Sword OperationalRisk Manager

Streamline your risk management process, track key metrics, reduce costs and mitigate risk exposure.

The risks associated with people, processes, systems, and external events are pervasive and as a result, managing them is the key to success. Sword Operational Risk Manager delivers a truly fl exible solution for managing these risks that is...

IntegratedA single application with multiple integrated modules to suit all your needs

IntuitiveEasy to use system which evolves and grows with you

IndividualOut of the box functionality that’s confi gurable to meet your organization and users’ exact needs

InnovativeImproves your methodology, effi ciency, delivery and profi le

Analysis by Business Units, Risk Categories, Scenarios, Objectives, Processes and Themes provides added value for risk management by directly showing how risks impact these areas.

Capture the information that you need using your precise risk model and scoring system supporting Inherent, Residual and Target evaluations, multiple impact ratings and thresholds, Local and global ratings and multi- currency consolidation.

Identifi cation and evaluation of Controls and Further Mitigations.

More granular analysis and evaluation of causes and consequences enables gap analysis of controls.

Greater confi dence through the testing of controls by the three lines of defence and generating visual assurance maps for the organization.

Avoid poor decisions and missed opportunities by developing effective mitigation strategies and contingency plans through scenario defi nition and analysis.

Detailed audit trails and recording of trends provide insight and tracking of progress made over time.

Library functionality for your Risks, Controls, Objectives, Processes and KRIs/Appetite Statements.

Risk Consolidation for benchmarking and identifying common issues across the organization.

Gain early insight into Emerging Risks and their linkages to existing risks and controls.

Simple end-user screens for risk and control owners to update and sign-off their documents on a timely basis when alerted via scheduled emails.

Risk and Control Register

Comprehensive risk register and evaluation system with an extensive range of risk models, analysis and reporting which can be confi gured to meet the regulatory and business needs of any organization.

Consolidate risk and control registers within one system rather than in multiple disjointed spreadsheets, offering increased oversight, reduced administration effort and streamlined reporting across all of your business.

Simplifi ed and effi cient sign-off and attestation process for end users to access their risks and controls, which improves ownership and accountability of your risk environment.

Reduce the risk exposure across the breadth of your organization in one single source, while providing detailed comparisons of those varying levels of exposure at a departmental, functional or process level.

The global library functionality allows risk, controls and more to be linked to multiple parts of the business while centralizing the management of key details of those records, making it much easier to administer, monitor and report on these relationships.

Operation Loss Events

Loss event data can provide the most objective source of information for analysis and further management response.

By capturing and recording Incidents/Events they can be managed and subsequently allocated against the relevant risks and controls to improve and inform their future management. Identifying trends and correlations between these events can also highlight wider issues within the control framework that need to be addressed.

Recording of all operational losses, incidents or near misses by any user in the organization.

Confi guration to accommodate multiple event types e.g. losses, IT Incidents, Complaints, etc with different fi elds, security and workfl ow by type.

Email alerts provide instant notifi cation to help notify risk management and kick start root-cause analysis.

Extensive analysis of events to identify trends and early warnings of potential serious issues.

Links to risks, controls, processes and risk categories to provide more informed assessments and improved oversight.

Full progress control and tracking of event reporting for complete management through the process

Generation and tracking of mitigating actions providing complete oversight and clear lines of responsibility, ownership and deadlines.

Save time and effort by generating regulatory reports at the click of a button.

Restrict access to sensitive information and events through the confi gurable security model.

Further Mitigation and Action Tracking

Where further risk mitigation is required, actions may be generated for the business to address weaknesses in its control activities. Comprehensive security is provided to enable online response and tracking by action owners.

Actions can be created widely throughout the system and then tracked and monitored centrally by the Risk Team.

Status workfl ows then allow tracking of progress through to completion, with email alerts to prompt Action Owners to update and keep on top of their tasks. Any push backs or revisions include justifi cation as to why.

Generation of actions from risks, controls, loss events/incidents, emerging risks and KRIs.

Actions can be linked to multiple records to avoid duplication of effort or where actions will have wider ranging effect.

Simple end-user response screens presenting only the information required for perform the given task making the system easy to use.

Comprehensive security to support those responsible for implementation.

Extensive analysis and status tracking of actions including tracking and reporting of overdue actions for follow-up.

Automatic email notifi cations of actions due and overdue with escalation processes.

Reporting of actions across activities/ functions.

View of related actions generated by audits.

Benchmarking and KPIs on creation and clearing of actions.

Risk Appetite and Measures/Indicators

Drive performance and empower staff to make conscious, timely and profitable risk aware decisions.

Produce board-level Appetite Statements to communicate agreed, acceptable levels of risk, that are supported by detailed assessment of risks and measures.

Complement these with Key Risk Indicators linked directly to those appetites and risks, to provide early warning indicators that can raise the alarm and be taken into consideration during risk assessments.

Defined Appetite Statements by Business Units, Risk Categories or other dimensions.

Link Measures or Key Risk Indicators to Risks and Appetites.

Flexible, subjective or statistical assessment of measures.

Manage the process through workflows for the collection and review of indicator assessments on a cyclical basis.

Full trend history and benchmarking of assessments providing improved reporting and tracking.

Complimented by extensive reporting of indicators and appetites to provide clear visibility.

Policy Management and Policy Compliance

Gain confidence that you’re able to communicate policies in an effective and timely manner while always reaching the right audiences.

Easily develop, manage and efficiently collect the evidence required to demonstrate compliance with corporate policies.

Library of policies with associated documentation.

Workflow for development, review and acceptance of the policy.

Management of users through groups for issuance of policies.

Linking of policies and policy statements to controls which demonstrate compliance.

Confirmation of compliance with policy statements and policies through simple screens.

Dashboards and Alerts

User specific on-screen dashboards configured to meet the needs and role of the user to highlight issues, items for review or update, trends and significant changes and present information that is important and relevant to them.

Dashboards are an effective means of both visually highlighting the fine details e.g. issues requiring Risk Owner/Management attention and at the same time providing high level aggregated view across the organization.

Email alerts can link directly to dashboard items to make sure important events or areas of interest are brought to attention, dealt with accordingly and not missed.

Multiple dashboards available by user providing clear areas for them to focus on.

Dashboards that meet the exact needs of the user.

Lists of items and graphical analyses to bring data to life in the correct format.

Email alerts that are generated by many different types of events from new risks to failed controls tests, with links to dashboards or directly to the items requiring attention.

Questionnaires

An online system for generating questionnaires, collating responses and performing self-assessment and certification from the business units.

Provides a centralized area for management of these questionnaires with actions with linked to the risk framework to close the loop.

Generate questionnaires for Business Units and control managers on a cyclical basis.

Design and store a library of questionnaires for issuing as required.

Select from a range of response types and validation criteria.

Email notifications and reminders to questionnaire respondees.

Analysis of responses including trend reports of responses over periods.

Additional ad-hoc questionnaires to seek views on the control environment, risk appetite, compliance or for any purpose.

Technical

User access via browser (IE 11 and above, Edge, Firefox, Chrome, Safari)

PC, Laptop, Tablet or smart device

Windows IIS Server

SQL Server Database

Connect to any SMTP e-mail server

Hosted by us or on your own equipment

Reporting

A wide range of standard and custom reporting options to ensure your exact reporting requirements are met and relevant and informative outputs can be produced from the information that you capture and collect. A large catalogue of standard reports are provided out of the box which can either be used as is, or as templates and then tailored to meet your exact requirements.

With direct access to the data we remove the need to manually collate and collect data and streamline the process of compiling reports, which ultimately allows more time for analysis and proactive action.

Consistent and standardized reporting templates ensure that everyone is communicating and sharing information in understandable and consistent corporate formats.

Reporting is available through a range of reporting tools and options including:

Multi-component dashboard reports.

Report Generator allows for ad-hoc quick export of data, while drag and drop capability allows flexibility each time items need reviewing.

Export of any filtered data straight to MS Excel.

Export of selected data to MS Excel/MS Word.

Heat Maps and charts of many different types for visualization of your data.

Services

Sword Operational Risk Manager software has been designed to support configuration to meet each organization’s exact requirements.

Our structured implementation plan is led by experienced risk consultants and covers:

Understanding your needs.

Developing a project plan to meet your priorities and timetable.

Workshops with key stakeholders to ensure everyone’s needs are addressed.

Configuration of the system to match your methodology and terminology.

Administrator training courses to teach you how to further configure the system.

Report-writing courses.

Super-user and end-user training courses.

Post implementation support programmes.

Active User Group Meetings to share ideas and help direct the development priorities.

SGRC | v2.7 | 24.08.20

www.sword-grc.com info@sword-grc.com

EMEA – London

1 Grenfell Road, Maidenhead, Berks SL6 1HN, UNITED KINGDOM

Tel: +44 (0)1628 582500

Americas – Washington

13221 Woodland Park Road

Suite 440

Herndon, VA 20171

UNITED STATES

+1 (703) 673 9580

APAC – Melbourne

Level 14 333 Collins Street Melbourne VIC 3000 AUSTRALIA

Tel: +61 3 9071 1866

Malaysia

Level 33, Ilham Tower, No. 8, Jalan Binjai, 50450 Kuala Lumpur, MALAYSIA

Tel: +60 3 2117 5302