ERM Software

Output Examples:

Clicking on most of the screenshots on this page will cause a larger version of the image to open in a new browser tab or window.

From the moment you enter the system the dashboard (below) provides a quick overview of the enterprise's risk and control situation:

Screenshot of the dashboard. Click on this image to see a larger version.

Back to top

Our comprehensive Risk database can capture governance data from a variety of sources:

  • Interactive workshops;
  • Existing Risk Registers;
  • Policy & Procedure documents.

We can also provide generic risk and control data for a multitude of elements of your business from our extensive Governance Library. Controls and risks are matched using our many-to-many matrix solution that allows Impact and Probability ratings of up to 5 levels to be used. Controls can be categorized in up to five groupings.

Screenshots of the matrix, on-screen and as printed. Click on either image to see a larger version.

Back to top

The system's "heat map" will quickly identify major potential threats...

Screenshot of the heatmap screen. Click on this image to see a larger version.

Back to top

...whilst the Risk Profile bar chart provides a comprehensive snapshot of the control environment in any particular area of the organization, or of the organization as a whole:

Screenshot of the risk profile bar chart screen. Click on this image to see a larger version.

This shows, at a glance, the best and worst case scenarios, the situation pertaining if all available controls work as intended, and the current situation following the most recent control testing.

Back to top

As well as comprehensive Risk Registers that capture a multitude of data about individual risks...

Screenshot of the risk register screen. Click on this image to see a larger version.

Back to top

...the system has many additional, unique features:

What is at risk: you can measure the impact of risks against an almost limitless number of attributes – cash, goodwill, Sharia compliance, physical assets, staff knowledge, legal & regulatory situations and many more. One advantage of this is that, for example, the system can be tailored to report easily and quickly under Sarbanes-Oxley.

Evaluating strategic risks: our system handles this in two ways:

  • How the organization's strategic direction could be affected by each risk in the database;
  • What individual risks confront the organization's Strategic Planners and how the organization intends to mitigate these:

Impact on corporate strategy report. Click on this image to see a larger version.

Back to top

Levels of risk: inherent risk, residual risk, actual risk, deployed risk can all be measured by the system. These risks can be grouped by:

  • Function;
  • Process;
  • Product;
  • or any combination to suit a client's business.

In addition, a comprehensive Corporate Risk profile can be built to cover the over-arching, enterprise-wide risks.

Composite risks: the system will allow you to model the effects of “risk combination”, where individually modelled risks occur simultaneously.

Appetite for Risk: risks above a predetermined appetite can all be measured, with graphical output clearly showing any areas of concern.

Appetite for risk graph. Click on this image to see a larger version.

Back to top

Event capture: the comprehensive event capture module allows both events and “near misses” to be captured and the data modelled to produce clear concise graphical output:

Risk trend report. Click on this image to see a larger version.

Back to top

This data allows you to identify how effective individual controls have actually been in mitigating risks, as opposed to how effective you thought they would be when the Risk Profiles were first built:

Control of effectiveness graph. Click on this image to see a larger version.

This is another step from "We Think" to "We Know".

Back to top

You can also model how events have been distributed as regards to their severity:

Event distribution graph. Click on this image to see a larger version.

Back to top

The event data is also used as input to our unique Risk Prediction module. Built in collaboration with the Maths department at Sussex University, this module uses Monte Carlo simulation to produce a range of predicted outcomes from previous event data to help our clients meet Basle II reporting requirements. As well as the standard risk value prediction ranges expected of such modules however, the system allows you to flex the results to take into account improvements in the control environment since the event data was captured and to model the likely effects of proposed, future, control improvements. Imagine being able to report that, for example, by spending £500k now on additional controls future annual losses could be reduced by £700k!  This module can make a real, positive impact on the organization's bottom line.

Key Risk Indicators: the system can be used to monitor a range of key risk indicator data, both internally generated and externally generated; the clear "dashboard" style graphical reports provide immediate alerts:

Key Risk Indicator bar chart.

Back to top

Controls Working and Remedial Action piecharts.

Back to top

Any of the reports in the system's extensive library can be output in many forms for ease of incorporation into an organization's reporting methodology:

Screenshot of report output options.

Back to top

Whilst the system is web-based, a stand-alone version can be loaded onto a lap-top for visits to remote locations; a full import/export capability allows elements of the main database to be exchanged easily.

For ERM to be totally effective the supporting software has to be easily available across the organization and to ensure this is the case our software is multi-lingual; Arabic and Mandarin versions being currently available.

A comprehensive Audit Log allows for tracking of changes to the data, whilst a detailed User Rights module allows access to the database to be strictly controlled.

Back to top

To arrange a personalized demonstration of the software in your own organization, please contact us.