BPC RiskManager V6 Enterprise (Enrima Edition)

From RiskWiki

Jump to: navigation, search

Contents

The BPC RiskManager Software Suite - Features

What is the BPC RiskManager Software Suite?

The BPC RiskManager Software suite is an Enterprise Grade risk management & governance software suite supplied worldwide, and developed and supported by Bishop Phillips Consulting. Originally developed between 1995 and 1997, the system is now in its 6th major version release with updates released roughly every 3 months. Version 6 was originally released in 2006, and the Enrima Edition (the current release) in 2008. The latest release is July 2010.


BPC RiskManager is available in 2 product streams (both of which can be configured as single user desktop or massively multiuser networked solutions). The two product streams are:

  • BPC RiskManager V5 (Express)
  • BPC RiskManager V6 (Enrima Edition)


While there are a lot of similarities between the systems, they are not identical and not data compatible. BPC RiskManager V5 (Express) is maintained on an an annual update cycle, while BPC RiskManager (Enrima Edition) is maintained on a quarterly (every 3 months) update cycle.


In terms of scalability, both systems will handle thousands of simultaneous users, and both model risk management at the enterprise level and project level. Both systems include risk, controls/strategies, consequences, survey, compliance, incident management support and both systems feature customisable screens and field names. Both systems allow multiple simultaneously active databases.


The essential differences are in depth and complexity of issues supported and expandability of the system. Here they have significant differences. Express is designed to be extremely simple and consequently excludes both depth and breadth beyond the functions of a risk and compliance register. It therefore is able to present almost all its risk or compliance record data on a single screen.


In the Enrima V6 series this single screen display is not possible as the both multiple views and considerable anciliary management objects are brought into the system (such as documents, assets, assertions, insurance, claims, etc).


BPC RiskManager V6.2.5 (Enrima Edition)


BPC RiskManager - Who should use it?

User

BPC RiskManager designed to manage the governance function of an organisation. It therefore fits in audit, risk management, compliance management, insurance risk management, environmental risk management, project risk management, human resources, OHS and strategic planning. It delivers functions covering both ther strategic and the operational functions of these disciplines. For example the claims module actually manages insurance claims (not merely registering them), the document management system is capable of actually managing documents (not merely cataloguing them), the compliance and strategy systems actually manage the remediation of the issue, etc.


It functions best as an integrated solution with multiple governenance teams using the one system. With each release we expand the governance functions in the system.


Scale

BPC RiskManager is designed to scale. There are four types of clients using it:

  1. . Single user or small work groups running off a single user install switched to server mode.
  2. . Medium scale enterprises with risk and executive seats on an IT group managed server / in-cloud and database.
  3. . Large scale enterprise with many seats actively managing general risks and compliance issues and project risks, etc
  4. . Hosting consolidators providing cloud services to many clients in different organisations with many databases.


Every version of BPC RiskManager (from the single user install, up) comes capable of operating in all these modes. For each type of operation there are specific features built in to aid maintenance and management (including multi database bulk operatiions for hosting providers).


BPC RiskManager Features

BPC RiskManager V6.2.5 (Enrima Edition) (often referred to as RiskManager V625 or Enrima), is a powerful risk and compliance management solution with an almost unlimited range of end-user configurable solutions. It delivers:


  • General
    • Totally end-user configurable (change almost any label or caption or search relationship, re-task fields, define your own risk and compliance model, build your own reports, define your own work flows, customisable messages, define your own risk structure, etc)
    • Runs out-of-the-box (ready to use immediately after install in single-user or small work group mode).
    • Provides an optional fast configure mode (shown on first run of any client and available at any time thereafter).
    • An extremely versatile ratings engine support multiple methods of ratings compliance and risk issues. Each item can simultaneously store different ratings for inherent, residual, auditor, reviewer and unlimited current self ratings for each of likelihood, impact and (residual) risk. It also holds additional ratings for compliance breach, compliance rating, and unlimited assertion sets.
    • Ratings can be rolled up through trees of risks and compliance issues


  • Functional
    • Risk Management
    • Compliance Management
    • Incident Management
    • Planning
    • Document Management


  • Registers
    • General Risk register(s) with unlimited risk types and able to distinguish project and general risks
    • Project Risk register(s)
    • Compliance register(s) with unlimited assertions/questions and assertions/question groups AND pure HTML based compliance surveys / checklists
    • Incident & Hazard register
    • Insurance register
    • Claims register
    • Legal register
    • Document register
    • Causes register
    • Consequence & impact register
    • Standard strategies register (Type of Control)
    • Strategies & control register
    • Actions register
    • Work flow register
    • Asset register
    • Business plan register
    • Survey register
    • Access control


  • Evaluation engines
    • Risk & compliance rating
    • Question & assertion rating
    • Assessments engine
    • Survey rules engine
    • Charting engine
    • Email management engine
    • Exception tracking engine


  • Work flow control systems
    • Work flow engine
    • Instantaneous internal message engine
    • Instant and batched email management engine
    • PAX & TMS ScripterStudio scripting engines
    • Survey management system
    • Exception tracking engine


  • Data reporting and access
    • Master-child and folder structures can have unlimited mixed general, project and compliance risks members, across multiple registers. In addition to implied relational structures, there are multiple tree structures used to link objects across the application. Two of these of particular relevance to end users are the folder tree and master-child hierarchical network. Both of these tools provide ways to group risk and compliance issues in roll-up and dependency relationships, as well as pools of mutually associated items. These structures are understood by the search and reporting engines.
    • Unlimited risk structuring - risk folders to any depth, risk-linking, risk categorisation, unlimited master-child structures, etc
    • Tree, search and flat risk navigation simultaneously supported
    • Risks/compliance issues can inhabit any number of tree folders simultaneously (allowing multiple grouping and reporting frameworks with risk roll up)
    • Link Objectives, assertions, questions, processes, legislative/regulator obligation, causes, risks, consequences, compliance obligations, controls / strategies, actions, risk history, incidents / hazards, people, supporting documentation, and information web-sites, and more.
    • Full live search-able audit trail of all changes
    • Storable searches used through-out the application to access and feed data to tables, views, folders and reports
    • Multiple reporting engines:
      • Built-in pre-written reports
      • Very powerful, programmable end user report writer and manual (outputs in various formats including HTML and PDF)
      • Word Document (mail-merge) style report engine
      • SurveyManager Instant Reporting engine (maps survey response reports back into the survey layout)
      • BPC SurveyManager operating in web forms mode is a powerful reporting engine in its own right
      • Query Exporter (Administrator only - can cross feed to the import engine creating an excellent method for doing bulk updates based on extracted data)
      • Search based end user export
      • Built-In Charting
      • End-user charting
    • End user sample reports
    • Copy and paste from / to word and XL
    • Powerful import/export administrator only tool
    • Search / chart driven general user export in various formats including XL and PDF
    • Dashboard with drill through to risk collections, risks, assessments and incidents
    • Dashboard risk collections configurable via folder tree view system (so any risk/compliance topic can be put to the dashboard with unlimited layers of drill through).


  • Messaging
    • Built-in automated email messaging based on events and dates for a wide range of scenarios, and occurrences, with email contents able to be fed by custom reports from the report writer.
    • Multiple levels of responsibility assignment on all trackable objects
    • Risk Message racking and work flow message tracking


  • Secretarial, Administration and Desktop Integration
    • MS Office compatible
    • Copy and paste from / to word and XL
    • Powerful import/export administrator only tool
    • Search / chart driven general user export in various formats including XL
    • Spell checking using your MS Word dictionary
    • Simple point and select search system but with an option for savable advanced query writer custom searches if required.
    • Extensive configuration and customisation screens to support tuning the system to do just what you want.
    • Dynamic screen captions allowing you to adopt your own terminology, which also appear to the report writer as the names of the fields
    • Smooth support for large and small fonts and 96dpi and 120dpi and other screen resolutions
    • Works on all versions of windows from W2000 up, including Vista and Version 7.
    • Fast fully automated installation and upgrade system.
    • Available in single/small work group and enterprise configurations


  • Compliance System
    • Compliance obligations can be viewed as general risks and compliance modes
    • General and project risks can have all compliance mode features including assertions/questions attached (Compliance/Risk views exist simultaneously for all risks).
    • Compliance obligations will support multiple compliance models simultaneously (SOX / Sched7 / General / etc).
    • Compliance obligations are stored internally as risks so they roll up smoothly into the general and project risk register
    • Master-child and folder structures can have unlimited mixed general, project and compliance risks members, across multiple registers. In addition to implied relational structures, there are multiple tree structures used to link objects across the application. Two of these of particular relevance to end users are the folder tree and master-child hierarchical network. Both of these tools provide ways to group risk and compliance issues in roll-up and dependency relationships, as well as pools of mutually associated items. An issue can belong to many such relationships at once.
    • Selectable screen editing assignment of ratings allows you to choose where and what ratings can be changed for each model
    • Risk & Control Archiving and unarchiving
    • Instant live update of compliance ratings and master-child roll-ups
    • Unlimited assessments and simultaneous self, internal audit and reviewer assessments
    • Simultaneous mixed formula and grid assignable ratings and question/assertion ratings rules for automated rating translation.
    • Compliance responses automatically convert to risk equivalent ratings so that both compliance issues and risks can be seen on the one heat map, and in comparative tables.
    • Unlimited compliance milestones - snapshots of the risk record including all notes and ratings at an instant in time. Some milestone types allow restoration of the milestone to the current instance of the risk / compliance record. Uses include "balance day" records, what-of analysis, audit evidence snapshots.


  • Risk System
    • General and project risks can have all compliance mode features including assertions/questions attached (Compliance/Risk views exist simultaneously for all risks).
    • Master-child and folder structures can have unlimited mixed general, project and compliance risks members, across multiple registers.
    • Risk Tolerances (rating and numeric) for differential risk reporting and automated condition reporting.
    • Likelihood & consequence trigger points
    • Separate audit comment and tracking data for each risk.
    • Multiple modelling systems - inherent, current and residual risk ratings (with optional likelihood, impact, control and residual categories for each rating)
    • Velocity supported at the impact/consequence level
    • Selectable screen editing assignment of ratings allows you to choose where and what ratings can be changed for each model
    • Risk & Control Archiving and unarchiving
    • Instant live update of risk ratings and master-child roll-ups
    • Unlimited assessments and simultaneous self, internal audit and reviewer assessments
    • Simultaneous mixed formula and grid assignable ratings
    • Confidential risks
    • Risk advisory notes for each risk
    • Unlimited risk milestones - snapshots of the risk record including all notes and ratings at an instant in time. Some milestone types allow restoration of the milestone to the current instance of the risk / compliance record. Uses include "balance day" records, what-of analysis, audit evidence snapshots.


  • Incident Management
    • Fully configurable - drop lists, business rules, screens, etc.
    • Incident type determines rules and attributes
    • Multiple handling steps fully tracked - recorder, assignee, reviewer, responder, escalted to, investigator
    • Automatic triggers for review, escalation, investigation, etc based on user configurable rules (triggered by participant information, incident attributes, etc.)
    • Configurable unlimited incident attributes with triggers (for reviews, escalation, enhancements, workflow, etc.) to classify incidents
    • Unlimited configurable incident types (which determine the set of incident attributes applied to the incident)
    • Incidents have a built in workflow – record, assign, review, escalate, resolve, investigate, close
    • Unlimited user defined additional fields for storing extra data
    • Unlimited text fields details/notes, etc for unstructured data
    • Change tracking
    • Separate org structure defnition that lives side by side with the risk management org structure (allowing different structures for risk/compliance and incidents)
    • Structure and rule driven review, escalation and investigation
    • Unlimited incidents per risk/compliance event
    • Incidents attached to more than one risk/compliance topic
    • Incidents can be created and attached to a risk/compliance topic at a later time
    • Notifiers
    • Incident Causes – immediate and underlying (mirrors risk causes)
    • Incident Actions – Current (done) and future, both proposed and approved + action assignment, progress and tracking
    • Proposed actions can be converted to risk / compliance topic controlls
    • Large array of location types (even GPS location specification)
    • Unlimited partcipants per incident (with user defined roles)
    • Particpant records of interview
    • Participant injury tracking
    • Review and investigation reminders


  • Incident Investigations
    • Investigations including progress tracking/status / findings / recommendations, etc
    • Configurable investigation types with differing investigation team structures
    • Investigation external document links
    • Configurable and managed signoff models including separate lists for investigation team members and other parties
    • Investigation signoffs with qualified and dissenting opinion options
    • Investigations build distinct reports


  • Internal Audit System
    • Separate audit risk ratings and notes per risk/compliance issue
    • Separate audit external document links
    • Internal-audit remediation register with assignable tasks and remediation progress, status and outcome recording.
    • Automated access escalation for user flagged as auditors
    • Auditors use the same screens as normal users but have extra fields and facilities
    • Automated CSA survey generation
    • Full change logs kept of key accountable tables (can be expanded to include additional tables including additional tables added by clients)


  • Insurance and claims
    • Insurance register with renewal reminders
    • Insurance policies link to risk/compliance registers via the strategy and controls register, actions register and document registers.
    • Claims management
    • Claims link to risks/compliance registers via incident and insurance registers
    • Incident/Hazards Register (plus hooks for interfacing into a separate incident management system if desired)


  • Causes Register
    • Unlimited risk specific causes per risk
    • Type-of-Cause allows standardisation of causes while allowing complete flexibility in description and instance of a cause (similar to Type-of-Control)
    • Incident and Risk/Compliance causes.
    • Causes can have numeric risk event triggers (allowing concepts such as the "likelihood of exceeding x events in a year")
    • Direct sub linking between causes and strategies and consequences enables cause and effect strategy design and verifiable coverage of causes
    • Causes can be sub linked off Assertions/Questions (the default for compliance screens) allowing low rating compliance questions or analytic steps for remediating breaches to be structured around the causes of each question's failure. This enables the compliance model to be around built around both compliance risk and compliance topics philosophies.
    • As there can be an indefinite number of question sets with an indefinite number of questions per risk / compliance issue, cause structuring can get very deep.
    • Causes integrate with surveys, the scripting engine and external modelling systems to enable programmatic setting of likelihood ratings using additional fields as part of the interface (like the "risk trigger value").


  • Strategies & Controls register
    • Strategies and controls with progress notes and tracking
    • Register and track unlimited strategies and controls
    • Customisable ratings scheme for each control or strategy including any of likelihood, impact, control, (residual) risk over inherent, residual, current self, audit, reviewer, etc ratings groups, as well as five ratings defaulting to authority, reliability, efficiency, economy, and timeliness control assertions.
    • Officially mandated Type-of-Control list provides a template for approved control strategies and allows strategies to be both individually described, and structurally grouped and standardised.
    • Strategies & Controls directly cross link to individual causes and impacts/consequences allowing you to tie specific strategies to one or more causes and consequences of a risk or compliance item.
    • Strategies & Controls can have actions.
    • (Coming soon: unlimited assertion/ratable question sets similar to that used for compliance and risk screens).
    • Includes Responsible officer, delegate, email reminders, assignment tracking, cost and benefit measures, link to insurance, cyclic and one off controls/strategies, flag where insurance expired, due dates exceeded, user defined categories and subcategories, etc.
    • Automatic access rights escalation where read only viewer is accessing a strategy for which they have responsibility
    • Fully customisable messages with or without email running.
    • Survey question library links surveys to strategies
    • Can feed CSA automated surveys


  • Financial Elements Register
    • Unlimited charts of account
    • Account rollup
    • Store performance metrics (budget, actual, transaction volumes, etc)
    • Store audit assessments for each element
    • Link to audit/risk/compliance assertions
    • Ownership
    • Unlimited risks/compliance obligations per account
    • Test plans and test plan scheduling
    • Heat maps for each element with drill through to risks and incidents


  • Document Register
    • Document register for unlimited documents
    • Supports multiple document management strategies simultaneously: unmanaged, delegated management and full management.
    • Unlimited risk/compliance issues may be linked to each managed or unmanaged document.
    • Unlimited unmanaged documents may be linked to a risk-compliance issue
    • Document management can be set at the document or section level on a per-document basis
    • Managed documents track (optionally) full text, responsibilities, review cycles, issuing authority, compliance status, risks/compliance issues assigned, question-assertion status.
    • Managed document sections track (optionally) full text, responsibilities, review cycles, issuing authority, compliance status, risks/compliance issues assigned, question-assertion status.
    • Full snapshot version control operates on managed documents - a full time-stamped copy of the relevant records is made for each change.
    • The document register presents document and section specific lists and heat maps of all risks/compliance issues attached to the document or section and supports export on that basis.
    • Main listing screens support dynamically constructed QBE filters and free text search to enable isolation of documents using specific terms or any of the tracking fields.
  • Store documents internally or interface to your document management system, web site links available for most objects.


  • Work flow engine
    • The work flow system supports two purposes (a) documenting processes with flow charts, and (b) automating RM related activities
    • Work flow modelling and diagramming tool (with a built-in script-able work-flow diagramming subsystem)
    • Work flows can be executed and can invoke RM screens and external applications. Executed work flows can be assigned to individuals and have multiple individuals participating in different steps.
    • Work flows steps can have attachments.


  • Survey engine
    • Full implementation of BPC SurveyManager with customised management client built-in
    • Built in survey engine
    • A full scale (not limited) survey / web forms engine that is licensed for separate use and can be used for far more than just your risk management requirements. Think of something you need to collect data on the BPC SurveyManager will handle it. The SurveyManager can be used to write entire web sites on its own.


  • Access and security
    • Single user mode or secured access modes (end user selectable)
    • Multiple access security support (LDAP,AD, NTGroups, Internal, Trusted, etc)
    • Configurable access rights for access to risk type, business group, business unit, risks over multiple levels of access from none to administration
    • Automatic escalation of access to individual records where the user has responsibility assigned, but otherwise would not have access


  • People & resources
    • People and positions (resources) may be imported in bulk, created individually or automatically created on connection.
    • Resources integrate with the access control system
    • SurveyManager keeps a separate list if resources mirrored with the RiskManager resource tables
    • RiskManager allows for three domains of resources - survey responders (access to specific surveys), risk manager known persons (can be managed by email, assigned responsibilities but do not have access to the system), and risk manager users (access allowed).
    • User access control down to individual business unit risks & issues as read / update / create (See access control).
    • Resources (people) can be retired (removed from lookup windows, etc) without deletion from system (to preserve risk/compliance history integrity).


  • Scalability, Networking and communications
    • N-Tier architecture, can be installed on one computer with the database (as in single user mode) or distributed across multiple servers (as in Enterprise/Web mode).
    • Networked comms supports simultaneous or individual use of Raw TCP/IP, HTTP and HTTPS (SSL) network communications (all with compression)
    • Supports unlimited simultaneous databases (subject to license purchased)
    • Supports unlimited simultaneous application servers (subject to license purchased)
    • Supports unlimited simultaneous survey engines (subject to license purchased)
    • Supports unlimited installed client desktops (subject to license purchased)


  • Other
    • Cost and benefit tracking
    • Full internal scripting language to support end user expansion and external interfacing
    • Interfaces for external complex risk assessment (eg Monte-Carlo modelling risk systems such as Benfield / AON Remetrics)
    • Single point of update publishing for clients


BPC RiskManager Express V5.x


BPC RiskManager Express has a dramatically simplified and restricted user interface, does not maintain structured causes lists (but does have unlimited "contributing factors" descriptions) and allows one level of responsibility for assignment of issues and actions, and does not have an end-user report writer (although it does support both mail-merge and word / XL template driven reporting). It can be configured as either a compliance or a risk solution running on separate databases through the one application server. Like it's more powerful sibling, it will support an indefinite number of databases.

BPC RiskManager Express is targeted at organisations where simplicity of operation and user input overrides the need for granularity of input and analysis, and where the additional governance sub-systems available in BPC RiskManager are not needed (eg insurance, claims, assertion / question rating models, work-flow, assessments, security, assets, etc.)


This riskwiki focuses on BPC RiskManager (Enrima Edition).


Additional Resources

BPC Support Forum
BPC RiskThink Blog
Request a free fully functional trial copy of BPC RiskManager (Enrima)



BackLinks




CopyRight Bishop Phillips Consulting Pty Ltd 1997-2012 ( BPC RiskManager V6 Enterprise (Enrima Edition) )
Personal tools