Talk about the agenda in terms of why risk governance is needed, through an overview of Line Xero and its capabilities and finally onto XeroRisk itself. We will look briefly at the product roadmap which is provided at least bi-annually to the customers for input and priorities.
Background to risk management. Increasing use of regulatory, legal and litigation pressures has forced the risk governance agenda. It’s nothing new but the visibility has increased…
Talk about project management and financial risk governance as being the typical scenarios. Solutions that supported these areas are either extremely complex & specialist or are built into project management toolsets – e.g. Primavera Corporate & business risks are not widely catered for. Prior to implementation in UU there were 3 “other” risk systems (H&S, Display Screen Equipment, Leakage) plus a plethora of spreadsheets to manage project risks.
Cash positive company – No debts, loans etc Capability in application development, support and application hosting services
Development team – 3, Support team – 5 + partners
Risk Taker Product Presentation V1.0 7th January 2008
RiskTaker : Business Risk ManagementEnterprising risk management for teams and SME’s
Why manage risks ?“A companys objectives, its internal organisation and the environment in which it operates are continually evolving and as a result, the risks it faces are continually changing. A sound system of internal control therefore depends on a thorough and regular evaluation of the nature and extent of the risks to which the company is exposed. Since profits are, in part, the reward for successful risk-taking in business, the purpose of internal control is to help manage and control risk appropriately rather than to eliminate it.”“The guidance is based on the adoption by a companys board of a risk-based approach to establishing a sound system of internal control and reviewing its effectiveness. This should be incorporated by the company within its normal management and governance processes. It should not be treated as a separate exercise undertaken to meet regulatory requirements.”Turnbull Report, September 1999
The Evolution of Risk ManagementPreviously Now Historical risks only Non-traditional risks Expert management Causes of risk Statistical analysis Organisation-wide involvement Senior management buy-in Risk indicators
Risk Governance MaturityMaturing• Simplistic framework• Departmental• Limited corporate visibility• Risk exposure may be inaccurate• Mitigation plans may be used to identify priorities Mature • Flexible governance framework • Whole of company • Corporate visibility & control • Risk appetite known & monitored • Use of risk data to drive Immature investments & priorities • Risk management is ad-hoc • Individuals or small teams • No corporate visibility • Appetite & exposure unknown • Risk data not used to drive strategy
Integrated risk management Risk management must be a “whole of company” process Requires board level buy-in to objectives and methods of risk management Risks are controlled at the appropriate level within the business, by the most appropriate people Control & management of risks must be part of the normal business process – not an add-on or afterthought Risks must be balanced at the corporate level Without risk co-ordination, perceived risks may be blown out of proportion There must be mechanisms to escalate risks to the appropriate level. The risk management system needs to support the risk process without being intrusive Intrusion usually results in non-use Risk co-ordination & challenge processes become “big stick” exercises.
Line Xero : Company Overview Formed in 1990 as an IT strategy consultancy Provides IT Design Authority services to a number of FTSE-100 companies Created XeroRisk as a product in 2004 Originally built for United Utilities Strong take up in asset intensive & regulated businesses Launched RiskTaker in 2008 Operates e-commerce web application facilities on behalf of several Internet based businesses
Line Xero: RiskTaker Overview Licensing Easy& flexible licensing schemes Web based purchasing process ensures no “down time” Support Dedicated RiskTaker support team – email, telephone and self- service portal options available Maintenance Clearroadmap – XeroRisk release + 1 month Maintenance contract to cover support and new releases
RiskTaker: A risk management solution Fully web based application Integrates with existing business processes Simple to deploy Very intuitive to use Risks identified, managed & controlled “on the ground” Corporate exposure valued & monitored through escalation and aggregation
RiskTaker Features Full organisation model support Role based security Fully configurable risk assessment categories & levels Email escalation & notification Full audit trail of all user risk management activities Built in reporting functions include Excel export, graphs etc Support for unlimited risks, organisation units, hierarchy levels
A flexible deployment solution Quick Implementation RiskTaker doesn’t require installation on each client Supplied as a pre-configured appliance – simply plug in and go. Reduced support costs New releases & updates are installed on central servers Does not impact desktop builds or current security policies True Thin-Client There are no ActiveX or Java components downloaded to the client Partners or contractors can be quickly added without IS intervention Low client hardware demands Only a standard web browser is required for access Integrates with standard or thin client desktops (e.g. Citrix) Industry leading components Windows 2003 Server R2 or higher (Windows 2003 R2 Advanced server recommended) Microsoft SQL Server 2000 (Microsoft SQL Server 2005 SP2 recommended)
Reliable Hardware Dedicated appliance pre-configured with the latest RiskTaker software version All third party components licensed through the RiskTaker license Simply plug into your network and run Eliminates expensive server hardware and complex installation No co-existence issues to complicate the support requirements. Can be upgraded as the business grows Additional memory and/or processors Additional licenses to increase RiskTaker users
Support Services Dedicated Support Team Web portal – Online submission of low priority support requests, access to FAQ’s and upgrades Phone – Support for urgent requests including hardware failures, software errors and problems with licensing and upgrade services Email – Dedicated email queue monitored by the support team Hosting Service If you cannot host your own RiskTaker appliance, Line Xero can do it for you – simply access your RiskTaker over the Internet Licensing Service Fully automated licensing service ensures additional licenses can be added without waiting for purchase approvals Temporary licensing possible for short-term projects & programmes. Migration Services For RiskTaker installations growing beyond the scalability of the hardware, an upgrade to hosted XeroRisk canbe performed Data is transferred securely from RiskTaker to the hosted XeroRisk installation with no loss of information