User Guide
Contents
1. RELIANCE Welcome xAdmin Help Change password Sign out Risk Compliance Incident Strategy Dashboards Reports Setup Home Risks Controls Actions Contacts Reports Calendar Back to register 1 Emergency evacuation drills and 1st aid training Control Link Attach Note Actions Change log D Expand all Collapse all Control i evacuation drills and 1st aid Description Regular emergency evacuation training and apishpa onetime estore Responsible area Hyman Resources Responsibility Aidan Acer B Classification Emergency response v Mode Open x Attributes Category Manual Reduces risk consequences Documented Strengths and weaknesses S provides high level of awareness S reduces liability Frequency Applied monthly W getting all staff to attend training v W keeping evacuation procedures up to date Effectiveness ggg Level 1 Key control al and maintaining fire wardens and floor CJ supervisor training Failure rating E Control has never failed Performance E Control tested Pass Implementation and costs Pre existing control C Establishment cost 10 000 Pre existed since KE Ongoing cost 2 500 Planned st T Cos anned start 1 01 2010 3 Cost to date St 0 st Benefit ii 4701 2010 3 pii Due fan 1 01 2010 3I Completio k ni 1701 2010 3 Comment This control is tested regularly by Internal Audit and HSE Group Last modified xAdmin 8 02 2010 10 43 03 PM2. Location Melbourne Type Breach Kk E E EJ amp Category Breach Privacy Claimant Cause Process failure E Reference Notify Blake Blunt Olivia Ottens Mode Open x Consequences Consequences Customer complaint dissatisfaction Product serice Financial cost Severity E Medium Lost time days Management Status J Closed x m Reported by Clanger Ciara Status report Internal audit undertaking review of mailout Reported to Adlam Alice procedures Issue now subject to Audit Report Reported on 8 02 2010 8 00 PM 3 Corrective action On going monitoring iv E x t3 Corrective action performed by Ottens Olivia Status date 24 02 2010 ke gB Sign off Adlam Alice Comment Letter of apology sent out within 24 hours of the original mailout Each member was also called by their account manager with an unreserved apology Internal Audit requested to review mailout procedures to ensure there is no repeat of this incident Last modified Daniel 18 02 2010 3 48 AM Risk Wizard Pty Ltd 2009 2011 riskwizard com RELIANCE v3 7 10511 0 RiskWizard UserGuide_V3 7_May2011 User Guide v2 1 Page 44 58 2011 Risk Wizard Pty Ltd Risk Wizard User Guide v3 7 Table 8 Incident register field detinitions N Automatically generated in sequential order This is the unique Incident O record number Deleted record numbers are not re used Incide
3. 57 Product 5 Complia nce 6 Complia nce Strategy Report name Risk status report Control status report Risk owner report Control responsibility report Compliance obligation report Non compliance report Strategic perspective report Report type Risk manager Risk manager Executive Executive Executive Fields reported Risk fields Number name owner risk rating Linked control fields Number name responsibility failure rating effectiveness status control mode Control Fields Number name responsibility failure rating effectiveness status control mode Linked risk fields Number name owner risk rating risk mode Risk fields Owner number name risk rating Linked control fields Number name responsibility failure rating effectiveness status control mode Control fields Responsibility number name failure rating effectiveness status Linked risk fields Number name owner risk rating risk mode Obligation fields Number name obligation ref obligation owner responsible area authority name importance Linked task fields Number task date task name task manager status status report obligation achievement compliant task mode Obligation fields Number name obligation ref obligation owner responsible area authority name importance next obligation date Linked task fields Number task date task name ta
4. Closed action workflow notification will be sent to recipients notifying them of the action closure Closed on Date field Date action was closed Closed by Sinale pick list Person who closed the action Once closed reminder notifications and Close RiskWizard_ UserGuide_V3 7_May2011 2011 Risk Wizard Pty Ltd User Guide v2 1 Page 52 58 Risk Wizard User Guide v3 7 lalerts will no longer be active Start date time Due date time and Overdue notifications Comment Free text Table 12 Additional data fields displayed in the action register Calculated field Status can be open or closed Status is open until Close field has been selected Number Determines the number of minutes hours days months before the due date the due date reminder notification will be sent This can be reset once an alert has been Date field Date on which work on the action should begin Email reminder notification can be issued for the Start date Users can change the reminder date Number Determines the number of minutes hours days months before the start date the start date reminder notification will be sent This can be reset once an alert has been Calculated field Module is the product module of the linked record to which the action is associated with It could be a risk compliance obligation strategy or a control Module Calculated field Record number and name of the
5. F Third Acer Aidan A Oomer Manager E Performer Owner Manager Performer W Owner Manager Performer Task scheduler non recurring Schedule new tasks Task date start Frequency New tasks Task scheduler recurring Schedule new tasks Task date start Task date end Frequency New tasks scheduled in advance Save Save and create is EJ EJ E E Others wa CJ Others Others a 7 06 2011 D Same day x EA 1 06 2011 D Annually x 2 Duplicate Reset Expand all Collapse all RiskWizard_ UserGuide_V3 7_May2011 2011 Risk Wizard Pty Ltd Description Lease for Sydney office 1 Martin Place Levels 5 8 Approved by Adlam Alice x Date approved 1 05 2009 ko L 3 Obligation budget days L 3 Next obligation date 4 96 2012 Obligation budget cost 1 900 000 Obligation payment 1 800 000 00 Specific requirement Renew lease until 2015 Dependencies Lessor wants to renew the lease lt Task amount payable gt is a new field displayed in the task form Required action Call the CFO and a bref outlining e 1 why the lease was not renewed 2 consequences of not renewing 3 cost of renewing 4 other leasing options is Before 180 Days Before 0 Days 5 Before 30 Days Last modified xAdmin 25 05 2011 5 26 AM Risk Wizard Pty Ltd 2009 2011 nskvazard com RELIANCE v3 7 10511 0 User Guide v2 1 Page 36 58
6. by the due date can have 3 levels of overdue escalation alerts Numeric value In combination with the Due date time field this field will determine the Email reminder number of minutes hours days months the Email reminder will be sent in advance of the action Due date time Due date time Single pick list minutes hours days months used to determine the time period used in Before due combination with the Email reminder number to send an email reminder in advance of the Due date time Selecting this box will turn off all Start date time reminder notifications Due date time reminder notifications and all Action overdue reminder notifications for the respective Action Disable reminder notifications Notif Multiple pick list Person s who should be notified aware of the action Workflow email y notifications and reminders can be set to go to these people Raised by Multi pick list Person s who raised the Action Ee by E pk Tet oroo who hes revived te completeness e _ pick list Person s who has reviewed the completeness of the action Review date date Date field Date which the Reviewed Date field Date which the Reviewed by person reviewed the Action person reviewed the Action Single pick list Measure of approval by the Reviewed by person that the Action has Approval progress been completed Selecting this box indicates the Action has been completed When selected a
7. the record D WAAN D Risk Compliance Incident Strategy a Enterprise p permissions Disable Enterprise s i i isable enterprise view Disable enterprise edit users from viewing the 4 4 ol record Gta Link Attac a iT D vormisio ar Save C ermission Save Save and create Duplicate See ey p Complaint om yu SERR L Pap ee eee ge ean wa ee SI sane ee nd OUT a mo Enterprise permission allows the licenced user to disable enterprise user s access to edit and or view via their email notification hyperlinks the record RiskWizard_ UserGuide_V3 7_May2011 2011 Risk Wizard Pty Ltd User Guide v2 1 Page 12 58 Risk Wizard User Guide v3 7 4 2 Registers The register not only provides a window to the data but also acts as an instrument panel allowing the user to quickly access a range of features and functions The features and functions of the register are explained below Welcome xAdmin Help Change password Sign out WIZARD isk Compliance Incident Strategy Dashboards Reports Setup Home Risks Controls Actions Contacts Reports Calendar F Risk register Create elDelete AView whchart EB matrix Reports Export F Fiter lt Refresh Mode Open d Ho Risk Classification Risk rating Tolerance Treatment status Responsil F P B 1 Employee retention critically low Increasing risk Si Extreme risk Risk treatment required El Risk treatment planned Human
8. Page 17 58 Risk Wizard User Guide v3 7 Export The Chart Export button enables you to export the chart data either into Microsoft Word or Excel Register Export you can choose to export All rows or Selected rows check box to the left of the record register into Microsoft Excel Word Note The Export function exports the data displayed in the register For example if you are looking at the Register Simple view all the information displayed will be exported If you are looking at the Register Detailed view all of the information viewable in the register will be exported When exporting from a register an export window will appear allowing you to choose if you would also like to export other records linked to those you are viewing in the register Linked record information exported includes record number and record name For example if you are in the Risk register and select export Controls and Include name this will result in the risk information being exported plus the control number and control name of any Controls which are linked to the respective risk s Export risks B A Export All v Format Excel v ni Attachments detail Export Close Export linked record options Ma d 7 f Home Insert Page Layout Formulas Data Review View Add Ins 5 T mn oo Lemans z z B caoi jo a n Es General J weeps sta a 3 43 Copy n 5 Fill A ai Pa
9. Risk Wizard User Guide v3 7 Table 4 Compliance obligation form field definitions Automatically generated in sequential order This is the unique No Compliance obligation record number Deleted record numbers are not re used Obliaation Free text Description of the responsibility or commitment which has to g be undertaken performed by the organisation individual Obligation ref Free text Any type of reference code which may be used to identify an obligation Responsible area Multi pick list Business area s responsible for the obligation Obligation owner Multi pick list Person s who is responsible for the Obligation Obligation manager E AN Person s who is responsible for managing the Performed by Multi pick list Person s who is responsible for completing executing the Obligation Classification Single pick list Categorisation of obligations into a common type Single pick list The obligation records like all other records can be Mode saved in any number of record types mode Registers and reports all use mode as a primary filter Descrinion Free text Detailed explanation of the obligation which is easily P understood by people associated with the meeting the obligation Approved b Single pick list Person authorising consenting to the obligation record PP y being listed D Date field Date the obligation was authorised as being correct by an ate approved appropriately authorised person Single pick list
10. Risk Wizard Pty Ltd 2009 2010 riskwizard com RELIANCE v3 5 00209 0 RiskWizard UserGuide_V3 7_May2011 2011 Risk Wizard Pty Ltd User Guide v2 1 Page 49 58 Risk Wizard User Guide v3 7 Table 10 Control register field definitions Field name Comment Automatically generated in sequential order This is the unique Control record number ee EE en record numbers are not re used Control Free text Name Free text Name of the Control e g Fraud Fire emergency Product demand falls the Control e g Fraud Fire emergency Product demand falls EHecivenase Single pick list Examples of Effectiveness are Needs improvement Working effectively Not assessed Calculated field The implementation status of each control is shown here For example Status if the control has not been completed by the due date a status of Overdue is shown Other examples include Completed late Overdue Start Calculated field The variance relates to the Status column and refers to number of days Variance For example a Variance of 36 is shown The corresponding Status shows Completed Late Therefore this control was implemented 36 days after we planned Single pick list Assesses likelihood and consequence of the control failing Examples of Failure rating are Low chance High impact Medium chance Medium impact Failure rating Single pick list This enables you to assess the past performance of the control in terms Per
11. WIZARD Risk Compliance incident Strategy Dashboards Reports Setup Home Risk l Risks Controls Actions Contacts Reports Calendar Back to register 1 Employee retention critically low Save Save and create Reset Expand all Collapse all Risk Employee retention critically low Description Employee retention has reached such low levels that is beginning to have a significant effect on future operations area Human Resources B Owner Daniel Drake fication Increasing risk v Mode Open v Non financial risk estimation 2 Major Almost certain r gt so i Managed Major Likely Extreme risk REER J Absolute O managed O residua Comment The Board have had emergency meetings to discuss this problem and have hired consultants to report on how to re engage with the staff base and new recruits Save Save and create Reset Expand all Collapse all Risk Wizard Pty Ltd 2009 2010 riskwizard com RELIANCE v3 5 00209 0 6 1 Risk Risk provides a repository for risk related information for example risks issues opportunities potential loss events Risk details inform you about key attributes e g risk category the control and treatment status e g control evaluation risk estimation non financial and financial and what perspectives and controls the risk is linked to The Risk module can be accessed from Fisk provided the user has access permissions RiskWizard_ UserGui
12. 2 reminder notifications and up to 3 overdue notifications provides a engagement and interaction between licenced and enterprise users f Welcome xAdmin Help Change password Sign out wwtiaz A nA O Risk Compliance Incident Strategy Dashboards Reports Setup Home Risks Controls Actions Contacts Reports Calendar Back to register 13 Segregate all financial duties Attach Note Change log Pt Save Save and create Duplicate Reset Expand all Collapse all Action Segregate all financial duties Description This was one of the recommendations from the consultants for improving control within the Finance group Responsible area Finance Manager Alice Adlam Assigned to Bridie Biere Type Control implementation plan Priority J MEDIUM ba s Mode Open a Action progress ___ Please select a Management Start date time 24 05 2011 9 00 AM 3 Raised by Ciara Clanger Email reminder 4 Days before start Reviewed by Olivia Ottens Due date time 30 06 2011 11 00 AM ko 5 Review date 26 05 2011 a2 Email reminder 3 Days ve before due Approval progress __ Please select Disable reminder notifications F Close F Notify Daniel Drake Lewis Locke D Closed by D Comment Good progress being made Will close once completed Save Save and create Duplicate J Reset Expand all Collapse all Last modified xAdmin 20 05 2011 12 53 PM Risk Wizard
13. Chart Category v aly 5 Category Business P f Continuity risk a a Compliance Operational isk lt q Strategic ik M Not set 11 J 0 2 4 6 8 10 12 14 Number of risks weal W ai oee e r Nina saai P E OON ae T eS a RiskWizard_ UserGuide_V3 7_May2011 2011 Risk Wizard Pty Ltd User Guide v2 1 Page 15 58 Risk Wizard User Guide v3 7 Matrix Risk only The Matrix button displays an interactive risk matrix heat map This is a graphical representation of the risk matrix used to measure risk It shows the distribution of all risks in the risk register The risk matrix has a matrix display option which allows you to choose the type of risk rating displayed in the matrix Current estimation Absolute Managed Residual It also allows you to display the risk level which is associated with each cell in the risk matrix The register below the matrix allows you to sort the matrix data by any criteria The matrix provides a range of reporting options which includes printing exporting the register information to Microsoft Excel Word saving the matrix as a jpeg file exporting the full report to Microsoft Word or a pdf file Welcome xAdmin Help Change password Sign out Risk Compliance Incident Strategy Dashboards Reports Setup Home Risks Controls Actions Contacts Reports Calendar Back to register Risk matrix gt Matrix display i Print report Export re
14. E Select matrix J Absolute V Managed charts to include R V Residua V Current estimation V Rej ange n Generate report for All records Enrmat ormat PDF v l Generate Report J Close Samp e Risk rating report i Register g Run Thursday 11 February 2010 9 24 AM Run by xAdmin xAdmin f rep ort Risk Description Responsible area Consequence Likelihood Risk level Risk rating E Employee retention has reached such 1 Employee retention critically ow low levels that is beginning to have a cpeenennnes ai Ni AAE Wer oan f significant effecton future operations 5 Fraudulent activity by employees Human Resources pipet EE amongst industry peers is on the rise CEO Catastrophic Possible 21 00 Bh EGE risk y so we must stay vigilant about this sort 5 of risk F Number of hackers and hacking Information 3 Computer hacking episodes has increased 10 foki over Technology iiai POEDING 1e W aak last few years gt gt Networking 4 Strike by workforce Strike by employees in one or more of Human Resources Major Possible 19 00 Bich risk l In wake of GFC funding has been g 5 Capital investment inadequate hard to arrange although this risk CEO Financa major a 1400 W seems to be diminishing A 7 Software virus Util ilure Electricity gas 9 5 k k 3 TUNRA a ag ary A i ae eee Lee ON i D an ih ann K ht a ae a a RiskWizard UserGuide_V3 7_May2011 2011 Risk Wizard Pty Ltd User Guide v2 1
15. E AT 13 doa DaS 91 2 06 co roA E A E E EE A T A E EE 21 5 Common record level functionality ssesessessessssecseseosssecsesecsosecsesecsosecseseososececseceoseceoseceoseceeseceeseseeseo 27 S L aa E E A A A E A E aan 27 De A a A E E E E EE E ne A A R 27 SA E e a A E E IE E E E E E E A E ANE E EEE E A E eet 28 IA AO aer EEA AE A AEEA N EEE T A E E AAE S 29 PEE CTIA COG AEE E E E A E E EA A E AEEA E AT 30 6 RISK aoso SE 31 e GRR 4 C1 E E A A E E E E A E A O EE A A A A E E A een eee 31 7 COMPING E ooer O 35 Fd OOJO ONE orrrisere ii rair E TEETE ETOO NETT NE OOO 35 PE 0 a EA E TAA A EE E EE AOA 40 8 Maa e pi E cn veep pate venga E E E E E E E ss meusns anny ease yaneere 43 9 S A OV SEA E E E canes eu E E E A EE EE E E E E E 46 LI FPE PETOS a E E E A E E Trae rye 47 10 CONTO ssns E E E E EEE A E E O E E E 49 I AON ooi EE sosmeeseascesutentcentsanseesetestwenienous 51 12 COMICS roo E A 54 1 REDO S aa ste vssuebecisannvsnavecsstaasorancesseandoeuysuesiaubersvanecenseussyaneuesusebeysaeuncanes 56 14 LAEDIT a a N N E yas E AOT AOOO O N 57 RiskWizard_UserGuide_V3 7 __May2011 2011 Risk Wizard Pty Ltd User Guide v2 1 Page 2 58 Risk Wizard User Guide v3 7 Manual updated for Release 3 7 May 2011 This manual has been updated for release 3 7 Amendments are highlighted by a bold black border on the right of the paragraph as per the example below This is an example of the border applied to the paragraph updated in
16. Free text Name of person persons making a insurance other claim against Claimant N the organisation Free text Incident reference This could be an internal file reference or Reference i ae possibly a reference to an insurance claim related to incident Single pick list The incident records like all other records can be saved in Mode any number of record types mode The Incident Register uses the mode as a primary filter Location Single pick list Location of incident Category Single pick list Category of incident Causes Multi pick list Different causes reasons for incident Reported by Single pick list Person who reported incident Reported to Single pick list Person to whom incident was reported Reported on Date and time field Date time when incident was reported Notify Multi pick list Person s who require to be notified about the incident Responsible manager Single pick list Person who is responsible for managing the incident Corrective action Single pick list Corrective action required Corrective action performed by Single pick list Person responsible for carrying out corrective action Status report Free text Report of incident status in relation to management of incident Status date Date field Date of status relating to management of incident Sign off Single pick list Person responsible for sign off of incident management RiskWizard_UserGuide_V3 7 _May2011 2011 Risk W
17. Pty Ltd 2009 201 1 riskwizard com RELIANCE v3 7 10511 0 RiskWizard_ UserGuide_V3 7_May2011 2011 Risk Wizard Pty Ltd User Guide v2 1 Page 29 58 Risk Wizard User Guide v3 7 5 5 Change log The new enhancements in the current change log are e Display the names of linked records additions removal of links e Track changes done to a linked record after it has been linked to a specific record All linked records which have been changed after the linking will be marked with an asterisk For example see below linked control 2 under the column New Value has been edited after being linked to the respective record Export Change date Field name Old value New value Changed by 17 02 2010 4 58 PM Linked incidents 3 Theft Cash Ciara Clanger A 1 Emergency evacuation drills and 1st aid F 11 02 2010 9 35 PM Linked controls aining 2 Armed security guards patrol premises 4 induction training for all staffivisitors rmed security guards patrol remises 4 Inducwpn training for all xAdmin xAdmin affivisitors G y evacuation drills and 1st aid E 11 02 2010 9 28 PM Linked controis TANNI ZAMON SOONE INOS pairol premises 4 Induction training for all staffivisitors m xAdmin xAdmin 11 Rotate rosters 12 instruct all 11 Rotate rosters 12 Instruct all ESERIES EPR AY 9 02 2010 4 11 PM Linked actions employees to use up annual leave er Pibenn xAdmin xAdmin 2 13 Seg
18. Pty Ltd User Guide v2 1 Page 41 58 Risk Wizard User Guide v3 7 Result date Date field Date on which the task result was entered Free text Outcome for the task For example was the obligation Result met achieved ee Single pick list Select a descriptor which best describes the level of obligation Obligation achievement achievement obtained for the task Single pick list Choose option which best describes the end result from the Non compliance outcome work undertaken for the task Non compliance cost Financial amount Cost resulting from not meeting achieving the task Comment Free text field l Free text Explanation why execution of the task did not meet the obligation Reason for non compliance l requirements commitments Free text This field can be pre populated from the obligation when the task is created Alternatively the required action can be updated or entered as required Required action Resporsi Notify Person responsible for completing the pre defined Required action when the task is recorded as being non compliant Pre populated responsible person comes from the Responsibility field in the Obligation input edit form Click this field if you want the Responsibility person to receive an email notification providing details of the required action when non compliant when the task is saved Action taken Free text Explanation of what action was t
19. Selections made in the Obligations section will automatically be mapped into any Tasks which are created Tick box Third workflow reminder for the Task due date Selecting the Third tick box will initiate the Third workflow alert for selected recipients Owner Manager Performer or Others Selections made in the Obligations section will automatically be mapped into any Tasks which are created Others Tick box Select the Others tick box then select the double arrow button to RiskWizard_UserGuide_V3 7 _May2011 2011 Risk Wizard Pty Ltd User Guide v2 1 Page 38 58 First Second Third Risk Wizard User Guide v3 7 choose additional recipients for the respective notification There are no limits on the number of Other reminder recipients Selections made in the Obligations section will automatically be mapped into any Tasks which are created Number The number of days before the Obligation Task date that the workflow Before days ae reminder will be sent to he relevant recipients Table 5 Additional data fields displayed in the obligation register l Calculated field Average risk level of all risks linked to the Aggregated risk level eee obligation Wem ated coniro Becavencce Calculated field Average control Effectiveness rating for all ggreg controls linked to the obligation Yes No option When setting up a time based obligation a Recurring obligation is one which keeps a
20. also include a time element where for instance something has to be done by a certain date In most cases compliance will be used to record manage and report on internal and external obligations Internal obligations commonly come in the form of policies procedures and guidelines External obligations may come in the form of government regulations and directives contracts and obligations with suppliers or customers and social and industry related responsibilities Engaging staff in the compliance process is very simple and straight forward Compliance has an Enterprise task screen which gives non RELIANCE system users access to view update and record the management of compliance obligations over time A range of compliance workflow processes provide notifications reminders and alerts which contain a range of compliance information as well as links to the Enterprise Task update screen Compliance is divided into two separate but related elements Obligations and Tasks 7 1 Obligations An obligation is a separately identifiable record has provides the background and context of what has to be done by whom why and when Where there is a time based delivery for the obligation it also creates the schedule for carrying out that obligation and initiates an automated workflow process to ensure the relevant persons are aware of their responsibilities Compliance has an obligation register with the accompanying tools such as filters export and char
21. date field completed Risks responsible for where no responsible person s are linked Risks responsible for where no controls are linked Risks responsible for where non financial risk estimation field is blank Risks responsible for where exposure field is blank Risks responsible for where financial risk field is blank Risks for responsible area for where risk owner field is blank Risks responsible for where responsible area field is blank Compliance obligations responsible for where obligation has not been approved Compliance tasks responsible for where task date field is blank Action responsible for where responsible area field is blank Action responsible for where manager field is blank Action responsible for where due date field is blank Action responsible for where assigned to field is blank Action responsible for where action has been closed but the reviewed by field is blank User Guide v2 1 Page 23 58 Risk Wizard User Guide v3 7 WIZARD Risk rating profile Pie chart of risks responsible for grouped by Risk rating Bar chart of controls responsible for grouped according to Control effectiveness Bar chart of perspectives responsible for grouped according to Aggregated risk tolerance Status of actions Open Closed early Closed on time Closed late Action overview Closed no due date Overdue No due date by product Risk Compliance Control Incident for the specified date range Status of actions which are not clos
22. v3 7 Each Perspective Risk Compliance and Control record has its own set of unique data fields measures and labels unique to that record and register However there exist relationships between Perspectives Risks and Obligations and Controls etc For example A Strategy record Perspective may have one or many Risks linked to it A Risk record may have one or many Controls linked to it A Compliance obligation record may have one or many Risks or Controls linked to it An Incident could be linked to one or more risks controls or obligations A link is the creation of a physical association between a record in one register and a record in another register These links are useful in establishing relationships between records in different registers For example a risk is managed through a range of controls This relationship can be created through the links function Below is another way of viewing the relationships that exist between the available modules objects within the Reliance suite v v v v v v x v v Risk v Incidents v Compliance V Strategy v Control v Actions v RiskWizard UserGuide_V3 7_May2011 2011 Risk Wizard Pty Ltd User Guide v2 1 Page 7 58 Risk Wizard User Guide v3 7 2 Getting started The RELIANCE system administrator will manage all access privileges Please see your RELIANCE administrator for a valid Username and Password 2 1 Login and Sign out To gain access to the syst
23. view edit mode an icon in the shape of a lock is shown in the top right hand side of the record window Click the closed lock to display the selected permission tags for that record If the lock is open then it is a public record The lock is disabled where the user has no permission change privileges i Welcome xAdmin Help Change password Sign out SAS i B Select permission tags x nE sae Aee Name Tape Description Back to register 6 Com J CEO and Executive Restricted to CEO and oo ast ET 7 Record level Incident i i inance epartment only inance ept fiSKS permission z Designed for records entered vi Save Save and create Enterprise Recorder that are tit General access common shared by department and that require permission greater than public access HR department only HR dept only f EINSA IT department only IT dept risks a Ne hee ath O y S a eee mh i P ano is Fa N p Fee Saver Te a Record Level Permissions determine what records licenced users can view in the system In this example access to see this record is limited to Users who have been allocated the CEO and Executive permission tag The Risk Wizard administrator can give Users access to change the permission tag from one tag to another tag or to select additional tags which can see the record Disable Enterprise ae R i A ae E users from editing Di n 5K S
24. 2 1 Page 43 58 Risk Wizard User Guide v3 7 WIiIZAAD Sample Compliance obligation screen i Welcome xAdmin Help Change password Sign out wre tz a FS CS Risk Compliance Incident Strategy Dashboards Reports Setup Home Calendar Incidents Controls Actions Contacts Back to register 2 Breach Confidentiality tink Attach Note Actions Change log oS Save Save and create Duplicate Reset Expand all Collapse all fe Incident Incident Breach Confidentiality Questionnaire Q1 What is the nature of the confidentiality event Description Please select the option which best describes the nature of the event you are logging pes Response incident Description Q2 There was an actual breach of confidentiality Identify the type of confidentiality breach Description Select the category of confidentiality breach which best describes the incident rp Response Personal banking details Description Complete and save Reopen Incident detail A Description Marketing sent out an introductory letter to new account holders introducing the range of products and services offered by the firm Unfortunately in the letter a mail merge error printed out all the name and account details of all other new accounts for the month Date Time 5 02 2010 11 00 AM Responsible area gt gt Marketing Responsible manager Locke Lewis D amp
25. 3 7 _May2011 2011 Risk Wizard Pty Ltd User Guide v2 1 Page 33 58 Risk Wizard User Guide v3 7 Managed Entity for example 40 000 80 000 x 50 Financial risk Ex P Calculated field This is the Residual Financial risk Financial risk estimation for the Residual Entity for example 5 000 50 000 x 10 Created Date that the Risk was created Created by Name of person who created the Risk Last modified Date that the Risk was last modified Last modified by Name of person who last modified the Risk Entry metho Automatically system generated Risk created in Enterprise Risk screen will be recorded as Enterprise and risk created in the Risk product will be Register risks Linked perspectives List of Perspective record numbers that are linked to the Risk Linked controls List of Control record numbers that are linked to the Risk Linked obligations List of Compliance obligation record numbers that are linked to the Risk Linked incidents List of Compliance obligation record numbers that are linked to the Risk Permissions List of Permission tags associated with the record RiskWizard UserGuide_V3 7_May2011 2011 Risk Wizard Pty Ltd User Guide v2 1 Page 34 58 Risk Wizard User Guide v3 7 7 Compliance COMPLIANCE is a powerful tool for managing obligations commitments and any other type of activity where there is a desired outcome to be achieved In some cases these outcomes may
26. 4 Days before start Reviewed by Olivia Ottens atate 30 06 2011 11 00 AM D O aiaa 26 05 2011 Email reminder 3 Days ve before due Approval progress __ Please select Disable reminder notifications F Close Notify Daniel Drake Lewis Locke Closed by D Comment Good progress being made Will close once completed Save Save and create l Duplicate j Reset Expand all Collapse all Last modified xAdmin 20 05 2011 12 53 PM Risk Wizard Pty Ltd 2009 2011 riskwizard com RELIANCE v3 7 10511 0 RiskWizard UserGuide_V3 7_May2011 2011 Risk Wizard Pty Ltd User Guide v2 1 Page 51 58 Risk Wizard User Guide v3 7 Table 17 Actions register tield detinitions Field name Comment Automatically generated in sequential order This is the unique Action record number So ie nn on record numbers are not re used Action Free text Free text Description of the action activity tobe undertaken a i sti itsti s of the action activity to be undertaken Responsible area Multi pick list Business area s responsible for the Action Vanade Multi pick list Person s who is responsible for managing the Task Default will be the g same as the Obligation manager This amount is copied from the Obligation form Multiple pick list Person s who has been given responsibility to complete that action Assigned to People can be added to the list if they are not already there
27. Aidan Acer Contact Change log Expand all Collapse all Personal details First Name Aidan Email address info riskwizard com Last Name acer Phone number 93 9602 4200 Contact type Employee ba Mobile number Position title Executive a E Fax number Company Risk Wizard v E3 Authority details Contactis a system user yes Ono User name aidan Role Executive Group Password vvvvvovovoooo Default record level permission CEO and Executive Re enter password TTT T TT TTT tt Can change permissions yes Ondo Account disabled yes mno gt Address details Expand all Collapse eall a T milkman dan ann aghyetie nnn cn nda A a ch GAR ALO SAIN lan alr lr ns Em gree AO ten yin Last modified xAdmin 3 02 2010 10 32 23 PM RiskWizard UserGuide_V3 7_May2011 2011 Risk Wizard Pty Ltd User Guide v2 1 Page 54 58 Risk Wizard User Guide v3 7 Table 13 Contacts register field definitions Field Name Comment Last Name Free text First Name Free text Check box The box is checked to denote that the Contact is a valid user of User the system If the box is left unchecked the related Contact cannot use the system If the Contact is a user then their access can be either Yes access enabled or No access disabled This is the user s specific role The role determines the system access permissions for example view edit and delete permissions Check box The box is checked to de
28. Governance Risk Compliance Software NEW SOFTWARE USER FRIENDLY WEB BASED FLEXIBLE SCALABLE _ _ _ i ml RISK lt 5 COMPLIANCE B AUDIT ovu Bl a INCIDENT zE STRATEGY E T 61 3 9602 4200 E info riskwizard com www riskwizard con User Guide Risk Wizard Version 3 7 Published May 2011 Risk Wizard Pty Ltd 2011 Risk Wizard User Guide v3 7 Table of contents BVOC CUO se E enedeasaconsentcesessosecumeceseencdeueactes 4 1 Quick guide to SYSTEM axe ceceicesiestotscnted piisistcaninnainuacerauteesesieacssavaneasssviipuauevasaweanvuccsiseriecesiapsionianaisaniinniuaetians 4 Leal System b ilding DIOCKSccieircrenieieniinrais EA RENE RONE ENAERE EREEREER ETRIE 5 1 2 Relationship between Strategy perspectives Risk Compliance Incident Controls and Actions 6 2 Getihe started errog E N A 8 ZT L gin GIO SINOU eorr nara ETERO E OOOI 8 2a AGG pas WONG arerin oN e EENE EER O EE AEE E AOTER 9 3 Maim me UN aaa ssc scnenwecsstueundoecusneteeteneutounesscesunenwceousnesancs 10 Ded O a E TE A A EA E E EE E EEE EA E EEEE E 10 32 Product SUMO cenrt ani int o a IE TOTE TOITE TEO EE AEEA NTA 11 4 Major features and functions ssessssessessssecsssecsesecssseoscsecsesecsesecseoecssseosesecsesecessecseseosesecsesecsesecsesecseseoe 12 4 1 Record level permissions scene sesiistee sees cetennanneaanoqerecene iier iru a ensite ENE na NANENANE EEA ASAAN TEERAA REENE 12 da RESTE rnnr E E E E E E E E
29. Group from which the obligation is sourced External Authority name sources may include government authorities Internal authorities may be a policy procedure from a business unit R l Single pick list Internal external regulations or codes of activity from PoU aWon which obligations come from E Free text Any type of external reference code which may be relevant xternal reference Pae o to the identification management or background of an obligation Free text Any type of internal reference code which may be relevant nternal reference oe ae to the identification management or background of an obligation Obligation budget days Number Budgeted number of days for meeting the obligation Next obligation date Date field Date on which the obligation is next due to be completed Obligation budget cost Financial amount Budgeted cost of meeting the obligation Obligation payment Financial amount Actual cost of meeting the obligation General requirement Free text Overview of the obligation requirement Specific requirement Free text Detail explanation of the obligation requirement Single pick list Measure of how significant the obligation is to the organisation Single pick list Measure of how effective current controls are in Control evaluation a ae achieving the obligation Importance Single pick list Measure of the how significant not fulfilling the Non compliance risk ee S obligation is t
30. Res OA Je 2 Fraud by employee Emerging risk WB Extreme risk Risk treatment required Risk treatment in progress Human Res T TR i E No further risk treatment Information os A 3 Computer hacking Increasing risk I High risk Risk accepted marie ARSE O 2 E 4 Strike by workforce Stable risk E High risk To be determined WM Risk treatment under review Human Res F 8 E 5 Capital investment inadequate Diminishing risk O High risk Risk accepted amp Risk treatment completed CEO Finan OA JE Software virus Ea pay wey E TE ee sa Create Select the Create button to take you to the New record screen Required fields are marked with a red vertical line Edit Select the Edit icon pen in the second column of the register to take you to the Edit record screen RELIANCE Welcome xAdmin Help Change password Sign out Risk Compliance Incident Strategy Dashboards Reports Setup Home Risks Controls Actions Contacts Reports Calendar Back to register 1 Employee retention critically low f Attach Note Actions Change log a Expand all 7 Collapse all J Risk Employee retention critically low Description Employee retention has reached such low levels that is beginning to have a significant effect on future operations Responsible area Human Resources Owner Daniel Drake D Classification Increasing risk Mode Open k v w ee ee ae ae ae ii a N A UY ee ee es R
31. Seven registers Risk Compliance 2 Incident Single input screens Risk Compliance Incident Strategy Control and Action Rich functionality RiskWizard_UserGuide_V3 7 _May2011 2011 Risk Wizard Pty Ltd User Guide v2 1 Page 4 58 Risk Wizard User Guide v3 7 Strategy Control and Action Links to other Create delete Edit risk information Duplicate registers Attachments No business rules Export Chart Drag amp drop columns Filtered reports Multiple charts Vielcome System Help Change password Sign out r RELIANCE Welcome System tiolp Change password Sian out leas r x FISK gt gt w z L wiano Dashboards Reports Setup Horr Compliance Event Strate Auc Dashboards Reports Setup o the selected format Risk status report 1 Acquisition of competitor Owner Responsible area Finary Ae oe BAe OOO 004 He Financial exposure Risks Y pr ae ae ae Range of reports Strategy 1 Risk 4 Each register has a wide range of charts Compliance 2 Report filters Export to excel Strategy 6 Risk 20 Compliance 10 Incident 8 and Control 9 Export chart data Print save cut amp paste 1 1 System building blocks RELIANCE is made up of a number of screens which quickly become familiar and recognisable They form the building blocks of the system and will be consistent in terms of look and functionality between products and modules The buildi
32. Workflow email notifications and reminders can be set to go to the Assigned to person Type Single pick list Categories for describing the general nature of the action to be yP e a e a e aR ean e Priority Single pick list List of labels for prioritising the importance of the action pick list List of labels for prioritising the importance of the action Single pick list The action records like all other records can be saved in any number of record types mode Registers and reports all use modes as a primary filter Description Free text This is the detailed explanation of the action Action progress Single pick list Measure of how complete the action is Date field Date work on the action should begin This is in effect a first level reminder of Start date time the action due date Numeric value In combination with the Before start field this field will determine the Mode Email reminder number of minutes hours days months the Email reminder will be sent in advance of the Start date time Single pick list minutes hours days months used to determine the time period used in Before start combination with the Email reminder number to send an email reminder in advance of the Start date time Date field Date on which the action is scheduled for completion Email reminder notification can be issued for the due date Users can change the reminder date Actions which have not been closed
33. aken for the non compliant task Completed Date field Enter the date on which the Action taken was completed Task start reminder Tick box First workflow reminder for the Task due date Selecting the First tick box will initiate the First workflow alert for selected recipients Owner Manager Performer or Others Selections made in the Obligations section will automatically be mapped into any Tasks which are created Tick box Second workflow reminder for the Task due date Selecting the Second tick box will initiate the Second workflow alert for selected recipients Owner Manager Performer or Others Selections made in the Obligations section will automatically be mapped into any Tasks which are created Tick box Third workflow reminder for the Task due date Selecting the Third tick box will initiate the Third workflow alert for selected recipients Owner Manager Performer or Others Selections made in the Obligations section will automatically be mapped into any Tasks which are created Tick box Select the Others tick box then select the double arrow button to choose additional recipients for the respective notification There are no limits on the number of Other reminder recipients Selections made in the Obligations section will automatically be mapped into any Tasks which are created Number The number of days before the Obligation Task date that the workflow Before days ae reminder will be sent to
34. arious sales and marketing risks could affect the sales expansion strategy To establish a relationship the data records must be linked together Once linked the linked information can be analysed through dashboards reports and registers RiskWizard UserGuide_V3 7_May2011 2011 Risk Wizard Pty Ltd User Guide v2 1 Page 11 58 Risk Wizard User Guide v3 7 4 Major features and functions 4 1 Record level permissions Record level security can be enabled through use of permission tags linked to the user s role For example a Finance role is created John is a user and is assigned to the Finance role There are 50 permission tags created for the organisation in total and out of these Tag s 15 16 17 and 18 are linked to the Finance role Therefore John has permission to access any record in the database that is associated tagged with these tag numbers Furthermore he can change permission tags on a record if he has been granted rights within his user privilege section Record level permissions enable the organisation to segregate information within the database so that one business unit or person is prevented from viewing another s records Each user can have a nominated permission tag This tag is automatically assigned to any record that user creates If no tag is nominated then the user s records are automatically public Permission tags against a record can be viewed to the extreme right of the Register detail
35. ate when Risk tolerance approved approved Risk level Number field Enter the Aggregated risk tolerance Risk level for the Perspective This is compared to the average risk level for all risks linked to the Perspective Aggregated risk Calculated field The risk level for each risk linked to the Perspective is level aggregated and a simple average calculated Variance Risk level Calculated field If the variance is negative adverse it means that the v Aggregated risk average risk level for all linked risks is above our tolerance level for the level Perspective A positive favorable variance indicates we are within tolerance Variance Corporate Calculated field If the variance is negative adverse it means that the appetite v average risk level for all linked risks for the Perspective is above our Aggregated risk Corporate appetite A positive favorable variance indicates we are level below the Corporate appetite Total exposure Monetary field Enter the Aggregated risk tolerance Total exposure for the Perspective This is compared to the aggregated total exposures for all risks linked to the Perspective Total financial risk Monetary field Enter the Aggregated risk tolerance Total exposure for the Perspective This is compared to the aggregated total financial risk for all risks linked to the Perspective Risk tolerance Date field Select or enter date when Risk tolerance reviewed reviewed Comment
36. de_V3 7_May2011 2011 Risk Wizard Pty Ltd User Guide v2 1 Page 31 58 Risk Wizard User Guide v3 7 WIZARD 6 1 1 Risk register All Risk data records are listed in the Risk register See below The complete set of data columns fields in the Risk register are explained here The register not only provides a window to the data but also acts as an instrument panel allowing the user to quickly access a range of features and functions Table 3 Risk register field definitions No Automatically generated in sequential order This is the unique risk record number Deleted record numbers are not re used Risk Free text This is the name of the Risk for example Fraud Fire emergency Product demand falls Classification Single pick list Examples of Classification are Volatile Emerging Declining Stable Calculated field This is the combined result of Consequence and Likelihood Risk rating estimations The risk rating shown is the Current estimation lowest of Absolute Managed Residual risk ratings Single pick list This is the tolerance assessed for the risk Examples of Tolerance Tolerance are Under assessment Tolerable Generally intolerable Single pick list Examples of Treatment status are Treatment approved Treatment Treatment status ie cancelled Risk optimised Responsible area Multi pick list Business area s responsible for the Risk Aggregated control Calculated field The control effectiveness
37. developed i e shows all the perspectives as parent items and the related risks as the child items 2 Risks Obligations Compliance Incidents and Controls are all stand alone separate objects with their own registers Records belonging to each of these objects can be linked to one another through the Link function e g a risk could be linked to one compliance obligation two different incidents five different controls etc 3 Risks Obligations Compliance Incidents and Controls all have their own Actions registers This is a Strict parent child relationship meaning that an Action created for a risk record can only belong to that risk It is not possible to share Actions neither with other items from the same object nor with other objects Strategy Perspectives Risk Compliance Incident Control and Actions are separate registers within RELIANCE Each register is made up of its own individual and unique records For example Strategy register is made up of Perspective records Risk register is made up of Risk records Compliance register is made up of Obligation records Compliance also has a secondary register for obligation tasks which are subordinate to obligations Control register is made up of Control records Actions register is made up of Action records RiskWizard UserGuide_V3 7_May2011 2011 Risk Wizard Pty Ltd User Guide v2 1 Page 6 58 Risk Wizard User Guide
38. ed 30 days before due 15 30 days before due 3 15 days before due 0 3 days before due 0 3 days Action performance overdue 3 15 days overdue 15 30 days overdue 30 60 days overdue and 60 days overdue by product Risk Compliance Control Incidents for the specified date range Control effectiveness Control status RiskWizard_UserGuide_V3 7 __May2011 2011 Risk Wizard Pty Ltd User Guide v2 1 Page 24 58 Risk Wizard User Guide v3 7 4 3 2 Aggregation Aggregation dashboards provide a roll up of related data into a combination of total and average results that can be analysed and compared against pre set tolerances Aggregated information is grouped by responsible business area and shown through a series of information tables and charts Information tables are made up of active links short cuts that take you directly to the relevant data records contained within the register It enables you to focus on aggregated risk tolerance risk level risk exposure financial risk risk controls and controls The charts focus on your risk tolerability risk levels compared to appetite and risks grouped by financial exposure Each chart displayed has active drill down capability enabling you to click a chart segment and immediately view its corresponding data records in the register RELIANCE Welcome xAdmin Help Change password Sign out TISK WIZARD x Risk Compliance Incident Strategy Dashboards R
39. em the correct Username and Password must be entered There is no automatic disabling of accounts where for example a password has been incorrectly entered more than 3 times Generally the following login rules apply e Username is not case sensitive e Username cannot contain spaces e Username should be between 6 and 10 characters in length unless otherwise setup during software installation e Deleted and disabled users cannot login Password attributes include e Minimum 6 characters including leading and trailing spaces unless otherwise setup during software installation e Maximum 12 characters including leading and trailing spaces e Case sensitive e Cannot be blank Note Username and Password are created within the System setup gt Contacts gt Authority details section Username username Password eeeeesese _ Sign in The Sign out link located in the screen header is used to exit the system and return immediately to the Login screen Note The user can simply close the browser tab or entire browser to exit the system if there is no requirement to return to the Login screen RiskWizard_ UserGuide_V3 7_May2011 2011 Risk Wizard Pty Ltd User Guide v2 1 Page 8 58 Risk Wizard User Guide v3 7 2 2 Changing password To change password the user must Change password a click the Change password link inthe A screen header to initiate the password meee change process F New passworc Co
40. en Compliance has an obligation register with the accompanying tools such as filters export and charts etc For example a company may have an obligation to lodge a tax return at the end of each financial year to the relevant government authority The obligation register will contain the obligation to lodge a tax return annually and each year a task is raised to manage and record the lodgment of that tax return Sample compliance obligation Task input edit form f EFSA 1 Welcome xAdmin Help Change password Sign out NS wiitixzaa 5 WIZARD T ratec Dashboards Reports Setup Home Obligations Tasks Controls Actions Contacts Reports Calendar Back to register 33 1 07 2011 Contract payment Task Attach Note Change log ro Save Save and create Duplicate Reset Expand all Collapse all Task pm 1 Contract payment f Obligation n 1 nrel ATO 5566 Task owner Bridie Biere gation Contract payment nanager Lewis Locke D Hernormed OY Lewis Locke nt Renew the contact and make sure the payment i A f is made by the due date l Amount payable 850 000 00 Fask da 1 07 2011 3 Open v Stat Statu E In progress v Status report Payment made contract signed and completed but waiting for them to come back with signatures Suspect they are going to be late 0 days g pe y going ab fe 7 06 2011 3 Result ant B o v Comment They have not come back with signed copies Contacting them dai
41. eports Setup Home gt Person Area Aggregation Calendar Aggregated risk tolerance Yo Perspective risk tolerability Perspectives above risk level 0 Perspectives above total exposure 0 oOo oo oOo Be Perspectives above total financial risk 0 4 Not set Aggregated risk level Risk appetite 15 Perspectives above appetite 0 0 Risks above appetite 4 50 M Aggregated risk exposure Risk appetite 50 000 000 Risk level distribution and comparison to appetite H a Hm ODrerNG ANDOJ Total exposure 5 100 13 500 000 Aggregated financial risk Risk appetite 2 500 000 Total financial risk 5 100 6 850 000 gt 1 1 d 6 Aggregated risk controls i i Effectiveness 14 19 21 22 Establishment cost 0 Risk level Ongoing cost 0 Financial exposure Cost to date 0 Aggregated controls Effectiveness Level 1 Key control Establishment cost 230 000 13 500 000 E Revenue Ongoing cost 87 500 Cost to date 100 000 3 en eS aa yw a F _ ia Sa A ee tl pA aa ne nO en V EN e m ey te RiskWizard_UserGuide_V3 7 __May2011 2011 Risk Wizard Pty Ltd User Guide v2 1 Page 25 58 Risk Wizard User Guide v3 7 Table 2 Aggregation dashboard definitions Attribute Explanation Responsible area Responsible business area s selected Number of records responsible for Number of records responsible for shown as a of total records Aggregated risk tolerance Perspecti
42. ere the Contact is listed in the Owner field List of Control record numbers where the Contact is listed in the Responsibility field List of Obligation record numbers where the Contact is listed in the Responsibility field List of Incident record numbers where the Contact is listed in the Responsibility field Controls responsible for Obligations responsible for Incidents responsible for RiskWizard UserGuide_V3 7_May2011 2011 Risk Wizard Pty Ltd User Guide v2 1 Page 55 58 Risk Wizard User Guide v3 7 13 Reports REPORTS provide access to an array of different reports Typically reports will combine information from two or more modules and show the results in a hierarchical format For example a Risk report might show the key information for all the controls that are linked to a set of risks Under the Reports tab there is a menu item for each product for example Risk default Compliance and Strategy If you select the menu item a list of reports is displayed The list will show the report name the report type and the fields reported Select the report from the list and it will automatically run Within each report there are a range of filters and sort options Filters are criteria used to extract the records from the database for inclusion in the report Sort items are used to sort the records within the report The reports are very easy to print or export pdf file Microsoft Excel Rich Text Format RTF
43. ers An advanced filter engine has been employed in all registers Risk Perspective Control Obligation Task Action Incident The Filter button opens a window containing a filter for all linked records and filters for each field for the record in the registers e A Linked filters e g Linked perspectives controls incidents and obligations e B Data field filters e g risk data field filters RELIANCE Welcome xAdmin Help Change password Sign out E Risk filters Apply Clear all l Close Expand all Collapse all Linked controls Linked obligations Linked incidents Linked perspectives Number Risk Contains v Responsible area Owner Classification Description Contains vi Comment Contains v Non financial risk estimation Financial risk estimation Control and treatment status ONL cents a pana saga i ee N _ i ee NN a et an VETVE E E WORE Ne a Note e More than one filter can be applied within a register e There is no limit on the number of concurrent filters e Filters are not cleared reset when you re enter the filter screen To be sure filters are not already selected click the lt Clear all gt button in the filter screen Core filter groups are e Linked record filters this enables the user to choose a record s from another register to filter on e g in the Risk filter select a Linked control and the risk records returned to the risk register wil
44. esponsible area Aggregated control effectiveness Perspectives Controls Obligations Incidents Actions Attachments Notes No Perspective Mouse over link and tool tip pop up window appears with edit link to control input yindow Mouse click link to go to control r gister eu gt gt NEIWOIRING RiskWizard UserGuide_V3 7_May2011 2011 Risk Wizard Pty Ltd User Guide v2 1 Page 14 58 Risk Wizard User Guide v3 7 Detailed view display all record information in the register RELIANCE Welcome xAdmin Help Change password Sign out Risk Compliance Incident Strategy Dashboards Reports Setup Home Risks Controls Actions Contacts Reports Calendar Risk register lgcreate le lDelete Dview ladcha Matrix 2 Reports Export F Fiter Refresh Mode Open v Simple a O Ho Classification Risk rating Tolerance Treatment status Responsil P Detailed 4 O 2 A 1 N mployee retention crgi ally low Increasing risk BB Extreme risk Risk treatment required E Risk treatment planned Human Res ral W E IE 2 FraudByemp yee Emerging risk E Extreme risk Risk treatment required Risk treatment in progress Human Res N SA E No further risk treatment Information 4 g 2 A 3 Computer hacking Increasing risk BN High risk Risk accepted manta ERN O 2 4 Strikeby workforce Stable risk E High risk To be determined BB Risk treatment under review Human Re F 8 B 5 Capital investment inadequate D
45. for each control linked to the Risk is effectiveness aggregated and the overall average for the Risk is shown Owner Multi pick list Person s who owns the Risk Mode Single pick list This is the record mode for example active draft closed Description Free text This is the detailed description for the Risk Calculated field Each risk can have 3 simultaneous non financial risk estimations namely Absolute Managed and Residual Whichever estimation has the lowest risk level among the Absolute Managed and Residual estimations is deemed to be the Current estimation Consequence Single pick list Measure of the severity the risk could have if it was to occur Likelihood Single pick list Measure of the probability the risk may occur Current estimation Calculated field The Risk level is an automatically assigned numeric value corresponding to the co ordinate of Consequence and Likelihood The Current estimation for the Risk level is used For example a risk with major consequence and possible likelihood might return a Risk level of 12 00 Calculated field The Risk level is compared to the Corporate appetite and the Variance Corporate variance shown A negative adverse variance denotes that the risk has exceeded appetite the Corporate appetite whereas a positive favourable variance denotes that the Risk level is below the benchmark Corporate appetite Risk level Single pick list Examples of treatmen
46. formance of failures and impact Examples of Performance are No failures Occasional failure and High impact Responsible area Multi pick list Business area s responsible for the Control Linked risks List of Risk record numbers that are linked to the Control Linked obligations List of Compliance obligation record numbers that are linked to the Control Linked incidents List of Compliance obligation record numbers that are linked to the Control Responsibility Multi pick list Person s responsible for the Control Classification Single pick list E g Physical control Segregation of duties Management oversight Mode Single pick list This is the record mode for example active draft closed Description Free text This is the detailed description for the Control C pt ik et Eels of Donte Categories are Manes Aerated Domenia pick list Examples of Control Categories are Manual Automated Documented Frequency Single pick list How often the control operates for example weekly monthly annually pick list How often the control operates for example weekly monthly annually Strength and Free text A detailed description of the control strengths and weaknesses is shown here weirs Pre Pre existing control control Check box This indicates whether the control was pre Check box This indicates whether the control was pre existing or not is or not Pre existing since Date field Select or enter the date
47. gs are created by RELIANCE users and shared with other users RELIANCE Welcome xAdmin Help Change password Sign out WIZARD 1 Risk Compliance Incident Strategy Dashboards Reports Setup my Quick start Resources Bulletin Create gt View gt Dashboards gt Charts gt Reports b gt Calendar amp pe amp av E 31 4 RiskWizard UserGuide_V3 7_May2011 2011 Risk Wizard Pty Ltd User Guide v2 1 Page 10 58 Risk Wizard User Guide v3 7 3 2 Product summary 3 2 1 Risk RISK is a powerful risk management information system Used properly the Risk product enables you to quickly and easily build and manage an integrated risk and control portfolio that delivers an array of decision making information The product menu includes Risks Controls Actions Contacts Reports and Calendar The principal menu items are Risks Controls and Actions Accessing these provides you with highly functional risk and control registers that provide a window to your core information From here you can create edit duplicate delete view chart matrix export filter report and refresh your data You also have the option to choose how many records you can display in the register page and what mode of record you wish to view in the register 3 2 2 Compliance COMPLIANCE is an information and management system which helps to register corporate obligations Obligations may come from external or internal
48. he organisation individual This amount is copied from the Obligation form This is non editable Obligation name Obligation specific This field is mapped from the Obligation form It is generally used as an g p instruction for the task recipient to follow in order to meet the obligation for the requirement ai ai specific task period This is non editable Single pick list Description of progress being made in meeting the compliance obligation The Risk Wizard system administrator can determine which response s will Status disable reminder notifications eon eon ads Number Days taken to date in meeting the task Cost period to date Financial amount Cost incurred to date in meeting the task Date field Date used for reporting when the task status has been updated for Status date reporting purposes Free text Work in progress explanation for the particular task This field is Status report displayed in one of the Compliance reports Single pick Choose the yes no or other option as available to indicate whether the obligation was met achieved for the relevant task period Compliance The Risk Wizard system administrator can determine a which Compliance responses will result in a non compliance outcome which in turn may initiate non compliance notification b which response s will disable reminder notifications RiskWizard_UserGuide_V3 7_May201 1 2011 Risk Wizard
49. he register not only provides a window to the data but also acts as an instrument panel allowing the user to quickly access a range of features and functions All Perspective data records are listed in the Perspective register See below The complete set of data columns fields in the Perspective register are explained here RiskWizard UserGuide_V3 7_May2011 2011 Risk Wizard Pty Ltd User Guide v2 1 Page 47 58 Risk Wizard User Guide v3 7 Table 9 Perspective register tield detinitions Field Name No Automatically generated in sequential order This is the unique perspective record number Deleted record numbers are not re used Perspective Free text This is the name of the Perspective for example sales strategy IT project profit target Responsibility Multi pick list Person s responsible for the Perspective Classification Single pick list Examples of Classification are Strategy Project Key Result Area and Objective Category Single pick list Examples of Category are Regulatory Finance Infrastructure Risk tolerability Single pick list Examples of Risk tolerability are Under review Intolerable To be closed Responsible area Multi pick list Business area s responsible for the perspective Mode Single pick list This is the record mode for example active draft closed Description Free text This is the detailed description for the Perspective Risk tolerance Date field Select or enter d
50. he relevant recipients Table 7 Additional data fields displayed in the task register Created Date that the Task was created Created by Name of User who created the Task Last modified Date that the Task was last modified Last modified by Name of User who last modified the Task First Second Third Others RiskWizard_UserGuide_V3 7 _May2011 2011 Risk Wizard Pty Ltd User Guide v2 1 Page 42 58 Risk Wizard User Guide v3 7 8 Incident INCIDENT is a great tool for recording actual incidents events or near misses that have occurred in contrast to risk management where what might happen is recorded Incidents can be any business happening or occurrence loss event near miss accident etc For example the system can record Fleet car accident Workplace injury Network outage Damage to property equipment Customer complaint Bad debt or other financial loss event Utility failure Anti money laundering breach Confidential Privacy breach Fraud etc The detailed information that is captured covers areas related to Details about the incident including its attributes and causal factors Consequences related to the incident Management of the incident and corrective actions Automatic incident notification system via email The Incident register can mirror the risk register in many aspects for example the risk of fraud might have been identified in the risk register while the Incident registe
51. i gt E Low risk Actions 17 100 Current profile a Top 20 risks by risk level 12 80 IE E Top 20 risks by exposure 5 42 _7 Control effectiveness Top 20 risks by financial risk 5 42 ii Total exposure 5 42 13 500 000 a Level 3 Backup control 1 Total financial risk 5 42 6 850 000 Risks above corporate risk appetite 4 33 E Level 2 Supplementary contro m 2 M an E T Genre i peel se P mmmamsaill n t ae oe DONY aui P a ae see 7 OIO aS ee A agta a vena annnnns Aat RiskWizard UserGuide_V3 7_May2011 2011 Risk Wizard Pty Ltd User Guide v2 1 Page 21 58 Risk Wizard User Guide v3 7 Person and Area dashboards contain almost identical display criteria and charts Differences are highlighted below in green Each dashboard is unique in its context person and area The Person dashboard represents all information in the context of a person s and the Area dashboard represents all information in the context of a responsible area s of the organisation The details in the dashboards are explained in more detail below Table 7 Person and Area dashboard definitions Attribute Explanation Responsibility Responsible person s selected Responsible area Responsible business area s selected Number of records responsible for Number of records responsible for shown as a percentage of total records Perspectives Perspectives responsible for Risks Risks responsible for Controls Contro
52. ick of the mouse Dashboard information varies for example from risk profiles to control based activity through to aggregation of strategic items Used properly these dashboards will reduce time spent looking for information and allow you to concentrate more on managing the real issues 4 3 1 Person and Area Person and Area dashboards are a superb way to focus at the individual s and or business area s The dashboards help to provide a thorough understanding of what is happening It enables you to quickly and easily run a comprehensive series of information tables and charts for a person s business area s Information tables are made up of active links short cuts that take you directly to the relevant data records contained within the register It enables you to focus on responsibility overdue and incomplete items plus track recent and planned activity It also contains information on your current risk profile and control portfolio f Welcome xAdmin Help Change password Sign out WW o Z A Ff O Risk Compliance Incident Strategy Dashboards Reports Setup Home Person Area Aggregation Calendar Print report Select dashboards Q Refresh Responsible area No Filter 7 Responsibility items Risk ratin gp rofile Perspectives 4 100 M J Risks 15 100 E pl Controls 10 100 Not set S Ext isk Obligations 5 100 M 6 nes j B High risk P Tasks 15 100 5 r Medium s Incidents 7 100
53. iminishing risk Ej High risk Risk accepted By Risk treatment completed CEO Finan O 2 7 Software virus r A PON ys n Babe m Na 5 a a LS ae Me a T EY se ae SOT Ae ae Charts Chartable data is based on the records shown in the register Available charts are listed in the Chart drop down menu When the required chart is selected from here the related data series appears below the chart The user can toggle between pie chart and bar chart views by clicking the chart icons above the displayed chart Note This option is not applicable to stacked bar charts and some other chart options The Save chart button enables the user to save the chart image to a preferred location Alternatively you can right click the chart image itself and either copy or save the image The Print chart button enables you to print the chart image The print dialog box appears allowing you to select your printer Export button enables you to export the chart data either into Microsoft Word or Excel The default is to export all of the data however you can specify which rows of data you want by checking the required boxes on the left side of the data series RELIANCE Welcome xAdmin Help Change password Sign out Risk Compliance Incident Strategy Dashboards Reports Setup Home Risks Controls Actions Contacts Reports Calendar Back to register Risk charts la Save chart Print chart Export
54. ion owner This amount is copied from the Obligation form Task owner owner Multi pick list Person s who is responsible for managing the Task Default Task manager will be the same as the Obligation manager This amount is copied from the Obligation form Multi pick list Person s who is responsible for completing executing the Task Performed by Default will be the same as the Obligation performed by This amount is copied from the Obligation form JAmount payable Qbligation amount which is payable this task period This amount is copied from the Obligation form Task date Date field Date on which the task has to be completed by Amount amount payable Single pick list The obligation records like all other records can be saved in Mode any number of record types mode Registers and reports all use the mode as a primary filter This amount is copied from the Obligation form Obligation No No Obligation No Calculated field Non editable Compliance obligation number which this task was generated from and to which this task relates This is non editable Calculated field Non editable Reference code used in the obligation record Obligation Ref to identify an obligation This amount is copied from the Obligation form This is non editable Calculated field Non editable Description from the compliance obligation screen of the responsibility or commitment which has to be undertaken performed by t
55. ions all receive an email with the action details and a hyperlink to the Enterprise Action screen The Enterprise Action screen allows recipients to review the action details in a nicely formatted screen that looks exactly like the action screen registered users of the RELIANCE system see Recipients can use the Enterprise Action screen to view the action amend the timing of the action start due reminder alerts as well as updating the status of the action When the action has been completed the recipient can close the action Actions are associated with Risks Compliance Obligations Incidents and Controls Welcome xAdmin Help Change password Sign out wW i A Ff co Risk Compliance Incident Strate Dashboards Reports Setu Home RISK gy I p Risks Controls Actions Contacts Reports Calendar Back to register 13 Segregate all financial duties Attach Note Change log ry Save Save and create J Duplicate Reset Expand all Collapse all Action Segregate all financial duties i Description This was one of the recommendations from the consultants for improving control within the Finance group Responsible area Finance Manager Alice Adlam D Assigned to Bridie Biere 2 Type Control implementation plan Priority ij MEDIUM iv Mode Open a Action progress _ Please select FA Management Sar daroie 24 05 2011 9 00AM 3 Raised by Ciara Clanger Email reminder
56. iskWizard UserGuide_V3 7_May2011 2011 Risk Wizard Pty Ltd User Guide v2 1 Page 13 58 Risk Wizard User Guide v3 7 Duplicate Select the Duplicate icon documents in the third column of the register to take you to the New record screen Delete Check the boxes in the first column of the register for the records requiring deletion Select the Delete button All checked records are deleted from the register View There are two register views Simple default and Detailed Simple view display high level overview of records 8 12 data items displayed as well as all drill down record links All record links perspectives risks controls obligations incidents actions attachments notes are displayed to the right of the Simple view in all registers These links provide e Count of the number of related linked records e Drill down to the relevant register of records by direct mouse click of the link number e Tool tip pop up window o showing the number and name of the linked record s o providing drill down to the input window for the linked record s BEANE f Welcome xAdmin Help Change password Sign out iw I gt wW i A nn O m Risk Compliance Incident Strategy Dashboards Reports Setup Home Risks Controls Actions Contacts Reports Calendar Risk register Create Delete QView ka Chart Matrix Reports g Expot Y Filter amp Refresh Mode Open v ment status R
57. izard Pty Ltd User Guide v2 1 Page 45 58 Risk Wizard User Guide v3 7 Comment Free text Comments on the incident Created Date the Incident was created Created by Name of person who created the Incident Last modified Date the Incident was last modified Last modified by Name of person who last modified the Incident Entry vaio sella of record creation Register normal system creation method or nterprise creation via Enterprise Incident Recorder Linked risks List of Risk record numbers that are linked to the Incident Linked controls List of Control record numbers that are linked to the Incident Linked obligations List of Obligation record numbers that are linked to the Incident Permissions List of Permission tags associated with the record 9 Strategy STRATEGY enables you to build strategic information that can be linked to other information in the system This linked information feature allows the user to quickly and easily build robust data relationships and thus create a more meaningful strategic framework The strategic framework is built up by creating what we call Perspectives For example you might create a perspective called sales expansion strategy After this you might review the risk register and determine that various sales and marketing risks could affect the sales expansion strategy To establish a relationship the data records must be linked together Once linked the linked infor
58. l non financial risk estimation for the Managed Division Division risk level Calculated field This is the Residual Risk level non financial risk estimation for the Residual Division Single pick list This is the financial exposure category for the risk for example Financial exposure a Assets Liabilities Costs Revenue Exposure E Calculated field This is the Absolute Exposure Financial risk estimation for the Absolute Entity for example 100 000 Exposure E Calculated field This is the Managed Exposure Financial risk estimation for the Managed Entity for example 80 000 Exposure E Calculated field This is the Residual Exposure Financial risk estimation for the Residual Entity for example 50 000 Probability P Calculated field This is the Absolute Probability Financial risk estimation for the Absolute Entity for example 75 Probability P Calculated field This is the Managed Probability Financial risk estimation for the Managed Entity for example 50 Probability P Calculated field This is the Residual Probability Financial risk estimation for the Residual Entity for example 10 Financial risk E x P Calculated field This is the Absolute Financial risk Financial risk estimation for the Absolute Entity for example 75 000 100 000 x 75 Financial risk E x P Calculated field This is the Managed Financial risk Financial risk estimation for the RiskWizard_UserGuide_V
59. l be all those which have been linked to the selected control record e Data field filters almost every field input into a record will appear as a filter option in the respective register filter You can filter on more than one filter item at the same time There is no limit on the number of concurrent filters e Creation modification filters filter records by date created by modified by and their respective date ranges RiskWizard UserGuide_V3 7_May2011 2011 Risk Wizard Pty Ltd User Guide v2 1 Page 19 58 Risk Wizard User Guide v3 7 Refresh The Refresh button allows the user to refresh the register at any time This means the register returns to the default view or state For example no filters or column groupings or row selections are retained The system default is to display all records with a Mode default e g Open Mode The Mode function enables you to filter the view of the entire register for example you might want to filter the register to view only Closed or only Library records The system default setting e g Open can be edited if required through the System setup gt Pick list editor gt Module Common gt Pick list Mode If the default name is edited for example to Current then that automatically becomes the new default Mode filter Welcome xAdmin Help Change password Sign out RELIANCE Risk Compliance Incident Strategy Dashboards Reports Setup Ho
60. le for Each cost counted once for aggregation purposes responsible for Each cost counted once for aggregation purposes Aggregated controls EE Effectiveness Average effectiveness of controls responsible for where effectiveness field completed completed completed completed eee Charts Perspective risk tolerability Pie chart of perspectives responsible for grouped according to risk tolerability Scatter diagram of risks responsible for grouped according to risk Risk level distribution and comparison to appetite level Grouped risks are compared to the risk appetite risk level for the Company Risks above appetite are shown in red Financial exposure Pie chart of risks responsible for grouped according to financial exposure RiskWizard UserGuide_V3 7_May2011 2011 Risk Wizard Pty Ltd User Guide v2 1 Page 26 58 Risk Wizard User Guide v3 7 5 Common record level functionality Each record in the system has a common set of tabs Link Attach Note Actions Change log providing a complete range of information for the relevant record 5 1 Link The Link tab enables a record to be linked to other records A link reflects a relationship with other records from other registers For example a risk can be linked to three controls which are used to manage the risk The link is visible from the risk register as it shows the three controls used to manage the risk Each of the respective controls will als
61. links Informative Very simple and familiar navigation for Users to charts Active filters locate the information or function they are looking for Single input screens Functional registers RELIANCE Welcome xAdmin Help Change password Sian out IN Welcome xAdmin tielp Change password Sian out Calender e Avew on Depr F Fiter lt Retesh No Control Effectiveness 1 Emergency evacuation diis end tstaidtraining J Level 1 Key control c on B Cortrci nas never tated risk emetoyes retention criticety low Armed security guards petrol premises E Level 1 Key cortrot hel Control has tabod Occasionally Arti vrus tor V ndow s Workstations B Levelt Key cortrot e I Cortrci has talad occasionaity rea Human Resources auction traning tor al statiAistors Ez Level 1 Key cortro ES Control hss never faled v Danie Drake 5 Business cortinuly plane BCP in place Level 1 Key cortrot 1O exht orrd iz Corio has never felled on Increasing risk PR company employed on retainer basis Ss Level 3 Backup control 2 p Cortrol has toed occasionally Seyregation of duties enforced tor Finance D Level 2 Surgiementary HH Cortrci nas never tated personnel contrat 2 Suppienert Tender procedures and guidelines in pisos B Loves S B Covtrci ress toded onen 9 Goods received are checked for quality Be Levelt Key cortrot Hi Coverci has tolod onen 1 rtelectusi Property Regster martaned a Level 1 Key cortrol ppan
62. ls responsible for Obligations Compliance obligations responsible for Tasks Task s related to a particular Compliance obligation s they are responsible for Incidents responsible for Actions responsible for Incidents HActions Top 20 risks responsible for according to risk level Sum total of exposure amount for top 20 risks responsible for where exposure field completed Sum total of financial risk amount for top 20 risks responsible for here financial risk field completed Sum total of risks responsible for where exposure field completed Sum total of risks responsible for where total financial risk field completed Risks responsible for where the risk level is greater than the Corporate risk level appetite Top 20 risks by risk level Top 20 risks by exposure Top 20 risks by financial risk Total exposure Total financial risk Risks above risk level appetite Perspectives responsible for where created date falls within selected New perspectives period New risks Risks responsible for where created date falls within selected period Controls responsible for where created date falls within selected New controls l period E Obligations responsible for where created date falls within selected New obligations l period New tasks Tasks responsible for where created date falls within selected period Incidents responsible for where created date falls within selected New incidents period Incidents respo
63. ls where due date falls within selected period Controls responsible for where due date falls within selected period Compliance tasks responsible for where due date falls within selected period Action responsible for where due date falls within selected period Risks responsible for with linked controls where due date is greater than today s date and completed date is blank Controls responsible for where due date is greater than today s date and completed date is blank Compliance tasks responsible for where due date is greater than today s date and result date is blank Action responsible for where due date is greater than today s date and closed date is blank Risk responsible for which has a linked action with a due date greater than today s date and its closed date is blank Control responsible for which has a linked action with a due date greater than today s date and its closed date is blank Obligation responsible for which has a linked action with a due date greater than today s date and its closed date is blank Incident responsible for which has a linked action with a due date greater than today s date and its closed date is blank Average effectiveness of controls responsible for where effectiveness field completed Sum total of controls responsible for where establishment cost field completed Sum total of controls responsible for where ongoing cost field completed Sum total of controls responsible for where cost to
64. ly but no response yet t 7 06 2011 t E Below expected level benchmark v Non compliance outcome J Loss of licence v Reason for non compliance Thier legal time not responding in timely manner ance Required action when non compliant tion Contact our legal advisors for action r Action taken Contact LA Law Awaiting response Responsibility Locke Lewis v 6 06 2011 3 N tify f J Task start reminder 2 zi Y First 3 i w Ff 20 g v Second Owne Y Manage Y Performer B 7 g V Third V Owner v Manager V Performer W e 2 a Save Save andcreate Duplicate Reset Expand all Collapse all Risk Wizard Pty Ltd 2009 2011 riskwazard com RELIANCE v3 7 10511 0 RiskWizard UserGuide_V3 7_May2011 2011 Risk Wizard Pty Ltd User Guide v2 1 Page 40 58 Risk Wizard User Guide v3 7 Table 6 Compliance task register tield definitions N Automatically generated in sequential order This is the unique Task record O number Deleted record numbers are not re used Free text Description of the time based obligation When a task is created in Task the obligation screen this field is the same as the Obligation This amount is copied from the Obligation name field but can be edited in the Task form Task ref Free text Any type of reference code which may be used to identify a task Task owner Mult pick list Person s who is responsible for the Task Default will be the same as the Obligat
65. m a wider combination of Module and other filters Each module has a set of filters that can be applied as a set or individually making it a very useful tool for tracking actual and planned activity Filter options include RELIANCE Welcome xAdmin Help Change password Sign out TISK WIZARD Risk Compliance Incident Strategy Dashboards Reports Setup Home Risks Controls Actions Contacts Reports Calendar Calendar filter D Planned start date F Start date F Due date B Completion date 4b Today 03 January 2010 Day Sunday Monday Tuesday Wednesday Thursday Friday Saturday 27 28 29 30 31 01 Jan 2 s pRcompary 3 4 5 6 8 9 7 Seareg Control L gt Name 7 Segregation of duties enforced for Finance personnel 10 11 le Responsibility Alice Adlam i Effectiveness Level 2 Supplementary control Pre existed since 17 18 19 Planned start 1101 2010 23 Start 1 01 2010 Due 1 01 2010 OY ie Oa de ok hee CO Te a a A ee re A en ee ee ee RiskWizard UserGuide_V3 7_May2011 2011 Risk Wizard Pty Ltd User Guide v2 1 Page 57 58 Risk Wizard User Guide v3 7 Module Risk Perspective Control Obligation and task Incident Action Mode Responsibility Filter Created date Risk tolerance approved date Risk tolerance reviewed date Planned start date Start date Due date Completed date Obligation approved date Task date Task result date Incident date Created date S
66. mation can be analysed through dashboards reports and registers RELIANCE Welcome xAdmin Help Change password Sign out Risk Compliance Incident Strategy Dashboards Reports Setup Home Perspectives Contacts Reports Calendar Perspective Attach Note Change log Expand all Collapse all Perspective f Project Competitor buy out Description Major competitor has signalled it wishes to sell a majority shareholding risk assessments and due diligence activity are top priority Responsible area CEQ Responsibility Aidan Acer a Classification Project v Category Project A v Mode Open x b Aggregated risk tolerance Comment Merchant banking team have been hired to advise on this project Last modified xAdmin 10 02 2010 3 53 19 PM Expand all Collapse a RiskWizard_ UserGuide_V3 7_May201 1 2011 Risk Wizard Pty Ltd User Guide v2 1 Page 46 58 Risk Wizard User Guide v3 7 9 1 Perspectives The strategic framework is built up by creating what we call Perspectives and these can simply be anything you want them to be For example you could have one perspective for sales strategy a second perspective for a tactical objective another for a special project etc Perspectives become more powerful whenever you link them to other information Once linked the linked information can be analysed through dashboards reports and registers 9 1 1 Perspective register T
67. me Risks Controls Actions Contacts Reports Calendar Risk register Sde Open Show all ig Create fe Delete A view wh Chart Matrix 2 Reports Export Y Fitter Q Refresh F Ho Risk Classification Risk rating Tolerance Ol A A 1 Employee retention critically low Increasing risk WB Extreme risk Risk treatment required J Riskjtreatment p Archive WM Pe 2 Fraud by employee Emerging risk WB Extreme risk Risk treatment required Risk treatment i iatis es O 2 A 3 Computer hacking Increasing risk BE High risk Risk accepted ci a futher risk Enterprise W neece Recorder entry pret Cl A EA 4 Strike by workforce Stable risk Fi High risk To be determined e Risk tree go 2 5 Capital investment inadequate Diminishing risk BB High risk Risk accepted BB Risk treatme RiskWizard UserGuide_V3 7_May2011 2011 Risk Wizard Pty Ltd User Guide v2 1 Page 20 58 Risk Wizard User Guide v3 7 4 3 Dashboards Dashboards allow at a glance visualization of your business health and performance They allow you to quickly focus on what is going on and enable you to go directly to the underlying detail with a mouse click Information is presented in a colorful and user friendly way and focuses clearly on the important information Each dashboard provides different tables of information complemented by colorful charts Active links and charts enable the user to quickly and easily drill down into the database with one cl
68. nfirm password In the pop up display window the user must enter the current password then enter and confirm the new password J a Password attributes include e Minimum 6 characters including leading and trailing spaces 9 length unless otherwise setup during software installation e Maximum 12 characters including leading and trailing spaces e Case sensitive e Cannot be blank The password change effect will take place once the current session is ended after which you will be required to enter the new password in the Login screen to gain access to the system RiskWizard UserGuide_V3 7_May2011 2011 Risk Wizard Pty Ltd User Guide v2 1 Page 9 58 Risk Wizard User Guide v3 7 3 Main menu RELIANCE Welcome xAdmin Help Change password Sign out Risk Compliance Incident Strategy Dashboards Reports Setup Home Quick start Resources Bulletin 3 1 Home HOME is the gateway to immediate access links to e Quick start links to all aspects of the system Create and View records Dashboard analysis and filtering Charts to print or export Reports to print or export Calendar of events e Resources a register of important and relevant risk compliance audit and control related files and links relevant to RELIANCE users All users can access and attach any resource material e Bulletin a register of notices which can be shared with other RELIANCE users Bulletin listin
69. ng blocks include the following 1 Dashboard analyse risk and related information full drill down 2 Input a Data input data information b Link create relationship between strategies risks compliance obligations and controls Attachment attach files URL or file Path to records Note record notes Actions create tasks activities Change log displays record changes Record level permission determines security privileges for the record 3 Register register of strategies risks compliance obligations compliance tasks incidents controls and actions export chart 4 Chart column and pie charts for each register strategy risk compliance incident and control 5 Report range of filterable and exportable reports 6 Calendar filterable event calendar with drill down a O9 20 RiskWizard UserGuide_V3 7_May2011 2011 Risk Wizard Pty Ltd User Guide v2 1 Page 5 58 Risk Wizard User Guide v3 7 1 2 Relationship between Strategy perspectives Risk Compliance Incident Controls and Actions Perspectives Strategy Actions Actions Actions Actions Risk Obligations Incidents Controls Key to diagram 1 Strategy has a linked relationship with both Risks and Compliance obligations Links can be established both ways between the objects e g a risk can be linked to one or more perspective s from the risk record and vice versa With strategic reporting this enables a parent child report to be
70. note that the Contact is unable to change the record level security access permissions This is the default permission tag recorded automatically against each record created by the user Single pick list Examples of Contact types are employee consultant and auditor Free text A valid email address is required so that automatic notifications can be sent to Contacts Enabled Role Permissions disabled Default permission Contact type Email address Phone number Free text Mobile number Free text Fax number Free text Single pick list Examples of Company names are the employer s name Suppliers and customers Single pick list Examples of Position titles are Director General Manager Company Position Title Supervisor Mailing street Free text Mailing P O box Free text Mailing city Free text Mailing state province Free text Mailing zip postal code Free text Mailing country Free text Other street Free text Other P O box Free text Other city Free text Other state province Free text Other zip postal code Free text Other country Free text Created Date that the Contact was created Created by Name of person who created the Contact Last modified Date that the Contact was last modified Last modified by Name of person who last modified the Contact Perspectives responsible List of Perspective record numbers where the Contact Is listed in the for Responsibility field Risks responsible for List of Risk record numbers wh
71. nsible for where created date falls within selected New actions period Controls responsible for where completion date falls within selected Controls completed period Compliance tasks responsible for where completion date falls within selected period Tasks not compliant Compliance tasks responsible for were not compliant and completion Tasks completed RiskWizard_UserGuide_V3 7 _May2011 2011 Risk Wizard Pty Ltd User Guide v2 1 Page 22 58 Risk Wizard User Guide v3 7 HActions closed Risks with control due Controls due Tasks due fActions due Risks with overdue controls Overdue controls Overdue tasks Overdue actions Risk with overdue actions Control with overdue actions Obligation with overdue actions Incident with overdue actions Effectiveness Establishment cost Ongoing cost Cost to date Incomplete Item Risk with no owner Risks with no controls Risks with no risk level Risks with no exposure Risks with no financial risk Risks with no responsibility Risks with no responsible area Obligations not approved Tasks with no task date Actions with no responsible area Actions with no manager Actions with no due date Actions not assigned Actions closed not reviewed RiskWizard_ UserGuide_V3 7_May2011 2011 Risk Wizard Pty Ltd date falls within selected period Actions responsible for where closed date falls within selected period Risks responsible for with linked contro
72. nt Single pick list Incident title or name Section which only appears on the incident form when the Risk Wizard Questionnaire section header system administrator has entered question responses for the particular type of incident Unique question number which used to identify each question or instruction Q1 l me to be completed when entering the incident Description Explanation of the question instruction PecHonee Range of options which user chooses from to best answer the question or p to complete the instruction Appl To enter the question response into the database you must select the pp y lt Apply gt button Reset Select the lt Reset gt button to remove your responses subsequent to the lt Reset gt button selected Date time Date and time field Date time when incident occurred Status Single pick list Status of incident in relation to its management Type Single pick list Type of incident that occurred Severity Single pick list Measure of how severe the incident is Consequences Multi pick list List of different consequences resulting from incident l Number field Financial cost or value associated with incident Financial Financial cost cost includes two decimal places Lost time days Number field Number of work days lost as a result of incident Responsible area Multi pick list Business unit s responsible for incident management Description Free text Description of incident
73. o show the risk record link Linked records can be edited directly from the linked grid This applies to existing linked records or to new records created in the linked grid Perspective linked to Risk Obligations Incident Perspective links to Risk and Obligations Risk links to Perspective Risk Obligations Incident and Control Obligation links to Perspective Risk Incident and Control Incident links to Perspective Risk Obligations and Control Control links to Risk Obligations Incident 7 f Welcome xAdmin Help Change passwor d Sign out L JN wits amp aa WIzaRno incident rts Home s eports alendar D Link view Epot amp Refresh Mode Open v o Control Effectiveness Status Failure rating Performance Responsible area Linked risk Riuction training for all staffisitors E 3 Fair __ Pre existing control HE Control has never failed J Controitested Pass Human Resources 1 2 11 5 Bubiness continuity plans BCP in place I 3 Fair __ Pre existing control HB Control has never failed J Controltested Pass Human Resources 11 16 Nef conrol in the register Not Planned Scheduled 11 Edit linked record from linked grid Linked obligations Linked incidents 5 2 Attach Every record can have unlimited attachments Attachments can be files URL addresses or Paths to a file record RiskWizard_UserGuide_V3 7 __May2011 2011 Risk Wizard Pty Ltd User Guide v2 1 Page 27 58 Risk Wizard U
74. o the organisation Single pick list Expected result if the compliance Non compliance outcome D responsibility commitment is not achieved RiskWizard_ UserGuide_V3 7_May2011 2011 Risk Wizard Pty Ltd User Guide v2 1 Page 37 58 Risk Wizard User Guide v3 7 Financial amount Cost to business if compliance obligation is not Non compliance cost met achieved Free text Explanation of any factors events or circumstances which should be considered as part of the process of achieving the obligation Task defaults Financial amount Amount which is associated payable within each Task amount payable ak Required action when non compliant 7 Person responsible for completing the pre defined Required action Responsibility salt aa when the task is recorded as being non compliant Action activity process to be performed when the task is recorded as Required action an caper being non compliant Use this section if you need to set up a fixed finite number of tasks For example 6 monthly tasks instances of the obligation which has to be met completed Schedule new tasks Click this option box to open up the non recurring scheduler Task date start Date on from which you require the tasks to begin Predin Pre defined set of frequencies a task can be set to be created e g q y daily weekly monthly etc New tasks Number of tasks to be created Use this section if you need to set up an on going numbe
75. of pre existence Planned start Date field Select or enter the Planned start date for the control implementation Start Date field Select or enter the actual Start date for the control implementation Due Date field Select or enter the due date for completion of the control implementation Completion Date field Select or enter the Completion date for the control implementation Establishment cost Monetary field Enter the cost to establish the control Ongoing cost Monetary field Enter the ongoing cost for the control Cost to date Monetary field Enter the overall cost incurred to date for the control Costs benefits Free text This is the costs benefits of the control implementation Comments Free text Created Date that the Control was created Created by Name of person who created the Control Last modified Date that the Control was last modified Last modified by Name of person who last modified the Control Permissions List of Permission tags associated with the record RiskWizard_ UserGuide_V3 7_May2011 2011 Risk Wizard Pty Ltd User Guide v2 1 Page 50 58 Risk Wizard User Guide v3 7 11 Actions ACTION is a great tool for involving people in the process of managing risk or assisting with the achievement of compliance obligations It is simple to use quick to setup and best of all the people you involve in the process don t have to be users of the system Recipients of Action workflow notificat
76. onsequences of the risk for example what consequences impact loss injury or system failure might happen if the event occurred Comment Free text Impacted objectives iii Calculated field This is the Absolute Risk rating label resulting from the combination of Likelihood and Consequences via the risk matrix non financial risk estimation for the Entity Calculated field This is the Managed Risk rating label resulting from the combination of Likelihood and Consequences via the risk matrix non financial risk estimation for the Entity Calculated field This is the Residual Risk rating label resulting from the combination of Likelihood and Consequences via the risk matrix non financial risk Entity risk rating Absolute Entity risk rating Managed Entity risk rating Resin estimation for the Entity Entity risk level Calculated field This is the Absolute Risk level non financial risk estimation for the Absolute Entity Entity risk level Calculated field This is the Managed Risk level non financial risk estimation for the Managed Entity Entity risk level Calculated field This is the Residual Risk level non financial risk estimation for the Residual Entity Division risk level Calculated field This is the Absolute Risk level non financial risk estimation for the Absolute Division Division risk level Calculated field This is the Managed Risk leve
77. port Export data id Save matrix Criteria Q Refresh Consequence Insignificant Minor Moderate Major Catastrophic Matrix display werent Risk rating Current estimation Matrix type Entity Mode Total risks 17 Almost certain Risk rating Absolute Managed Residua Current A estimation Likely E H xire e EC High r 1 Possible Ll WH ve Unlikely A Low Rar Ho Risk Responsible area Risk level EEEE Tolerance Absolute Managed Residual 1 Employee retention critically low Human Resources 22 00 MBM Extreme risk Risk treatment required J Extreme risk J Extreme risk 2 Fraud by employee Human Resources 21 00 Extreme risk Risk treatment required Extreme risk Extreme risk CEO 3 Computer hacking ee one 19 00 DB High risk Risk accepted WM Extreme risk High risk gt gt Networking 4 Strike by workforce Human Resources 19 00 DB High risk To be determined WP Extreme risk High risk 5 Capital investment inadequate CEO Finance 14 00 DB High risk Risk accepted DP High risk DB High risk 7 Software virus TUA eA AMY Reo ehh RAO Ae man oA EAN Am snap eran aN Men ie ane Mond aD eA Mme AADS tented oA auf done mead Biter MR amea Pitan eR Ma Ata aAa A Mee Munn aada Panta aa h a Aia Mamta e AM Ama NN Aan LD anG A ada Aa Aenta Ale Ma ame aah amp RiskWizard UserGuide_V3 7_May2011 2011 Risk Wizard Pty Ltd User Guide v2 1 Page 16 58 Risk Wizard User Guide v3 7 Reports Risk only The Reports button displays the menu of risk reports a
78. r could record the actual instances of fraud These records can be easily linked together to provide the user with a higher degree of business intelligence The user can interpret the situation with better information and act on this for example implement better fraud controls since there have been too many incidents recorded to date The Questionnaire section of the incident form enables tailored information capture for each particular incident type The response to each of the tailored questions items can lead to a tailored set of options and subsequent questions Selecting the appropriate response for each question then applying you response takes you down a very specific information gathering path in order to provide the maximum amount of information need to appropriately manage the incident Incident workflow notifications new incident incident manager change incident mode change have hyperlinks to the Enterprise Update Screen and provide a high level of engagement to the persons involved in managing the incident Licenced users can control Enterprise User access to the incident records using the enterprise permissions lock right of the Change log tab in the incident form Enterprise user default permissions are read write The Enterprise permissions lock can provide disable edit view only or disable view cannot view edit incident RiskWizard UserGuide_V3 7_May2011 2011 Risk Wizard Pty Ltd User Guide v
79. r of tasks or there is a pre defined date on which meeting the obligation task generation stops For example a monthly task instances of the obligation which has to be met completed which is performed indefinitely Schedule new tasks Click this option box to open up the recurring scheduler Task date start Date on from which you require the tasks to begin Task date end Date from which the obligation s tasks no longer need to be created Freauene Pre defined set of frequencies a task can be set to be created e g q y daily weekly monthly etc The number of advanced tasks you would like the scheduler to automatically create As each task period passes the system will automatically create another task to ensure the number of advanced dated tasks meet the number specified Dependencies Task scheduler non recurring Task scheduler recurring New tasks scheduled in advance Task start reminder Tick box First workflow reminder for the Task due date Selecting the First tick box will initiate the First workflow alert for selected recipients Owner Manager Performer or Others Selections made in the Obligations section will automatically be mapped into any Tasks which are created Tick box Second workflow reminder for the Task due date Selecting the Second tick box will initiate the Second workflow alert for selected recipients Owner Manager Performer or Others
80. record which the action is associated sinkeaitem with It could be a risk compliance obligation strategy or a control Created Date that the Action was created Created by Name of person who created the Action Last modified Date that the Action was last modified Last modified by Name of person who last modified the Action RiskWizard_UserGuide_V3 7 __May2011 2011 Risk Wizard Pty Ltd User Guide v2 1 Page 53 58 Risk Wizard User Guide v3 7 12Contacts Contacts can be accessed via the product sub menus The contact registry is a repository for system users and other people who might be involved with the whole process Example contacts include employees contractors suppliers customers consultants auditors Contact details inform you whether that person is a system user their role based system access permission plus personal details such as email address and phone number The Contact module can be accessed from all products provided the user has access permissions Note Only the Administrator can create and manage users access permissions The register not only provides a window to the data but also acts as an instrument panel allowing the user to quickly access a range of features and functions RELIANCE Welcome xAdmin Help Change password Sign out WIZARD Risk Compliance Incident Strategy Dashboards Reports Setup Home System setup Risk setup Back to register
81. regate all financial duties 13 Segregate all financial duties ate t y 14 Retain private investigator 11 Rotate rosters 12 Instruct all employees to use up annual leave xAdmin xAdmin 13 Segregate all financial duties 11 Rotate rosters 12 Instruct all F 9 02 2010 4 06 PM Linked actions employees to use up annual leave F 9 02 2010 4 02PM Linked actions 11 Rotate rosters WU S eat heria e AEA oE xAdmin xAdmin employees to use up annual leave Figure 1 Sample Change Log more comprehensive and informative Note The default date range for the change log can be set in System Setup gt Default settings gt Register defaults gt Display settings RiskWizard UserGuide_V3 7_May2011 2011 Risk Wizard Pty Ltd User Guide v2 1 Page 30 58 Risk Wizard User Guide v3 7 6 Risk RISK is a powerful risk management information system Used properly the Risk product enables you to quickly and easily build and manage an integrated risk and control portfolio that delivers an array of decision making information The product menu includes Risks Controls Contacts Reports and Calendar The principal menu items are Risks and Controls Accessing these provides you with highly functional risk and control registers that provide a window to your core information From here you can create edit duplicate delete view chart export filter and refresh your data RELIANCE Welcome xAdmin Help Change password Sign out Cs isk
82. rising at specified time intervals Recurring yes no Single pick list When setting up a time based obligation frequency is the regularity of the obligation arising E g weekly monthly Frequency annually Obligation start Date field Date on which the first obligation is due to be achieved Created Date the Obligation was created Created by Name of person who created the Obligation Last modified Date the Obligation was last modified Last modified by Name of person who last modified the Obligation Linked perspectives List of Perspective record numbers that are linked to the Obligation Linked controls List of Control record numbers that are linked to the Obligation Linked risks List of Risk record numbers that are linked to the Obligation Linked tasks List of Control record numbers that are linked to the Obligation l ae List of Compliance obligation record numbers that are linked to the Linked incidents Risk Permissions List of Permission tags associated with the record RiskWizard UserGuide_V3 7_May2011 2011 Risk Wizard Pty Ltd User Guide v2 1 Page 39 58 Risk Wizard User Guide v3 7 7 2 Tasks A task is a record for recording the execution of an obligation for a particular time period An obligation may have many tasks associated with it Each task is a self contained record accessible to users via the Task tab within the obligation record or to non users via the Enterprise Task scre
83. s Free text Created Date thatthe Perspective was created a ti tststs si lt lt itswsS Created by Name of person who created the Perspective Last modified Date thatthe Perspective was last modified Last modified by Name of person who last modified the Perspective 8 Linked risks List of Risk record numbers that are linked to the Perspective Permissions List of Permission tags associated withthe record a tits RiskWizard_UserGuide_V3 7 __May2011 2011 Risk Wizard Pty Ltd User Guide v2 1 Page 48 58 Risk Wizard User Guide v3 7 10Controls Controls provide a repository for control related information Control details inform you about key attributes e g control effectiveness the cost and timing of control implementation e g Completion date and what risks and compliance obligations the control is linked to The Controls module can be accessed from the Risk Compliance and or Incident modules provided the user has access permissions Controls are linked to risks compliance obligations and incidents via the Link tab The register not only provides a window to the data but also acts as an instrument panel allowing the user to quickly access a range of features and functions All Control data records are listed in the Control register See below The complete set of data columns fields in the Control register are explained here
84. ser Guide v3 7 ig Create bee Delete Name gt File JURL Path Record level attachments e File can be attached copied to the record There is no limit on how many files and can be attached There is no limit to the file types which can be attached to the record e URL browser address to your intranet or the internet can be saved as an active hyperlink to the attachment register There is no limit on how many URLs can be attached Note to make it an active hyperlink the address must begin with http e Path allows users to save links to documents saved on internal document management systems or other applications where an active hyperlink cannot be entered but the relevant path can be saved then copied to the users browser as required 5 3 Note Notes are a form of electronic diary associated with a particular record A note could be a record of a meeting conversation or outcomes from a system or process Notes provide a very effective log of events and activities which are going on with regard to the particular record Notes are easily exported and can be very useful for maintaining a running history A record has e unlimited number of note records e unlimited amount of text RELIANCE Welcome xAdmin Help Change password Sign out Dashboards Reports Setup Home Risk Compliance Incident Strategy Risks Controls Actions Contac
85. serted for new release RiskWizard UserGuide_V3 7_May2011 2011 Risk Wizard Pty Ltd User Guide v2 1 Page 3 58 Risk Wizard User Guide v3 7 Introduction Risk Wizard RELIANCE is a fully web based Governance Risk and Compliance system RELIANCE provides a wealth of information and analysis for supporting your organisation through better decision making and management of your organisation s strategic objectives risks compliance obligations and incidents User Guide The RELIANCE User Guide provides an overview of the Reliance system Risk Wizard maintains up to date copies of the RELIANCE User Guide in the Resources area of the RELIANCE on line help Further detailed information on any aspect of the RELIANCE system can be found at Risk Wizard s Web Help Risk Wizard Web Help Nttp reliance riskwizard com Help 1 Quick guide to system Easy navigation Interactive dashboards RELIANCE Welcome zAdmin ticio Change pasemos Sian nt RELIANCE Welcome xAdmin Help Change passwo iemsiiliiussseliisssiioies Risk Compliance Incident Strategy Reovoraaie oeo Liora Risks Controls Actions Contacts Reports Calendar Back to register 1 Employee retention critically low Risk Attach Note Actions Change log Three levels of navigation ll e Module a E n a pin P aan iD y p G ne pa aee Oe Oe Oe ee eee a e Menu e Tab Four dashboards Person Area Aggregation and Calendar Drill down
86. sk manager result non compliance outcome non compliance cost reason for non compliance action taken Perspective Fields Number name Linked risk fields Number name owner risk rating risk mode Linked control fields Number name responsibility failure rating control effectiveness status control mode RiskWizard_UserGuide_V3 7 __May2011 2011 Risk Wizard Pty Ltd User Guide v2 1 Page 56 58 Risk Wizard User Guide v3 7 14Calendar Calendar provides a marvelous view of everyone s activity through a familiar and user friendly outlook The Calendar is easy to navigate understand and you can quickly monitor what has happened as well as what is planned to happen through daily and monthly tab views The Calendar is simply a great tool for monitoring individual or group activity over time Each item in the Calendar represents a specific record for example a risk or control and has an active link that enables you to drill down into the record proper This superior navigation makes tracking and understanding the information quick and easy The Calendar can be accessed from the main menu tabs The calendar view will default to the product from which you made the selection For example if you are in the Risk product the default calendar view will be for risks To change the default view you simple select the Calendar filter button in the calendar This will expand the viewable area and enable you to choose fro
87. sources and can vary from regulations policies procedures contract requirements to social responsibilities etc The compliance system is used as a centralised register for these compliance obligations and through the use of workflow notifications and a range of tools and functions assists in the management reporting and analysis of those obligations Compliance has the full range of RELIANCE functions such as controls actions notes attachments reports and much more 3 2 0 Incident INCIDENT is an information and management system which helps to track incidents and other events Incidents may come from external or internal sources and can vary from injuries accidents complaints financial loss events network outages etc The Incident system is used as a centralised register for these items and through the use of workflow notifications and a range of tools and functions assists in the management reporting and analysis of those incidents 3 2 4 Strategy STRATEGY enables you to build strategic information that can be linked to other information in the system This linked information feature allows the user to quickly and easily build robust data relationships and thus create a more meaningful strategic framework The strategic framework is built up by creating what we call Perspectives For example you might create a perspective called sales expansion strategy After this you might review the risk register and determine that v
88. ste ZU i X z E48 E aij Merge amp Center 9 49 99 Conditional Format Cell Insert Delete Format Sot amp Find amp Sf Format Painter UEA A Ea F EF EH Merg 23 gt 20 Formatting as Table Styles 7 v v lt Clear Filter Select Clipboard E Font E Alignment E Number E Styles Cells Editing p No Risk Classification Risk rating Tolerance Treatment status Responsible area Aggregated control effectiveness 1 Employee retention critically low Increasing risk Extreme risk Risk treatment required Risk treatment planned Human Resources 2 Fraud by employee Emerging risk Extreme risk Risk treatment required treatment orosress Human Resources CEO B Computer hacking Increasing risk High risk Risk accepted No further risk treatment needed Information Technology gt gt Networking 4 Strike by workforce Stable risk High risk To be determined Risk treatment under review Human Resources 5 l 4 C B c D z G H 1 2 t 3 4 5 6 Capital investment inadequate Diminishing risk High risk Risk accepted Risk treatment completed CEO Finance 77 ware virus ate s r arasat ai MUNNU 00 F a PP Y i ere any NT T E A a ap at E oan N aaao E N ate sprint ll Pm gA Naga Export register information directly into Microsoft Excel Word RiskWizard UserGuide_V3 7_May2011 2011 Risk Wizard Pty Ltd User Guide v2 1 Page 18 58 Risk Wizard User Guide v3 7 Filter all regist
89. t strategies are Avoid risk Retain residual No Control evaluation treatment required Single pick list This is the estimated time horizon for the risk for example short term Treatment strategy a long term and indefinite Status report Free text This reports the status of the risk controls and risk treatment Status report date Date field Select or enter date of Status report Carear Multi pick list This categorises the risk for example internal risk divisional risk gory subject to audit review RiskWizard_UserGuide_V3 7 __May2011 2011 Risk Wizard Pty Ltd User Guide v2 1 Page 32 58 Risk Wizard User Guide v3 7 Multi pick list This identifies the source s of risk for example human error natural event the economy Source of risk Single pick list This is the estimated time horizon for the risk for example short term long term and indefinite Time horizon Multi pick list These are the potential objectives impacted by the risk event for example profitability people and environment Impacted areas Multi pick list These are the potential objectives impacted by the risk event for example Maintain safe work environment Sustain shareholder value Risk sources and Free text This details the sources and causes of the risk for example what scenario Causes Situation or hazard could happen that might cause the risk to occur Potential Free text This details the potential c
90. tart date Due date Review date Close date Select Mode Select Contact After the required data filter above is in place you can click the calendar icon and select a given day from the popup menu then click the Apply button to run the filter set The results can be viewed on a 7 day view Day tab or month view Month tab ltems appearing on the Calendar are color coded for easier reference and interpretation If you mouse over any items a tool tip will automatically display containing summary information If you require more detail on that item then simply click the Edit icon pen and you will be immediately re directed to the Edit screen To return you simply click the Back to Calendar link on the Edit screen or the Browser Back button RiskWizard UserGuide_V3 7_May2011 2011 Risk Wizard Pty Ltd User Guide v2 1 Page 58 58
91. ts Reports Calendar Pi Back to register 1 Employee retention critically low j Risk Link Attach Actions Change log 4 r Risk Notes b l8 Create jg Delete T Export f Title Type Description Created Created by Last modified Y Last modified by Fi gt i General Industry turnover sits at average of 8 Our i A P Industry retention rates comparison conmment company average is very high at over 25 9 02 2010 xAdmin xAdmin 9 02 2010 xAdmin xAdmin a IT T ea a ee a a D ee a I Te aT a aa N Pt get CT RiskWizard UserGuide_V3 7_May2011 2011 Risk Wizard Pty Ltd User Guide v2 1 Page 28 58 Risk Wizard User Guide v3 7 5 4 Actions Actions activities or tasks which can be assigned and communicated to any person s in the contact register Actions can be associated with any record Actions generate email notifications that go the person s identified as implementing the action assigned to or as being informed of the action notify Action email notifications have hyperlinks allowing the recipient to access the action form on line Actions are an excellent tool for assigning responsibility to colleagues for undertaking work in relation to arecord Actions have a full change log which provides a high level of auditability for all concerned Other important aspects of actions e actions have attachments and notes no limit to the number of actions associated with a record dashboards show many actions items
92. ts etc RiskWizard UserGuide_V3 7_May2011 2011 Risk Wizard Pty Ltd User Guide v2 1 Page 35 58 Risk Wizard User Guide v3 7 Sample Compliance obliga tion screen WIiIZAAD I tisk Compliance cident Tasks Obligati Welcome xAdmin Help Change password Sign out Strategy Controls Actions Contacts Reports Back to register 2 Lease renewal Sydney Office 1 Martin Place Task Link Attach Note Obligation Calendar Actions Change log Save fi Save and create J Duplicate Obligation Obligation ref Responsible area Obligation owner Obligation manager Performed by Classification Mode Reference Authority name Regulation External reference Internal reference Requirements General requirement Attributes Importance Control evaluation Non compliance risk Non compliance outcome Non compliance cost Task defaults Task mount payable Reset Expand all Collapse all Lease renewal Sydney Office 1 Martin Place Administration Olma Ottens Bridie Biere Daniel Drake Please select Open Internal policy Contract Law Lease SYD041 Review lease and renew in accordance with direction from CEO and National Property Manager MB High E Adequate controls HE Low risk HEB Loss of licence 1 800 000 00 Required action when non compliant Responsibility Task start reminder First 7 Second
93. vailable This is a fixed format report type that represents the records that have been filtered in the register Output formats include PDF Excel and Word e Risk rating report risk records with risk ratings e Risk changes detailed changes for a risk for a given period of time Highlights changes to each and every field for a Risk record Report index provides overview of risks with without changes e Risk rating changes detailed Shows every change in Risk Rating for a given period of time Highlights risk rating trends over time or between selected dates e Risk rating changes summary Shows change in Risk Rating from one period to another for selected risks e Risk control action report Shows risk s and their linked control s and actions that are linked to the controls in a hierarchical format Risk control action export Exports the Risk Control action report directly into excel including some additional action information for performance analysis Risk register reporting options Each new risk register report provide a range of report building options Simply pick the items you want included in the report Most reports provide e date range options to run the report for e choice to run the report for all records in the register or selected records e Export report to PDF or Microsoft Word 5 Risk rating changes Summary report E From 24 09 2010 EFI E 24109 2010 Select report items EN
94. ve above total financial risk Perspectives responsible for where the sum total of financial risks for linked risks is greater than the aggregated risk tolerance Total financial risk for the perspective s Aggregated risk level Risk appetite Risk appetite risk level for the Company Perspective above appetite Perspectives responsible for where the average risk level for linked Perspectives responsible for where average risk level for linked risks is gt aggregated risk tolerance Risk level for perspective s Perspective above total Perspectives responsible for where the average risk level for linked exposure risks is greater than the aggregated risk tolerance Risk level for the perspective s risks is gt the risk appetite risk level for the Company risk level for the Company Risk appetite Total exposure Sum total of exposure for risks responsible for where exposure field completed Aggregated financial risk Risk appetite Risk appetite total financial risk for the Company Total financial risk Sum total of financial risk for risks responsible for where financial risk field completed Effectiveness Average aggregated control effectiveness of risks responsible for where Aggregated control effectiveness field is completed in Risk register Establishment cost Sum total of control establishment cost for controls that are linked to risks responsible for Each cost counted once for aggregation purposes responsib
Download Pdf Manuals
Related Search