other emerging international regulations keep up the focus on this important area. ARM integrates the management of all types of controls, including financial controls, and brings this within a wider enterprise-wide risk management system. This approach exactly mirrors the push from the likes of the SEC to increase enterprise transparency and oversight with a focus on controls and evidence-based management of risk. ARM supports the widely regarded COSO Internal Control-Integrated Framework to provide assurance on the achievement of objectives around the effectiveness and efficiency of operations; the reliability of financial reporting; and compliance with laws and regulations. Using ARM, financial compliance activities and reporting are consolidated as part of the wider management framework, providing transparency and an overview appropriate for each level of the business. ARM makes viable a long-term strategy to meet multiple regulatory,

4 ARM Product Capability Overview legal and audit requirements with a single enterprisewide system. ARM customers can retire stand-alone specialist controls management products and turn what is often seen as a cost of doing business into a system to drive improved business performance. Hazard Management Hazard Management is an example of the flexibility of Active Risk Manager. The capabilities and adaptability of the ARM software have enabled a number of our customers to manage hazards very successfully using the system. The advantages of using ARM include the ability to identify hazards in a common repository which can share this information enterprise-wide if desired. Hazards can be linked to projects and risk related information such as the overall risk to the business, be that financial, health and safety related, reputational or whatever category is most appropriate. ARM can bring Hazard Management within the wider enterprise-wide risk framework which includes controls, mitigation plans and fallbacks. ARM Knowledge Base allows information to be built up and shared as to how the hazards are managed and associated risks addressed. So similar projects can benefit from best practice information, which is shared across the business rather than trapped in siloed systems and spreadsheets. Health and Safety ARM brings Health, Safety & Environmental risk into a common system together with other related risk areas such as project, operational and asset risks. ARM also holds information on hazards, accidents and near misses linking these to the related risks. In this way ARM is the system which delivers the holistic picture of the risk situation across the whole business. ARM can be implemented to cover projects, programs or enterprise-wide. Again this single system approach brings H, S & E risks together with related areas such as insurance management and reputational risk. In industries like mining, infrastructure and construction these H, S and E risks can have major reputation and revenue impacts and so need to be embedded at the heart of strategic decision making. Beyond this, corporate manslaughter legislation responsibilities, which can see an individual held responsible for a fatality, can only be addressed by a system which can show why decisions were taken with a full audit trail and related documentation. H,S & E risks which do happen can be used to inform the assessments of future risk and to put in place appropriate and cost-effective mitigation strategies, such as insurance and improved workplace training. ARM s Knowledge Base can be used to share best practice across the business so that good ideas and proven actions can benefit all. Incident Management ARM brings Incident Management within an all encompassing, enterprise-wide framework that drives the monitoring and management of the risks and opportunities facing the business. ARM supports a wide range of international standards including ISO which states that the management of risk will enable an organization to improve loss prevention and incident management. Active Risk Manager will identify, assess and monitor key events across the organization including losses, near-misses and accidents. ARM connects incident investigations and associated documentation and links incidents to risks to provide the wider picture for all levels of the project, program or organization. ARM minimizes the reoccurrence of all types of incidents and provides a clear ROI by reducing losses. ARM s enterprise-wide approach and breadth of risk management capabilities means that related disciplines and processes such as Reputation Management and Environmental, Health and Safety - can all be addressed in a single system. ARM s reporting, dashboard and portal capabilities mean that the relevant information is presented in the right way for each audience with stringent security and audit trails. Insurance Risk Management Insurance and risk management have often been seen as separate functions. ARM enables information from these related disciplines to be brought together to provide a complete picture of risks and the best ways they can be handled. Risks which have the biggest potential impact will be highlighted for management to decide whether to insure against their occurrence through external providers or to self-insure. ARM also helps reduce premiums by highlighting overlapping or redundant policies and by providing the in-depth evidence to insurers that an organization is taking steps to mitigate their risks. Typical savings have been in the range of 5-12%. The breadth of ARM s coverage means that it can also support decision making in areas such supply chain fragility where new kinds of insurance products are coming to market.

5 Active Risk Ltd. All rights reserved. Internal Audit ARM, as an enterprise-wide risk management system, supports the increasing needs of Internal Auditing professionals. The Internal Audit function must monitor and evaluate the effectiveness of the organization s risk management processes to provide objective assurance to the board. To make this assessment accurate and dynamic you cannot rely on one-off or irregular spreadsheet or paper-based reports. ARM is a web-based, secure system available 24/7. Using ARM will demonstrate one coherent, standardized and deployed process across all relevant parts of the organization and provide accurate information for Audit Committee reporting and decision making. ARM holds all risk and opportunity information together with related controls, mitigation plans, actions and fallbacks in a single system and ARM s standardized scoring process provides assurance that all risks are correctly evaluated. ARM s audit history enables auditors to drill down through the key risk data to aid investigation and assure transparency across the business. Moreover ARM will highlight key risk areas where in-depth audits should be targeted. To further assist the Internal Audit function, ARM supports the broadest range of risk, governance and compliance standards including COSO, ISO and Sarbanes-Oxley. Issue and Loss Management Operational Losses, sometimes called Issues or Incidents, detract from the performance of the business. Active Risk Manager addresses the real world relationship between risk management and these actual events. By linking and managing losses as part of an integrated risk management process, ARM is used to identify and target reductions in these losses through a more intelligent and informed risk management strategy. ARM s closed loop risk management approach shows how effective the risk management process is in preventing actual losses. This not only improves margins but provides an ROI for risk management itself. This also increases accountability across the business. ARM s ability to reduce losses in a demonstrable way can also be used as evidence to support insurance premium reductions. IT Risk & Security For most organizations the IT systems and data they hold are key assets of the business. The successful delivery of IT projects, and indeed any project supported by IT systems, is critical to business performance and success. IT security and resilience is a major factor in business continuity and can have major reputational impacts. Yet IT-related risks are often seen as separate from the core risk management processes of the business. ARM brings the management of IT risks and opportunities into an enterprise-wide system. ARM means they can be considered in a common financial framework against business objectives, where impacts and investment decisions can be compared accurately against their ROI. IT investments can also be channeled to mitigate the key risks identified by the business. Another benefit of ARM s enterprise-wide, web-based risk management system is that the organization is not threatened by having sensitive risk and opportunity information dispersed throughout the company. Risk data held in multiple spreadsheets on individual laptops can easily be lost or stolen. ARM removes this threat with a single secure and auditable system. ARM monitors compliance with COBIT (Control Objectives for Information and related Technology) frameworks and processes. Opportunity & Bid Management Active Risk Manager enables you to build an enterprisewide view of risks and opportunities. This information will help spotlight the right business to go after. It will make it simpler to produce accurate bids on time and de-risk the delivery of the increased business which you win. ARM lets you share information from previous successful bids and profit from lessons learned in project delivery via a growing Knowledge Base. You can even create mitigation plans for the risks identified and demonstrate this understanding within the bids themselves. Using ARM will let you offer more options around commercial terms, look at ways of sharing risk and reward with the customer and partners and make pricing and contingencies more accurate. With demonstrable risk management capabilities an important selection criterion and the use of ARM increasingly mandated in sectors like Aerospace and Defense, ARM is the system to use to prove you are serious about risk management. Process Excellence ARM supports Six Sigma programs and the drive for process excellence. Six Sigma focuses on improving the quality of process outputs by minimizing variability and removing the causes of defects and errors. Six Sigma projects have quantified targets which relate to the improvement sought such as increased profits or cost savings.

6 ARM Product Capability Overview Active Risk Manager s enterprise-wide approach highlights the risks to achieving targets right across the business and puts in place the mitigation steps needed to reduce these risks. ARM supports process excellence by identifying opportunities for improvement. ARM acts as a central repository to collate all types of opportunities to improve - from safety improvements through cost reductions and process efficiencies. ARM s ability to rate opportunities on quantitative or qualitative criteria allows effective comparisons to show which opportunities will give the best ROI and should be pursued. ARM helps drive the cultural change needed to embed a risk-reward aware culture at all levels and its Knowledge Base shares best practice throughout the business so that process improvements can have maximum impact. Process Risk Management ARM s breadth of capabilities enables an enterprisewide approach to the identification and management of risks and opportunities. This means you can use a single system to assess, manage and mitigate the risks which relate to the full range of processes within your business. ARM will also help you to identify and exploit the opportunities which arise in all process areas and at all levels of the organization. From fraud risks around financial processes, through information and security risks related to IT, to operational risks that could impact project delivery ARM provides an holistic view that unlocks information traditionally hidden in separate systems and spreadsheets. ARM s highly configurable user interface brings all communities into the cycle of improvement with screens tailored to the role performed - be that via input, approval, decision making or strategy setting. Unlike some other systems, where configurability is limited to changing a few screen headings, ARM s adaptable screens, portals, reports and dashboards provide the views appropriate for each organizational level. Business processes increasingly extend beyond enterprise boundaries. ARM provides secure access and collaboration capabilities for partners and suppliers. This is especially important in a project environment where companies work simultaneously as partners on one bid or project and are competitors on others. ARM meets US ITAR standards. Project, Program & Portfolio Risk Active Risk Manager is the pre-eminent solution to manage both risks and opportunities in your projects. ARM has been proven in some to the world s most extensive and complex projects with demanding organizations such as NASA and Lockheed Martin. ARM identifies and addresses the uncertainties that threaten the goals and successful delivery of individual projects and up through programs to aggregation at the portfolio and enterprise level. ARM brings suppliers and partners into the process so risks can be identified and shared yet stringent security up to US ITAR standards means players see only the parts of the jigsaw relevant to them. ARM provides a consistent and reliable process replacing inconsistent siloed systems and spreadsheets. Customers report that the administration savings and efficiencies from bringing automation to the production of risk reports and management presentations are substantial even before project improvements are considered. ARM s quantitative and qualitative measurement of risks enables effective comparison and escalation. ARM makes the true picture clear, giving visibility across projects to highlight resourcing issues, supplier performance problems and emerging risks. ARM means you ll deliver more projects on-time, on-budget and win more business as a result. Quality Management ARM brings the Quality Management process and information within a single enterprise-wide risk management system. ARM makes clear the importance of attaining quality targets and shows the linkage between quality and the risks to the business achieving its overall plans and performance goals. ARM can hold quality-related KPIs for all your quality focus areas, including product development and launches, ongoing product quality, returns and complaints, supplier issues and raw material quality. ARM provides proactive monitoring and management against quality thresholds. Deviations from expected levels of quality are linked to related risks and so impacts can be seen and action taken. The comprehensive nature of ARM means controls, actions and fallback plans are held within the same enterprise-wide system. ARM s breadth ensures that Quality Management is closely linked to related areas such as reputational risk management and supply chain risk management. ARM s portal, dashboard and reporting capabilities push the relevant quality data to the right organizational levels. As ARM encompasses project, program and enterprise information, patterns, trends and emerging risks can be spotted and acted on early. ARM can link to documents relating to the quality process and records ownership. In this way ARM meets needs for governance and transparency with a clear audit trail.

7 Active Risk Ltd. All rights reserved. ARM can even be used to quality manage the risk process itself. ARM reports will highlight such things as risk staleness and the percentage completeness of the risk data which has been entered throughout the organization. Reputation & CSR Management Recent examples of corporations (and individuals) in the media spotlight facing reputational issues show how this topic can increasingly affect a brand, sales and even the stock price. The cause may vary from product problems and recalls - through environmental issues and accidents - to employee fraud and malpractice - but the impact can be enormous. ARM is the central repository to hold these reputational risks - linking them with the potential impacts, the controls put in place to prevent them happening and the mitigation plans to reduce the impacts. ARM can monetize the reputational risks to clearly show which pose the greatest threats and allow these to be compared against the costs to reduce those risks. ARM is an enterprise-wide, web-based system and so if any of the reputational risks actually occur then the plans and fallbacks can be accessed immediately and globally. This would be impossible if spreadsheets and a patchwork of systems were involved. A good Corporate Social Responsibility (CSR) program is not only a good thing for an organization to have but can act as one of the strands in the mitigation of reputational risk. Risk-adjusted Corporate Performance Risk-adjusting corporate planning and performance is all about increasing the certainty in delivering the business plan and hitting more organizational objectives, more often. ARM holds both qualitative and quantitative data and links key risks to strategic objectives and KPIs. ARM provides a monetized view of risks which makes for clear comparisons between alternatives. In this way ARM supports better informed strategic decision making and provides an evidence-based approach to assessing the potential actions. ARM enables a risk-adjusted view to show both upside and downside scenarios against the plan. ARM shows how to mitigate the risks and make the most of the opportunities, enabling forward-looking decision making. Controls, mitigation and fallback plans are held within one system to enable program, portfolio and enterprise-wide insight and action. ARM outputs can feed risk-adjusted balanced scorecards. ARM simplifies and speeds up the whole data collection, preparation and presentation process. This is a significant saving in itself where traditionally the reliance has been on collating multiple spreadsheets and hand creating PowerPoint presentations. ARM automates information provision to support decision making at all levels from project through program to senior management and board level. Risk Reserve & Provision Management When embarking on projects or major pieces of work it is prudent to put aside a contingency amount to cover unexpected events. The more information you have, the more accurate the contingency or provision figure can be. ARM removes the need for guess work, fixed percentages or reliance on backwards looking data. ARM provides qualitative and quantitative views of risks and so a monetized picture can be built up. ARM s management of the risks means controls, mitigation plans and fallbacks can be put in place to reduce the chance the risk will happen and minimize the impact should it occur. The risk knowledge in ARM will not only make the provisions match the real risk levels but also show the likely time impacts. You can now forecast the timeline of draw downs against the provisions. This accuracy will let you see risks which might not impact until much later in the project. This knowledge gives you the confidence to free up the budget so that it can be used in ways which will deliver a much higher ROI. Supply Chain Risk Management Globalization of supply chains has brought with it new levels of risk. Products and raw materials, which once your organization sourced locally or from long standing suppliers, may now be directly or indirectly dependent on complex global supply networks. ARM puts you in the picture as to who the key suppliers are, where the biggest risks are found and where you are exposed through single sourcing and single points of supply chain failure. ARM will store your plans to mitigate these risks through strategies such as alternative and dual sourcing, in-house production, building alternative facilities even financial assistance or purchase of vital suppliers. ARM s breadth of business function coverage means that linkages between related areas such as business continuity and reputational risk can be made. ARM provides the information needed to utilize the growing option of insuring against supply chain risk. ARM can also identify emerging risks which could affect the supply chain such as geopolitical problems that might, for example, knock out a number of suppliers located in the same region.

8 ARM Product Capability Overview Active Risk Ltd. All rights reserved. for MORe information, PleAse COntACt us: +44 (0) (EMEA) (Americas)