7.

0
NEW
ARM

Active Risk Manager

ARM 7.0 Features & Benefits Matrix
August 2014
Active Risk Manager
ARM 7.0 Features & Benefits

This document provides a breakdown of the key features and benefits in Active
Risk Manager (ARM) to help highlight the capabilities for risk, issue, incident and
opportunity management at Project, Program, Portfolio and Enterprise levels.

KEY: A ARM (Core) B ARM Unplugged C ARM Reporting/ARM RPM D ARM Apps

ARM Interface Views A B C D Benefits

Intuitive look and feel.
Standard menu driven browser solution, instant familiarisation by users,
reduced training costs, increased participation.

Zero footprint; 100% Web based.

Ease of implementation, reduced support costs for new updates, meets
even the most secure web browser platforms. Ease of roll out to
"associated" participants in the risk process such as government customers
and contractors.

Natural interoperability with

Microsoft-based operating platforms
Reduced costs for deployment and support by IT departments. Minimum
resistance to acceptance by users and IT. Reduced learning curve
and Microsoft applications. for Microsoft-skilled personnel. Efficient seamless interaction across
applications.

Launch relevant portions of risk records

from browser shortcuts, portal sites,
Enables real-time risk information updates and eliminates the need to send
spreadsheets or paper forms back and forth between risk owners/managers
email, presentations, or anywhere a and risk information contributors. Encourages broader risk process
hyperlink can be embedded. participation by simplifying methods to propose risks and update actions.

Multiple Record Type/Template

Interfaces.
Simplifies data entry and ensures an appropriate level of risk management
for any risk. Templates such as assumptions, causes, candidate risks,
concerns, risks, issue, change requests, opportunities, incidents and the
necessary handling plans, actions, controls and fall backs provide the right
degree of risk management for any uncertain situation or actual event.
Enables the solution to be used for not just "risks" but associated type
information capture - eg Complaints.

Offline client to help facilitate risk

management workshops and offline
Facilitates risk workshop "quick capture" and iterative processes to gather,
assign, score and plan for risks in any situation, even when on-line access isn't
updates. available. Ensures data integrity and eliminates the need to get data clarifications
after risk workshops. Eliminates the need to send spreadsheets back and forth
between risk information contributors and risk owners/managers.

Multiple graphical tree displays of

reporting structures (organization,
Enterprise-wide visibility and transparency of information with the ability
to drill down to areas of interest or roll up and aggregation through the
objectives, project, activities, project structures. Provides a holistic view of information at any level with secure,
requirements, project cost breakdown data restricted visibility for any stakeholder group. Facilitates risk awareness,
structures, KPIs, assets, financial communication, sharing and collaboration amongst all stakeholders.
accounts, compliance structures,
oversight & escalation groups, third
party entities: JV partners, customers,
suppliers, regulators).

User-defined highlight of user risk

thresholds against each tree structure.
Helps provide risk stakeholders with instant information when individual
risks breach personal financial risk thresholds. Accelerates focus on areas of
concern. Enables a deeper pool of risks to be tracked and managed without
overwhelming aggregated risk views.
ARM Interface Use A B C D Benefits
Menu driven.
Provides an intuitive structure for users that minimizes training time. Offers
a wide variety of functionality in a clean interface that considers role-based
security to present users with only the functions they're authorized to
perform.

Rapid access to key functions using

right mouse click.
Increases speed of access to relevant functions and simplifies use.

Checkbox selection in the review pane

to perform functions on a selected set of
Quick selection of appropriate data for analysis, reporting or risk linkage
maximizes user efficiency by minimizing mouse clicks and screen navigation.
risks on the ARM desktop.

Dashboard providing quick view of

risks and easy navigation to all risk
Dashboards provide broader risk insights and facilitate drill-through to areas
requiring more focused attention.
management functions.

Comprehensive and context sensitive

on-line help.
Promotes self-training by providing a comprehensive explanation of features,
related information and example usage scenarios. Includes a glossary of
terms and search capability to maximize user efficiency.

Support for integration of on-line

tutorials within the application.
Supports the business process adopted and can be tailored for different user
roles minimizing the need for training.

On demand spell checker available in

main data entry screens.
Ensures that all ARM outputs are legible and presentable.

Pop up calendars and lists able to be

used for simple date entry.
Increases speed and accuracy of data entry.

Cut, copy and paste risks and risk

structures across breakdown structures.
Support Program and/or Organizational Structure changes whilst preserving
links to risk data. This is a significant requirement for fast changing
organisations and for the pre-population of new risk registers from existing
risk data.

Lightweight, simplified features

and functions for non-expert users
Increases user buy-in, accelerates rollout and reduces training costs.

defined by the role they play in the risk

management process.

Configurable record type definition

distinguishing between Risks, Issues,
Define organization specific record types and convert from one record type
to the other allowing ARM to reflect your organizations process, terminology
Opportunities and other user-defined and workflow. Ideal for supporting varied levels of risk maturity while
templates. preserving a full audit history of the lifecycle of a risk as it transitions from
a concern, to a risk, to an event etc.

Hyperlink to risk records.

Makes the risk system transparent to users. Provides easy, secure visibility to
risk information from common tools such as email, portal pages and intranet
sites.

System activity audit.

Full activity traceability and data management assurance of all risk process
information.

Risk Identification A B C D Benefits

Risk Entry - simple entry with approval
process and workflow notifications.
Ensures data integrity provided through chain-of-command risk
reviews.

Risk, Impact, Plan and Response,

Evaluation, Test, Deficiency and
Provides a comprehensive, stepped approach to managing risk/issue/
opportunity lifecycles.
Remediation entry.

Short form role-based risk entry.

Speeds up data entry with the ability of viewing all risk/control data on one
screen.

Knowledge base/Risk templates.

Promotes sharing of knowledge, increases speed and relevance of data entry
and prevents duplication. Important when the "centralised" risk management
function wants to ensure there is a defined level of risk management pushed
out to the organisation.

Integrated Issue Management.

Ability to record risks that have impacted (100% probability). These can
then be used to analyse the effectiveness of the risk management process.
Risks that have impacted can be "converted" to issues for tracking and issue
resolution.

KEY: A ARM (Core) B ARM Unplugged C ARM Reporting/ARM RPM D ARM App
Risk Identification
Opportunities capture.
Custom IDs as well as system IDs.
Multi-level classification structures
within risk records.
Risk Categorization and Attributes.
Risk Ownership, Multiple Interested
Parties and Raised-by fields.
Risk Approval Workflow.
Configurable fields.
Form designer.
Label Customization.
Linked documents.
Grandparent, Parent and Child risk/
opportunity/issue relationships to
manage cross-enterprise risks, issues
or opportunities.
Linkage of a risk/opportunity/issue
to multiple risk breakdown structures
(WBS, RBS, OBS, Functions, Processes,
Assets, Financial Accounts, Objectives,
KPIs etc.)
Association of a risk/opportunity/issue to
multiple risk breakdown structures (WBS,
RBS, OBS, Functions, Processes, Assets,
Financial Accounts, Objectives, KPIs etc.)
Email alerts from risk entry and data
amendments.
KEY: A ARM (Core)
A B C D Benefits
Using the ability to create different "risk objects" the system can be
configured to manage Opportunities that deliver increased cost reductions or
revenue opportunities to projects and the business. Promotes a positive view
of managing value across the program and business while also offsetting
the risks. Can be used in both a simplified manner or extended out to deliver
significant financial benefits as intended by 6 Sigma Process Excellence type
programmes.
Ability to preserve existing IDs for all data elements.
The classification structures within risk records help build and convey matrix
relationships and facilitate analysis, linking, reporting and resource sharing
for risks, opportunities, issues, incidents and their handling plans. Can be
administered by the business without reference to IT or external consultants
reducing time to value and cost.
Ability to slice and dice the risk data to increase speed of identification from
the knowledge base or to enhance relevance of reports. Often referred to
as the risk taxonomy this enables consolidated aggregate reporting and
monitoring of risk impact across multiple risks, registers and business units.
Can be administered by the business without reference to IT or external
consultants reducing time to value and cost.
Visible ownership assignment of risks promotes risk awareness,
accountability and possible risk sharing/delegation supported by the
email alert management system.
Saves considerable time in automating the approval process of risks
supported by the email alert management system.
Helps extend or reduce fields within the records to meet different capturing,
reviewing and reporting requirements. Allows the software to be configured
to match the risk process(es) within a business. Can be administered by the
business without reference to IT or external consultants reducing time to
value and cost.
Enables user data entry forms to be painted by administrators. This helps
align the risk capture process with the wider risk process making it more
relevant and streamlined, easier for users to understand. It also means that
customers can do this themselves at the business level without the need for
expensive external consultants or IT involvement.
Improves user familiarization and promotes user buy-in across the
program or organization with the ability of having multiple label sets to
support multiple processes or languages. Helps different aspects of the
risk process (eg HR, Project and HSE) to use terminology that is relevant
and understandable by them rather than a generic set of labels. Can be
administered by the business without reference to IT or external consultants
reducing time to value and cost.
Provides a dynamic link to any document to support the relevance of the
data entered. This link can be to a SharePoint document (photo, PDF file etc)
that is installed on the ARM Server or any document able to be referenced in
this way through the customers own document management solution.
Provides visibility and improves manageability of related risks, driving more
effective use of mitigation funds through centralised strategies. Reduces risk
duplication and redundancy of mitigation efforts/costs. Helps manage risks
that cut across multiple parts of the hierarchical reporting structure that do
not fit within a linear view of data.
Enables the user to assess and manage multiple impacts of one risk
without double-counting, providing more accurate and relevant risk impact
assessments including the relevant scoring schemes. Risks linked in this way
have their own impact assessment relevant to the node the risk has been
linked to.
Enables the user to assess and manage multiple impacts of one risk without
double-counting, providing more accurate and relevant risk impact assessments
including the relevant scoring schemes. Risks linked this way have a single
impact assessment that is the same for each linked folder tree item.
Promotes proactive risk/action management and provides even non licensed
users the right information at the right time. Also takes workload off the Risk
Managers.
B ARM Unplugged C ARM Reporting/ARM RPM D ARM App
Risk Identification
Creation of master/copy risks that can
be used for monitoring interfaced risks.
Risk Status tracking .
ARM Apps for simplified risk capture.
Risk review.
Risk Feedback.
Risk Assessment
Configurable risk scoring matrices and
colours.
Opportunity and Threat (Risk) scoring.
Multiple scoring schemes and real time
re-assessment (say at project, function
and corporate levels.)
Inherent, Current and Target Impact
Assessment.
Quantitative and Qualitative scoring.
Support for multiple quantitative
distribution estimates (single point,
triangular, uniform, beta pert, normal
and poisson.)
Probability and Frequency based risk
and issue assessments.
Multiple Impact Categories (e.g.
Schedule, cost, performance, legal,
EBITDA, reputation etc.)
Return on Investment calculations.
Multiple scoring groups and templates
to aid more accurate assessment.
Coefficient of variation.
KEY: A ARM (Core) B ARM Unplugged
A B C D Benefits
Beneficial in pushing out standard corporate risks across the business as
copies yet retaining control of the master risk.
Provides users with an indication of which stage in the lifecycle the risk is at.
Ability to push risk identification across the company by configuring very
small data capture "portlets" to run under Corporate intranets, SharePoint or
MS Outlook to enable the entire organisation to record unapproved worries,
concerns or risks and therefore capture initial risks at source rather than a
centralised process.
Ability to record and monitor formal risk reviews from ARM users on a regular
basis as risk reviews are conducted in your program or organization.
These are available as "journals" and can be used to audit and monitor the
reviews a risk has been through by identifying review comments, reviewer
and date.
Ability to record and monitor feedback comments on risks by contributors.
These are available as "journals" and can be used to audit and monitor the
reviews a risk has been through by identifying review comments, reviewer
and date.
A B C D Benefits
Promotes users familiarization and supports multiple processes that may
be driven by customers reporting needs or different internal processes.
Supports a positive outcome to effective management of risks and values
whilst also distinguishing between risks and opportunities.
Provides users with the ability to assess risk/opportunities using specific
qualitative and quantitative scoring templates and helps prompt users with
relevant qualitative descriptions of impacts. Increases speed and accuracy
of impact assessments whilst simplifying the quantification of an impact.
This can be used to re-assess against corporate scoring schemes that
reflect higher levels of risk appetite.
Ensures that risks are managed to an acceptable level of impact and
ensures a target impact driven approach linked to the handling plan to
promote a more objective driven process including ROI. Provides support
for risk processes that define Inherent risk (risk with no controls), current
risks (risk with controls in place), target risk (current risk with new actions
designed to mitigate risk further to..), residual risk where fallback plans
protect levels of risk that cannot be achieved through actions alone and
therefore require to be dealt with once they become issues.
Supports an automated conversion between qualitative and quantitative
assessments using the appropriate scoring scheme. Risks can be assessed
qualitatively or quantitatively (using single or three point estimates). ARM
benefits the user by triangulating between these two forms of assessment.
Supports industry standard distributions to ensure accurate estimates of risk,
opportunity and issue exposure.
Provides flexibility to support either Frequency or Probability or both
assessment types per impact to forecast accurate risk/issue exposure.
Ability to assess custom impact categories in support of users requirements.
Define an unlimited number of impact categories for use over different
scoring schemes across your business. Select up to 12 for use in any one
impact record per risk/opportunity/issue.
Provides an indicator of whether the mitigation steps provide a sufficient
enough return over the impact of the risk or the opportunity.
Ensures that different types of users from various programs and business
units can make specific estimates based on relevant scoring thresholds.
Improves user familiarization. Set the default order of impact categories to
appear to the user to ensure a speedy assessment capture. Use existing
scoring schemes to create new ones to saving administration time.
See the amount of variation contained in an impact expressed as a
coefficient to enable you to compare and assess risk impacts in terms
of their assessment spread as well as size.
C ARM Reporting/ARM RPM D ARM App
Risk Assessment A B C D Benefits
Next assessment date warning.
Gives an indication to the appropriate risk/control owner of when the next
assessment is due.

Expected Monetary Value (EMV).

Provides an assessment of financial risk factored by probability - called
EMV (average impact x probability) of a risk assessment based on the cost
impacts identified. If three point estimates and distribution types are used
then these are taken into account as part of the calculation.

Mean Cost (MCV).

Quickly see the true mean or average impact value to understand the full
exposure should the risk occur. This is being used by a number of customers
around black swan type events whereby probability is removed from the
assessment as the risk, if it impacts, is deemed to have catastrophic
business, life or environmental harm.

Coefficient of Variation (CV).

The Coefficient of Variation is an expression of the amount of variance
contained within the possible impact, i.e. it expresses how uncertain the
impact is if it happens.

Assessment history table and chart.

Provides an indication of the fluctuations of risk scores and the effectiveness
of handling plans (actions, controls and fallbacks.)

Dashboard traffic lights based on

personal and corporate risk thresholds.
Helps focus the individual user on the most pertinent risks and provides
warnings should personal cost constraints be exceeded.

Aggregated Cost Impact Categories.

Cost impact category aggregations provide the user with the ability to see
the total cost impact of a risk/opportunity based on an aggregation of all of
the cost based categories used in the risk/opportunity impact assessment.

Management Reserve and Provision and

Contingency Management.
Record the actual costs of mitigation activities and have these drawn
down from an overall program, division or functions management reserve
to monitor contingency levels, allowing you to manage contingency more
effectively by applying it to manage the risks that provide best return in
meeting the programs requirements or business objectives.

Risk Treatment A B C D Benefits

Treatment Plan tracking.
Provides an indication of whether mitigation plans are on track or off
track in meeting target levels of risk reduction. Reduces the likelihood of
investing in non-productive mitigation plans/controls/actions. See graphical
representations of a (or multiple) mitigation plans, export, print and copy for
use in key presentations and distribution around your organization.

Multiple Responses per Handling Plan.

As it is often not possible to reduce a risk to an acceptable level through
a single action or control, the provision of a mitigation strategy makes it
easier to review the performance and Return on Investment of a group of
associated Controls/Actions and facilitates the management or mitigation
of both single or multiple risks.

Response scoring.
Users can score individual responses qualitatively or quantitatively in order
to record the target and actual risk level achieved by the mitigating action.
There is also a feature to enable automatic response scoring when
a response is marked complete.

Response sharing.
Use a response on more than one mitigation plan where circumstances
result in the same response being applicable to more than one risk mitigation
scenario.

Mitigating Actions.
Ensures that risks are managed effectively down to the target level using one
off measures that have ownership and due dates.

Controls.
Ensures that risks are managed effectively down to the current level using
recurring measures (see section on Internal Controls Management in relation
to the documentation and effectiveness of controls as part of this process).

Fallback plans.
Provides the ability to mitigate residual risk where it is not possible or too
expensive to mitigate risks down to an acceptable level through controls and
actions (eg for external risks around OPEC Oil pricing). Fallbacks provide a
failsafe option normally in the form of insurance policies and contingency
plans should a risk impact.

Waterfall charts for tracking mitigation

plans.
Gives a vital indication of the effectiveness of the Mitigation Plan detailing
whether the Actions/Controls are reducing the level of risk.

Provision charts to manage risk

management spend .
Ensures that management allocate the correct sums of contingency to
the areas in need, as well providing the ability to track the expenditure of
ongoing provision funds. Resulting in better value of provision allocation to
realise positive ROI from risk mitigation.

KEY: A ARM (Core) B ARM Unplugged C ARM Reporting/ARM RPM D ARM App
Risk Treatment
Tracking of Overdue responses.
% Completion of actions/controls.
Baseline and back on track.
Assessment score reduction based on
success of response.
ARM Apps for simplified mitigation task
management.
Filtering & Searching A
Fast go to risk function.
Advanced parameter driven search
criteria operating across risk break
down structures, risks, impacts, plans
and responses in a single screen.
Use of wildcard search selections
across customer defined set of fields.
Grouping and sorting criteria set within
the same filter conditions.
Ability to save and assign multiple filter
conditions and re-use in on demand
searching and reporting - direct from
dashboard.
Public and group saved filters.
Relative filter criteria.
Default filters.
Ad hoc, column display based filtering.
Ability to filter by risk breakdown
structures, projects, activities, assets,
compliance structures and accounts.
Regardless of the filter construct, users
can only see data they are allowed to
see through the security model.
Analysis
Multiple Single risk and aggregated
Risk and Opportunity Matrix (Probability
Impact Diagram or Heat Map.)
KEY: A ARM (Core) B ARM Unplugged
A B C D Benefits
Improves Managements visibility of Action/Control Owners efficiency.
Gives more flexibility to Action Owners.
To help management or users review whether the mitigation steps are on
track or to understand why they have slipped.
A useful mechanism to establish what level of reduction an Action/Control
will have to reduce the level or risk.
Ability to provide task owners very simple access to view and update their
ARM actions using Corporate intranets, SharePoint or MS Outlook and by
making it so simple thereby achieving better buy-in from task owners and
enabling tasks to be completed as set and approved.
B C D Benefits
Increases speed of finding relevant risks and prevents entry of
duplications.
Promotes buy-in and improved ease of use by providing the user the
information they require to see in the order they wish to see it. Increases
speed of risk assessment, management and control. Hides the backdrop of
complex data structures from users so they can simply construct powerful
filters without the need to understand the data model. Can be re-used in
reporting as well as online displays.
On average 20% of management time is spent on searching for information.
The ability to apply free-text searches therefore results in more effective use
of time.
The ability set up personal views of relevant filters ordering data accordingly
whilst preserving ARM data security.
Personalises the system to meet the users individual needs improving
ease-of-use and speed of accessing the required data throughout the
system.
Use public filters to make saved filters available to your whole, or a
selection of the risk management community to speed up data retrieval and
standardise searching.
Use relative filter criteria such as <current date> and <current user> to create
standard filters for use across your organisation such as My top 10 risks.
Allocate individuals or groups default filters to increase efficiency and
simplify tasks.
Further simplifies the look and feel of relevant information, increasing the
speed of data access and improving user buy-in with the ability to customise
the selected views.
Enables users to filter data by multiple reporting structures to meet their area
of responsibility. For instance all project activities with WBS beginning with
12.100.2* or all Assets with attributes of "Low Reliance".
Confidence that regardless who has the ability to run filters in the application
or reports, only data the user is authorised to see will be returned by the
filter.
A B C D Benefits
Enables organisations to deploy multiple qualitative heat maps within a
single instance. Offering benefits around reporting against multiple risk
reporting requirements simply.
Provides a priority view of relevant risks scored using the appropriate scoring
criteria and shows both current and target levels of risks thereby showing
at a glance risks that breach risk appetite levels regardless of the level of
appetite of the user. Gives a simplistic picture of which risks need to be
focussed on and increases risk awareness.
C ARM Reporting/ARM RPM D ARM App
Analysis A B C D Benefits
Caveats and Classifications on all charts
and reports (set by risk breakdown
Enables the system to conform to high level security and data confidentiality
information reporting requirements often found in defence and high security
structure.) organisations.

Schedule Analysis - Monte Carlo

Simulation.
Provides an estimation of time savings on managing projects as a result of
successfully managing risk and uncertainty and details the sensitivity on
individual project activities.

Risk adjusted Schedule Gantt Chart.

View baseline, pre-mitigation and post mitigation dates for imported project
plans or folders to understand exactly how risk and the cost of mitigating is
likely to affect your project timescales and budget.

Impact Analysis - Monte Carlo

Simulation.
Provides an estimation of cost savings on selected areas of the business/
assets/projects or of the whole company as a result of successfully
managing risk and uncertainty. Also provides an estimation of the current
level of risk/uncertainty mapped against the target level including the cost
of mitigation, to calculate the return on investment of mitigating/managing
risk. Configurable running criteria such as confidence levels and number
of interactions allow you to run the scenario and see results with different
factors considered helping to build up an understanding of the risk profile.
Can be used to simulate the risk assessment of any quantifiable objectives
such as percentages, weight, velocity etc as well as financial.

Impact Cost Forecast - predict future

risk exposure and rate of spend.
This function provides a view of your likely future cost due to risk exposure,
smoothed over a periodic time basis, to give an ongoing rate of spend
"Monthly", "Quarterly", etc. based on the likely occurrence of risk in the
future. The effect of risk is estimated using Monte Carlo simulations for
each future time period, taking into account both Frequency and Probability
based risks, although this functionality is particularly relevant when modelling
Frequency risks, i.e. those which are expected to recur on a regular basis.
Gives an immediate indication to the rate of expenditure over a chosen time
period and helps forecast what provision of funds are required to effectively
manage risk when considering risk financing against business plans.

Provision management (Planned and

Actual.)
Helps to establish Specific and non-Specific Management Reserves which
can be used for the financing of risk mitigation strategies and issues.
Providing the ability to build contingency into initial project bids and business
cases that establish stronger communication and financial certainty around
budgets. Helps risk managers understand the level of provision set aside
for risk mitigation and can be used by senior management to understand
programme level contingency plans, planned and actual draw down from
the contingency.

Impact snapshot (Impacts by risk level

and status.)
Gives a metric view of the number and level of risk impacts to quickly
determine the level and type of risks that impact the selected business area.

New and Amended risk chart by status.

Helps management view the increases or decreases of changing status
of risks.

Risk Status Change chart by Risk Status

and Time.
Gives management an indication of what stage in the risks are in the risk
lifecycle over a selected time period.

Impact Trend Impacts by period and

risk level (count and weighted score.)
Provides management a view of increases or decreased impacts over time to
assess whether risks are being reduced.

Increased and Decreased Impacts by

risk level.
Shows the current snap-shot of the risk impact, providing a qualitative
indication of risk levels.

Export of quantitative results to Excel

for further analysis.
Supports the ability to benchmark results in other third party analysis
tools.

Risk Quad charts.

Provides a convenient way to view summary information about a risk, its
impact and its handling plan on a single sheet with configurable layout and
colour scheme to meet DoD Customer requirements.

Risk Time Frame Window Chart.

Analyse the impact period of your risk profile in order to tackle and prioritise
actions in a timely manner.

Risk Map Chart.

Analyse risks in terms of their uncertainty and overall impact value to help
focus mitigation resources to where they are needed most.

Tornado Chart.
Analyses which project tasks are the most sensitive to the risks identified
helping you to decide where you should best deploy mitigation resources.

KEY: A ARM (Core) B ARM Unplugged C ARM Reporting/ARM RPM D ARM App
Analysis A B C D Benefits
Adaptable Analysis Reporting.
Ability to run analysis reports straight from the ARM desktop based on user
defined criteria such as:
Risk exposure and draw down
Contingency/provision spend charts
Summary/Detail relationships and aggregated cost
Risk Process health checking
Prioritisation of risks based on compound criteria such as Impact, proximity
and manageability.

Copy & export of charts to other

Microsoft Office applications.
Increases speed of reporting in external applications (MS Office apps),
providing time savings in putting together consolidated presentations or
reports.

Risk Escalation A B C D Benefits

Escalate records up through an
organisation hierarchy to prioritize items
Build an escalation tree that mirrors your escalation process, propose
and escalate risks/opportunities or issues up through different levels for
requiring immediate and higher level actioning. Users are able to propose and escalate records when they require
attention. higher level support for either awareness or funding purposes. Use alerts to
notify parties of escalation movements. Notify higher levels of management
about important risks and transfer ownership where appropriate.

Internal Controls A B C D Benefits

Management
Identify and document different types of
management controls that form part of
Can be used to help define the control framework of the business from
Operational (eg Health & Safety) to Compliance (eg SoX and ABC) to internal
the enterprise control framework. financial controls. High degree's of configuration enable different processes
to be supported across the business.

Link documents to controls.

Provide supporting documentation for key controls.

Link controls to multiple risks.

Re-use of controls to mitigate multiple risks.

Standard libraries for corporate risk/

control matrices.
Use standard risk/control matrices that they are applied to different business
units and sites.

Control effectiveness testing cycles.

Organisations can manage different control testing cycles and push these
out to control owners when due. This enables the organisation to put in place
a control evaluation process that validates the effectiveness of the controls in
the way they are designed and operated, thereby providing confidence in the
current level of risk across the business.
The type of evaluation process can be enhanced or simplified depending on
the type of control or its significance to the business.

Documentation of deficiencies, rating

of deficiencies and remediation plans.
When controls are detected as having deficiencies these can be documented
and a robust programme put in place to correct the weaknesses through
remediation.

ARM Apps for simplified control

evaluation.
Ability to push simple control evaluation across the company by configuring
very small data capture "portlets" to run under Corporate intranets,
SharePoint or MS Outlook to enable control owners to perform control
evaluations very simply without the overhead of the full risk management
process.

Email notification of all control related

events from creation, update,
To help ensure controls owners are reminded of their responsibilities the
system has a rules based configurable email sub-system that can be
control testing due, control testing configured by customers to send emails to risk, control and action owners
completed etc. when key events have happened or are due.

Control Management Reporting.

Standard Dashboards and reports are available to help manage internal
controls from operational users through to senior management. Standard
reports include:
Control Status Dashboard
Risk Control matrix
Control Evaluation Dashboard
Control Evaluations and Tests
Fully integrated with the ARM RPM Dashboard and Report builder to enable
customers to develop their own control process and monitoring dashboards
and reports.

KEY: A ARM (Core) B ARM Unplugged C ARM Reporting/ARM RPM D ARM App
Business Continuity
Identification and documentation of
Business Continuity risks and fallback
plans as part of the the top down risk
management process dealing with
residual risk.
Risk assessment based on Business
Continuity type considerations such
as Maximum Outage and Maximum
Recovery Time.
Business Continuity mitigation plans
supporting residual risk assessments.
Testing of Business Continuity Plans.
Automated email alerting.
Standard reporting.
Custom Dashboards and Reports.
KEY: A ARM (Core) B ARM Unplugged
A B C D Benefits
Supports the capture, analysis and reporting of key risks that threaten
the continuity of your business in order to make decisions on where to
best deploy resources. From these continuity assessments it is normally
found that residual risk remains as a factor outside risk appetite levels and
therefore requires a strategy for how to deal with the impact of the risk as
opposed to managing the current level of risk or reducing it through other
mitigation vehicles.
The risk assessment schemes are powerful enough in ARM to be used to
assess specific business continuity threats against levels of risk appetite
related to the impact caused by outage and recovery time. As well as
assessing continuity risks this way, full business impact analysis documents
can be linked to the assessment process. This caters for business continuity
processes that understand and analyse specific assets, resources and the
potential impact of other dependent events that may occur at the same
time (ie complex scenario's that can only really be modelled in specialist
modelling tools).
Specialised Business Continuity or Recovery plans can be configured
in ARM to support the processes requirements and these are linked to
residual risk assessments to help provide confidence that where there are
major residual risk levels (probably outside of the ability of the organisation
to manage down) then these are managed as part of the overall risk
management process.
As these plans form part of the overall risk mitigation strategy it means that
business recovery plans can be assessed in terms of significance based
on the risks they are managing and the economic value of these plans can
also therefore be assessed in a wider part of the investment case for risk
management.
The ability to test BCP's as part of the internal control framework can
be managed through ARM providing greater confidence that the investment
in the plans is 1) prioritised from a risk perspective and 2) that the plans will
work if required. Failed test programmes are then supported by remedial
action plans and the ability to re-assess the level of risk due to a weakness
in the BCP.
At any stage of the process those responsible for BC Threats and the
mitigation process can be informed automatically by configurable email
alerts. This helps inform owners of business continuity and risk owners
when risk thresholds around residual risks as a result of impacts on business
process continuity are breached, plans are assigned or due dates for review
are approaching.
A number of standard BC reports are provided in the system to help
managers stay informed of the status of business continuity threats,
mitigation strategies and quality of plans. These include:
Business Continuity Dashboard
BC Plan Summary
Key Processes/BCP Report
BC Plan Detail
Business Continuity Financing
For customers who have deployed the ARM RPM sub-system this is fully
integrated into the business continuity data sets in ARM thus enabling
customers to develop their own dashboards and reports as required to
support their own BC process.
C ARM Reporting/ARM RPM D ARM App
Incident Management
Configurable data collection forms for
customer defined incident types.
Ability to configure screen labels by
user.
Incident forms workflow configuration.
Document linking to Incident.
Link Incidents to multiple reporting
structures.
Link incidents to risks.
Summary/Detail linking.
Copy/Paste.
Spell Checker.
Create configurable investigation
records for capturing investigations
on Major incidents.
Link documents to investigations.
Create configurable incident handling
actions data capture forms.
Create configurable Incident regulatory
reporting data capture forms.
Email alerting.
Standard reports.
ARM Apps.
Customisable dashboards and reports.
Audit trail - who made record changes
and when.
KEY: A ARM (Core)
A B C D Benefits
Supports the set up of incident/issue/loss processes for various kinds of real
world events within the business such as Accidents, Compliance Breeches,
Project Issues and Operational losses. Different forms can be configured for
each type of incident set up and the characteristics.
Data capture screens can be configured with terminology that is relevant to
your process and across different processes for different types of incidents.
Supports approval of the phases of an incident from initial raising to
validation, enriching, investigation and sign off.
Provides the ability to link photographic and documentary evidence of the
incident and for investigation and remediation purposes.
A single incident may affect more than one process, objective, asset,
compliance requirement. Therefore the ability to like an incident to multiple
reporting structures is essential in a healthy, information aware culture.
As a key part of the preventative actions required to reduce recurring
incidents, the risk process must be assessed to understand the level of
prioritisation and investment case. By linking incidents to risks, risk owners
can help determine how effective the risk management process is and to
understand whether there are leading indicators that the risk and control
may need to be re-assessed.
Often a major incident has multiple secondary incidents - such as a
train derailment impacting individual assets such as bridges, people etc.
The Summary/Detail relationship helps manage these top events while
addressing the underlying detailed incidents.
Easily move incident and investigation records around the organisation as
and when the organisation changes. Also useful when looking to archive
incidents.
Identify those embarassing typo's in management reporting.
Use root cause analysis techniques like Taproot to assess and investigate
the causes and required corrective actions for incidents.
From simple escalation to investigation stage to full details Investigation
documentation (which can be prepared and linked as internal or external
documents to the investigation.)
CAPA (Corrective and Preventative Action) management around incidents
that can be configured to match your process. Very powerful when
connected to the email alerting subsystem.
Ability to assess incidents with regard to notification to regulatory bodies.
When, who, how was the incident notified to whom. Part of the compliance
reporting requirements of many HSE and Environmental regulations.
Keep process owners, incident owners, interested parties and action owners
informed of the status of the incident and their required action in the incident
process workflow.
Standard listings and registers of incidents together with summary aggregate
loss analysis from a financial perspective.
Ability to push incident management across the company by configuring very
small data capture "portlets" to run under Corporate intranets, SharePoint or
MS Outlook to enable the entire organisation to record unapproved incidents
and therefore capture incidents as they occur at source rather than a
centralised process.
Very powerful Dashboarding and reporting sub-system that allows customers
to develop their own reports. Can leverage off a library of over 100 existing
templates to quickly modify and customise. Able to publish back to the
application to ensure all security and filtering capability is available to
report users. Can export to Excel and Word for Management Reporting
requirements.
Identify who made a change to an Incident, Investigation and Action and
when. Important part of the data integrity and transparency of the incident
management process.
B ARM Unplugged C ARM Reporting/ARM RPM D ARM App
Audit Management A B C D Benefits
Create and maintain an audit universe
to drive annual audit planning cycles.
Effective coverage of all processes and business units based on a risk based
assessment to prioritise audit plans.
Create and maintain audit capture
templates that support the planning,
Highly flexible and adaptive process for supporting different types of audits
and to adapt as the audit process adapts. Customers able to perform this
engagement, execution, reporting and work themselves so quick time to value and very cost effective.
follow up process.
Creation of different types of audit
process - eg Internal Audit, Quality
Ability to remove manual processes from across the organisation to provide
efficiency, integrity and transparency.
Management, HSE.
Setup of label sets that reflect the
terminology of the specific process.
Solution is able to adapt to more than one audit process.

Create and maintain audit findings

templates.
Findings/Weakness or other forms of results from the audit process need to
be captured and assessed for materiality and ongoing recommendations.
These vary in nature so ARM provides the ability to configure this part of the
audit process for each different audit type.
Create and maintain audit
recommendations/actions/measures
Follow up actions from the audit findings - sometimes called Audit
Recommendations, measures, Actions ARM supports all terminology and
templates. allows the data capture forms to be configured to suit the specific audit
process - for instance to identify which business process the action relates
to, or who the business process owner is that should also be notified as to
the status of the action.
Workflow on forms to allow for approval
and sign-off.
Helps ensure that audit details are not amended accidentally once they have
been reviewed, resulting in less errors and embarrassing situations with
business process owners.
Structure audit programmes with
Parent/Child audits.
Often audits are very large and need to be managed as a large project.
Parent/Child enables audits to be broken down to separate work
programmes, each with their own objectives, resources and workflow.
Link documents to audits, findings,
actions.
As an essential part of the audit process involves documents in the form
of checklists and interview notes, this feature delivers the benefit of richer
information content around the audit itself.
Linkage of ERM risks and controls to
audits.
As part of a risk based approach to auditing the ability to link enterprise risks and
their related controls to an audit programme is important if the audit objective
of providing governance to the risk process is to be achieved. As ARM already
manages the risks and controls these are easy to link into the audit programme
so that detailed tests can be constructed to provide confidence around the risk
process as well as the business department and process being audited.
Provide data history trail for all changes
made.
All changes to audit, findings and actions records are logged with the change
made and the name or the user, data and time stamp of the change. This
can be interrogated within the application and is also available through the
reporting interface.
Standard reports. Standard reports include: Engagement Memorandum, Audit Report, Audit
Actions Dashboard, Audit Status. In most cases customers prefer to develop
their own tailored reports using the RPM module.
Dashboard and custom reports. ARM RPM provides customers the ability to develop their own dashboards
and reports - and modify standard reports to suit their own needs. As reports
can be access from simple URL linkages this means reporting information
can be accessed from any web browser without the need to login and use the
ARM software. This increases communication and ease of use by business
managers that just need to be informed of status and what they need to do.
Email alerts. Upon any assignment of audits, findings or actions defined users are notified
by email of the assignment or change in status to take action. This increases
efficiency and integrity of the process especially when managing large
numbers of audits and follow up actions.
ARM Apps for simplified Audit Action
update by Auditee.
Provision of a very light touch "portlet" able to run off corporate intranets,
SharePoint, MS Outlook to help action owner monitor and update actions
they own. Automation benefits means that auditors are then alerted every
time an action is updated by an owner so the status can be reviewed and
reported on without the need for manual follow up processes.

Knowledge Management A B C D Benefits

Save past risk data for future use.
Move records in to a non live knowledge repository for use in the future,
store lessons learnt, template risks and plans to aid others in the risk
management process in future.

Linkage of knowledge base items when

used across the business.
Understand where standard risks and controls have been used across the
organisation to help ensure an aspect of centralised governance and quality.

KEY: A ARM (Core) B ARM Unplugged C ARM Reporting/ARM RPM D ARM App
Risk Connectivity Module
Interactive graphical display showing
the strength of the relationships
(connectivity) between risks based
on risk taxonomy and other encoding
structures.
Standard Reports
Suite of over 40 standard Reports
including risk registers, metrics and
trends.
Use of advanced filtering, saved queries
and current node filtering against any
standard or custom report directly from
the desktop.
Use of application security model.
Export standard and custom reports to
different formats.
Reporting access via MS Outlook or
Intranet/ARM Apps.
Configurable reports menu in ARM that
can be tailored to the exact needs of
each role, grouping the reports and
renaming them as required.
Ability to include associated risks when
reporting on Portfolio Tree nodes which
enables reporting of risks associated
with multiple reporting trees to re-use
existing risk scoring.
Ability to export the configured ARM
desktop directly to a CSV file format
for further reporting with minimum
manipulation.
Integration with ARM RPM.
KEY: A ARM (Core) B ARM Unplugged
A B C D Benefits
It is well proven that most major incidents occur when more than one risk
impact at the same time. The ability to understand the relationship between
risks and in particular how low level risks can act as a catalyst for larger risks
is increasingly an important consideration for risk analysts.
The out-dated method of manually setting risk correlations between all risks
is both prone to subjective error, is very labour intensive and is not dynamic
to move as the risk register changes. Risk Connectivity moves this forward
by addressing these issues.
Gives Risk Managers and their Stakeholders an ability to see the risks that
really matter to determine their connected impact and the source of such
a connected exposure. Also prompts better use of Treatment or Handling
Plans to control or mitigate connected clusters of risks which in turn saves
Treatment Plan costs by reducing duplication.
Is based on proven academic models developed in other fields through the
Zachman Enterprise Framework which provides a formal and structured way
of viewing and defining an enterprise. This is then applied to the underlying
risks for that enterprise to try and establish a connectivity between the risks
based on this enterprise model and the risk taxonomy structures.
A B C D Benefits
Providing a standard reporting mechanism to ensure consistency and speed
of reporting hugely reducing management and user overhead.
With the use of generic personal filters users are able to increase their speed
of generating reports whilst ensuring the relevance of data content. Reports
can be run using the filter selected on the ARM desktop.
Due to the embedded capability of MSRS Reports within ARM, security
is maintained resulting in considerable saving from not having to re-write
security constraints around the reporting application. Additionally caveat and
classification information can be specified as mandatory to ensure security
constraints are applied to reports that may be distributed and printed.
Increases speed and flexibility of using relevant data from reports to
manipulate into consolidated external report formats.
Provides report writers the ability to link specific reports with pre-set
parameters to MS Outlook folders or any other ability to call URL's
directly providing easy access to all users through a familiar and well
used application.
This means that many consumers of reported information do not have to
go into the ARM application to see information but can call it from portals,
intranets, emails or anywhere that supports direct calling of URL's from a
web browser.
Simplifies the reporting process by providing access only to the reports
required by that user role.
Increases ease of use and the ability to apply risks and their assessment
to the other reporting structures such as assets, financial accounts and
corporate objectives without the need for separate assessment.
Increases ease of use for simple reporting from the configured ARM desktop.
All standard reports are available to customers who also have RPM to be
modified and saved as new custom reports - thereby saving time but more
importantly proving tailored reports for each specific customer or reporting
process.
C ARM Reporting/ARM RPM D ARM App
Custom Dashboards & A B
Reports (RPM)
Users able to produce their own
dashboards and reports including grids,
pivot tables and charts.
Drill through support.
Export to MS Office documents and
PDF.
Use of ARM Filters.
Automatic scheduling of reports.
Use of the ARM Security model.
Publishing the reports to other users.
Security Functional A B
Support for both Users and Resources
(resources are available as recipients of
email alerts.)
User roles defining access to specific
system functions (including add, amend
and delete transactions.)
User Groups.
Security attributes enabling risk level
security for cross user group security
(e.g. ITAR security, Supplier risks and
Board level risks.)
Define read/write or read only access
against business or project areas.
Security Preview - capability to preview
different users access and security set up.
User and Security Access reports.
Planning Integration Security (Security
over Plans through interface.)
Scoring Scheme Security.
KEY: A ARM (Core) B ARM Unplugged
C D Benefits
Ability for users to create reports in hours not weeks or months without
technical help. Empowers users to satisfy Stakeholders with impressive
dashboard style outputs or simple wizard driven tables, matrices or charts
using ARM datasets whilst preserving ARM security and filters.
Risk Performance Manager is developed and maintained alongside Active
Risk Manager so all reports produced will be future-proof and not require
redevelopment after subsequent version upgrades.
All available ARM data fields can be incorporated into charts including Risk,
Incident and Audit data and all related entities.
Able to report upon historical Risk and Response data as well as
relationships between Risks (Summary/Detail and Master/Copy) as well
as links between Risks and Incidents and Risks and Audits.
Dashboards and reports can support drill through to more detailed levels
of reporting to help "tell the story" for a user as they want to find out more
detailed information about anything that has been aggregated.
If required for integration with other systems of whatever reason then RPM
enables all dashboards and reports to be exported to image, document,
Excel and PDF formats.
Rather than users having to use simple data queries or understand complex
data sets, ARM RPM enables users to utilise the same powerful filters that
ARM itself uses, thereby enabling the additional benefit of knowing that the
reports will reflect what you see in ARM when filters are run.
The underlying report scheduling capability of the MS Reporting Server can
be used to automatically schedule reports and have them emailed or saved
to specific file locations.
A major benefit of the ARM RPM sub-system is that it is fully integrated into
the ARM security model. Unlike other reporting systems that would bypass
ARM security, RPM is fully integrated so the developer of the report can
have total confidence that they can in fact give access to the report itself to
anyone in the company, but that the end user would only be able to report
on ARM data that they were allowed to see in the system.
Enables any standard report or library of template RPM reports to be
modified very quickly and made available through the application menu
for other users to access.
C D Benefits
Facilitates an enterprise wide awareness and participation in the Risk
Management process.
Provides functionality to only those authorized to perform key business
functions. Less error and greater confidence in quality of information.
Offers confidence to user groups as to confidential information. As a result users
can use the system freely to identify risks leading to better Risk Management.
Offers extreme security for risks that must remain absolutely confidential on
a need to know basis only. Enables better Risk Management by providing
access to multiple internal or external parties preserving their independence
if and when necessary.
Helps increase risk and opportunity awareness without compromising quality
of information or increased costs. Reduces training costs and needs.
Helps ensure security has been correctly set up and reduces errors.
Preserves security model whilst reporting.
Ensures only authorised staff have access to specific/relevant schedule
data and offers greater consistency of security policy.
Security permissions allowing select users to update scoring schemes to
reflect their local level of risk appetite and thresholds.
C ARM Reporting/ARM RPM D ARM App
Security User Authentication A B C D Benefits
MS Windows authentication.
Standard, safe and good level of security to prevent unauthorised access.

LDAP Authentication for Assure Access

from Entegrity Solutions, and Site
Supports IT strategy and identity management. Facilitates improved HR.
Control of the user community. Reduces effort in resource management.
Minder from Netegrity.
LDAP load and update mechanism.
Synchronise the ARM resource and user registry with your organisations
LDAP repository.

Security Encryption A B C D Benefits

Integrated Network Security with SSL
128-bit encryption.
Offers confidence to users about remote working thus improving
collaboration and therefore better Risk Management.

Application Configuration A B C D Benefits

Customizable screen field labels to fit
standards/process.
Better fit the Risk Management process means less compromises in the way
the business works to perform Risk Management. Reduced development
costs. Meets changes in future requirements better protecting investment.

Creation of customized record types.

Record types to enable you to capture different information in different
record types such as Assumptions, Issues, Concerns, Key Risks and turn
on/off fields for use in different scenarios to fit your business processes.
Apply mandatory and read only settings to different fields on each of your
record types to enforce a standard process and quality of data capture.

Risk Matrix (size of matrix, colors,

threats & opportunity, scores.)
Meets the needs of RM process without having to invest in enhancements.
Better fit to process leading to easier adoption. Simpler to modify to meet
future requirements.

Multiple Scoring schemes based on risk

appetite at different levels.
Enables different parts of the organisation to have different Risk Management
process/scoring assessment. More relevance, more participation, more value.

Additional user defined visible fields on

Risks.
Meets the needs of RM process without having to invest in enhancements.
Better fit to process leading to easier adoption. Simpler to modify to meet
future requirements.

Advanced email alert configuration.

Improved user interaction. More specific information to users for awareness
and action.

User options turn off/on icons, Panes.

Meets the needs of individuals better, enabling more buy-in participation in
the Risk Management process.

Drop list values in Risk, Impact, Plan

and Response data entry.
Meets the needs of RM process without having to invest in enhancements.
Better fit to process leading to easier adoption. Simpler to modify to meet
future requirements.

Security Caveats & Classifications.

Enables user community to clearly understand the confidentiality of the
information they are using leading to reduced unauthorised disclosure
of information.

Language sets for different user

populations.
For some customers they can reduce training needs and improve
understanding/familiarisation of the Risk Management process.
Better data capture.

Local folder administration delegation to

allow project managers or department
Distributes ARM administration to the parties in an organisation that need
the ability to manage day to day aspects of their folders such as user
managers to configure and manage their access. Relying less on IT departments to have single responsibility for
own business folders. all administration tasks.

Configure how resource names are

stored in and displayed in ARM.
Align ARM with company policies around user identification making it
familiar to users and increasing take up and allowing an easier searching
and ordering of users records.

Configurable drop down lists and multi

select fields.
Configure the contents and order of items in drop down lists and multi
select fields to fit with your businesses terminology and process.

Configurable Active X usage.

Configure whether or not you use Active X or .NET based charts providing
organisation with secure browser lock down policies to gain access to the
configurable charts.

KEY: A ARM (Core) B ARM Unplugged C ARM Reporting/ARM RPM D ARM App
Administration A B C D Benefits
Simple wizard installation.
Simple wizard installation requiring little administrator intervention with the
ability to specify any server locale.

License Management.
Analyze ARM concurrent usage and manage licences across test and
production databases to ensure the most efficient use of your ARM system
and highlight the value derived from the system in supporting your risk
management process.

User Management.
Distinguish between ARM users and resources that are part of the risk
management process but do not consume a licence. Retire users keeping
audit history but preventing them from logging into the system; reassign their
actions and risks to another user. Use alerts to track the creation of new
ARM accounts.

Role Management.
Assign users to specific roles, build a role hierarchy to help local
administrators assign rights to roles beneath them in the hierarchy
to give management abilities where they are needed.

Architecture A B C D Benefits
Platform based on pure MS technology
(.NET).
One of the dominant and long term technology stacks. Only MS, therefore it
all works together. Means new MS Technology products work in conjunction.
MS technology means least potential conflict with IT technology strategy and
lower total cost of ownership.

N-tier design, ability to separate out

web, application and database servers
We are better able to meet Customer interoperability needs and faster
time to deliver. Also protects investment. Matches the spend now with
for load balancing, performance and performance needs now. Greater flexibility.
resilience.

100% designed as a browser based

solution (all functions including
Supports collaborative working, home working globally. Reduced
deployment and upgrade costs. Reduced need for expensive client
administration available through browser hardware. Fits IT strategy for common office products.
interface.)

Designed and developed by a leading

technology company.
Confidence in purchase and ability to support. Long term partner. Technical
excellence giving stability, performance and future proofing. Confidence over
in-house developed solutions and Excel due to supportability and proven
quality.

Browser solution enables operation

across all networks including home
Supports collaborative working and home working (telecommunting) globally.
Reduced deployment and upgrade costs with COTS technology stack.
computing and reduced roll out costs. Reduced need for expensive client hardware. Fits into companies existing
IT infrastructure and strategy.

Web and Application Server based on

MS IIS.
Reduced cost of deployment per user. End users of an IIS application can
run the application using only a browser; no special software needs to be
installed on their computers for the application to work.
A familiar development environment and model. You can leverage your
knowledge of Visual Basic by using the Visual Basic programming
environment and standard, compiled Visual Basic code. In addition, you
can add classes, modules, or any Visual Basic ActiveX component to your
project.
Access to a broad audience. IIS applications work with a wide variety of
browsers and operating systems, so you can easily reach a wide audience.
An object model that gives you direct access to the resources of the
Internet Information Server. The Active Server Pages framework provides
an object model that allows you to directly manipulate the objects at the
core of IIS. This allows you to retrieve information from a browser, send
information to it, and perform complex operations on the contents of a
Web page. For more information on the object model, see "The Object
Model for IIS Applications."
Reusable components. Once you have created a webclass, you can easily
access it in another webclass. For more information, see "Navigating
Between Webclasses."
Separation of code and HTML. Unlike scripting, your code is not
embedded in the HTML document, so you can separate the process
of designing the application's user interface from writing, testing, and
debugging its code.
State management across multiple interactions with the client. You can
manage state using objects or a database, or you can shuttle state
between the client and the server.

KEY: A ARM (Core) B ARM Unplugged C ARM Reporting/ARM RPM D ARM App
Architecture A B C D Benefits
Works within the cloud.
Achieve economies of scale - increase volume output or productivity
with fewer people. Your cost per unit, project or product plummets.
Reduce spending on technology infrastructure. Maintain easy access to
your information with minimal upfront spending. Pay as you go (weekly,
quarterly or yearly), based on demand.
Globalize your workforce on the cheap. People worldwide can access
the cloud, provided they have an Internet connection.
Streamline processes. Get more work done in less time with less people.
Reduce capital costs. Theres no need to spend big money on hardware,
software or licensing fees.
Improve accessibility. You have access anytime, anywhere, making your
life so much easier!
Monitor projects more effectively. Stay within budget and ahead of
completion cycle times.
Less personnel training is needed. It takes fewer people to do more work
on a cloud, with a minimal learning curve on hardware and software issues.
Minimize licensing new software. Stretch and grow without the need to buy
expensive software licenses or programs.
Improve flexibility. You can change direction without serious people
or financial issues at stake.

Browser solution enables operation

across all networks including home
Supports collaborative working, home working globally. Reduced
deployment and upgrade costs. Reduced need for expensive client
computing and reduced roll out costs. hardware. Fits IT strategy.

Web and Application Server based on

MS IIS.
Supports collaborative working, home working globally. Reduced
deployment and upgrade costs. Reduced need for expensive client
hardware. Fits IT strategy.

Performance A B C D Benefits
System benchmarked to 500 concurrent
users (500 people using the system
Confidence in performance and use in Enterprise situations demonstrates
quality technology build. Confidence in that we have customers who run
at the same time) by Active Risk this size of user bases.
(equivalent to approx 10,000 named
users.)

Operating Platforms A B C D Benefits

Web, Application Server and ARM
Unplugged client all run on various
Latest security and performance operating system. Fully supported by
Microsoft. Takes advantage of all MS interoperability capability e.g. Biz Talk.
MS operating systems (please check Scalability means protection of investment and ability to match operating
platform support matrix for release environmental costs as the needs of the business increases."
compatibility.)

Browser based user interface runs on Existing delivery mechanism. Industry standard will also support home
MS Internet Explorer 8 or greater. working. Reduced deployment costs, supports technical strategy increased
HR benefits for home working.

Database A B C D Benefits
SQL Server and Oracle supported
(please see platform support matrix for
Offers DBMS choice without compromise. Oracle enables UNIX operating
systems to be used.
which releases support which versions
of DBMS tools.)

Hardware independent.
Enables better performance/cost mix. May fit IT strategy better. Enables
wider choice. Fewer barriers to change (for acceptance.)

KEY: A ARM (Core) B ARM Unplugged C ARM Reporting/ARM RPM D ARM App
Service Orientated A B C D Benefits
Architecture
MS SharePoint Services delivered as
a native framework.
ARM Apps can be dropped into Sharepoint which can deliver role based
views to users faster. Meets specific user group needs better (tailored
interaction with Risk Management and Incident Management process).
Enables high levels of front-end integration with other applications.

Web Service based API to support

MS Sharepoint and Java based
ARM Apps are portal independent providing high levels of interoperability.
Increase benefits basis on investment. Removes proprietary arguments
Portals (WebSphere, WindChill, Deltek about COTS solutions.
Compass, PlumTree, Oracle, SAP).

Email alerting A B C D Benefits

Advanced email and SMS alert editor
and configuration manager. Set up
Meets majority of email delivery platforms, supporting IT strategy. Increase
user participation and awareness of risk by setting alerts for a wide number
alerts per business folder configured of events in ARM such as new risk raised, status changes or risk assigned
for a particular department of projects to and tailor the information contained in the alert choosing from a wide
needs. range of alert parameters. Increasing benefit and collaboration leading to
better Risk Management. Monitor alerts that have been sent using the alert
audit trail.

Customize alert frequency.

Specify alert frequency on an individual basis and have an option to be sent
a digest of alerts.

Exchange A B C D Benefits
Send URL hyperlinks to colleagues to
allow them to access ARM risk data
ARM integrates with common desktop applications and encourages usage
and buy in to the risk management process.
directly from an email or a document.

Web Services API.

Integrate ARM with other critical applications using the ARM web services
API. Many ARM functions are available through this web based interface.

Interfaces Planning A B C D Benefits

Interface with MS Project supporting
update of work breakdown structure in
Enables consistent and complete Risk Management process against
projects. Reduces user effort in manual entry. Enables more considered
ARM and response linkages between Risk Management in identifying risks against all activities (facilitates risk
applications. identification). Ensures that risk mitigation responses are properly project
managed, increasing likelihood of meeting exposure targets.

Interface with Primavera supporting

update of work breakdown structures
Enables consistent and complete Risk Management process against
projects. Reduces user effort in manual entry. Enables more considered
in ARM. Risk Management in identifying risks against all activities (facilitates risk
identification). Ensures that risk mitigation responses are properly project
managed, increasing likelihood of meeting exposure targets.

Interfaces Requirements A B C D Benefits

Interface with Telelogic DOORS
enabling modelling of risks to contract
Allows the business to determine which business requirements are at risk
of not being met. Therefore increasing ability to meet business objectives.
requirements. Assists risk identification and completeness of Risk Management process.

Interfaces A B C D Benefits
Excel/Server-to-Server
Interface to export and import risk,
impact, plan and response data from
Offers simplistic method of moving data in and out of the ARM database
without loss of information. Reduces effort and increases flexibility in being
ARM to Excel, and from one ARM server able to get data in and out of the application. Supports use of ARM in secure
to another ARM server selecting the environments where data can be sanitized, security cleared and updated on
appropriate data (including Risk and the Universal ARM database automatically (dependent on rules).
Activity and Risk data relationships) to
send/receive.

KEY: A ARM (Core) B ARM Unplugged C ARM Reporting/ARM RPM D ARM App
EMEA Headquarters US Headquarters Australia
Sword Active Risk Sword Active Risk, Inc. Sword Active Risk Pty Ltd
1 Grenfell Road 13221 Woodland Park Road 40/140 William Street
Maidenhead Suite 440 Melbourne
Berks SL6 1HN Herndon, VA 20171 VIC 3000
UNITED KINGDOM UNITED STATES AUSTRALIA
Tel: +44 (0)1628 582500 Tel: +1 (703) 673 9580 Tel: +61 3 9229 3850

www.sword-activerisk.com info@sword-activerisk.com Twitter @SwordActiveRisk