Sword OperationalRisk Manager (Magique)

Sword Operational Risk Manager (Magique) is a feature-rich and fully web-based Risk Management System.

In addition to the Risk Register and an Emerging Risks Register, there are options for Loss Events/IncidentManagement, Appetite /Indicator recording, a Questionnaire system for Control Self Assessment and surveys, a Policy Compliance system to monitor compliance with regulatory requirements and an Action Tracking system for recording and tracking of further required actions from any part of the system.

Fully integrates with Sword Audit Manager (Galileo).

Individual Configured and customized to meet your organization and users’ exact needs

Intuitive Easy to use system which evolves and grows with you

Innovative Improving your methodology, efficiency, delivery and profile

Integrated A single integrated yet modular relational database

Risk and Control Register

Comprehensive risk register and evaluation system with an extensive range of risk models, analysis and reporting which can be enabled and configured as required to meet the regulatory and business needs of any organization.

Recording of all operational losses, incidents or near misses by any user in the organization.

Configuration to accommodate multiple event types eg losses, IT Incidents, Complaints, etc with different fields, security and workflow by type.

Extensive analysis of events to identify trends and early warnings of potential serious issues.

Full progress control and tracking of event reporting.

Generation and tracking of mitigating actions.

Automatic generation of regulatory authority reports.

Comprehensive security model to restrict access as required.

Operation Loss Events

Incidents/Events can be recorded, managed and subsequently allocated against the relevant risks and controls to improve their future management.

Recording and Evaluation of Key Risk Indicators/ Appetite Statements.

Detailed audit trails and recording of trends.

Library functionality for your Risks, Controls, Objectives, Processes and KRIs/Appetite Statements.

Risk Consolidation for benchmarking and identifying common issues across the organization.

Separate register of Emerging Risks with linkages to existing risks and controls.

Simple end-user screens for risk and control owners to update and sign-off their documents on a timely basis when alerted via scheduled emails.

Analysis by Business Units, Risk Categories, Scenarios, Objectives, Processes and Themes.

Your precise risk model and scoring system supporting Inherent, Residual and Target evaluations, multiple impact ratings and thresholds, Local and global ratings and multi- currency consolidation.

Additional recording and evaluation of causes and consequences with gap analysis.

Identification and evaluation of Controls and Further Mitigations.

Testing of controls by the three lines of defense and generating assurance maps for the organization.

Scenario definition and analysis.

Generation of actions from risks, controls, loss events/ incidents, processes, objectives and KRIs.

Linking of actions to multiple documents.

Simple end-user response screens.

Comprehensive security to support online response and tracking by responsible person(s).

Extensive analysis and status tracking of actions including tracking and reporting of overdue actions for follow-up.

Automatic email notifications of actions due and overdue with escalation processes.

Virtual reporting of actions across activities/functions.

View of related actions generated by audits.

Benchmarking and KPIs on creation and clearing of actions.

Where further risk mitigation is required, actions may be generated for the business to address weaknesses in their control activities. Comprehensive security is provided to enable online response and tracking by action owners.

Further Mitigation and Action Tracking

Library of policies with associated documentation.

Workflow for development, review and acceptance of the policy.

Management of users through groups for issuance of documents.

Linking of policies and policy statements to controls which demonstrate compliance.

Confirmation of compliance with policy statements and policies through simple screens.

Full tracking of responses with email and dashboard alerts for outstanding responses.

Search facility within the library of documents.

Policy Management and Compliance System

A system for developing, managing and evidencing compliance with corporate policies.

Generate questionnaires for Business Units and control managers on a cyclical basis.

Design and store a library of questionnaires for issuing as required.

Select from a range of response types and validation criteria.

Email notifications and reminders to questionnaire respondees.

Full progress control sign-off and tracking of responses.

Analysis of responses including trend reports of responses over periods.

Additional ad-hoc questionnaires to seek views on the control environment, risk appetite, compliance or for any purpose.

An online Control Self Assessment system for generating questionnaires, collating responses and performing self-assessment and certification from the business units.

Questionnaires

Multiple dashboards available by user.

Dashboards configured by the Administrator to meet the exact needs of the user.

Lists of items or graphical analyses available within dashboards.

Email alerts throughout the system with links to the items requiring attention.

Both manually instigated and automatic emails supported.

Logs of emails sent and received.

As the data is held in a single SQL database multi-dimensional reporting is available through a range of reporting tools and options including:

Multi-component dashboard reports.

Export of any filtered data to MS Excel.

Export of selected data to MS Excel/MS Word/ MS

PowerPoint templates.

Heat Maps and “Blob-Reports” of risks.

‘Click and Drag’ report generator for end-users.

Integration with Tableau Visualization tool.

Appetites defined by Business Units, Risk Categories or other dimensions.

Measures or Key Risk Indicators linked to Risks and Appetites.

Subjective or statistical assessment of measures.

Workflow for collection and review of indicator assessment on a cyclical basis.

Full trend history and benchmarking of assessments.

Extensive reporting of indicators and appetites.

User specific on-screen dashboards configured to meet the needs and role of the user to highlight issues, items for review or update, trends and significant changes.

Dashboardsand Alerts

Recording Board-level Appetite Statements supported by detailed assessment of risks and measures.

Risk Appetite and Measures/Indicators

The system supports a wide range of standard and custom reporting options to ensure your exact reporting requirements are met and the system includes over 300 standard reports which may be tailored to meet your exact requirements either by your Administrators or by your implementation team.

Reporting

Technical

Sword Operational Risk Manager (Magique) software has been designed to support configuration to meet each organization’s exact requirements. Our structured implementation plan is led by experienced risk consultants and covers:

*not required but system can be configured to use if customers request email features or remove access

Services

Understanding your needs.

Developing a project plan to meet your priorities and timetable.

Workshops with key stakeholders to ensure everyone’s needs are addressed.

Configuration of the system to meet match your methodology and terminology.

Administrator training courses to teach you how to further configure the system.

User access via brower (IE 10 and above, Edge, Firefox, Chrome, Safari)

PC, Laptop, Tablet (e.g iPad) and smart device

Uses Windows IIS Server

SQL Database 2012 and above

Connect to any SMTP e-mail server

Hosted or on your equipment

Report-writing courses.

Super-user and end-user training courses.

Risk Consulting services.

Post implementation support programmes.

Active User Group Meetings to share ideas and help direct the development priorities.

SQL Server

IIS Web Server

Mail Server

Internet/WAN

NetworkedBrowser Clients

RemoteBrowser Client*

HTTP/HTTPS

TCP/IPor Named

Pipes

SMTP Message

Forwarding HTTP/HTTPS

HTTP/HTTPS

EMEA Headquarters

Sword Active Risk 1 Grenfell Road MaidenheadBerks SL6 1HN UNITED KINGDOMTel: +44 (0)1628 582500

www.sword-activerisk.com

US Headquarters

Sword Active Risk, Inc. 13221 Woodland Park Road Suite 440 Herndon, VA 20171UNITED STATESTel: +1 (703) 673 9580

info@sword-activerisk.com

Australia

Sword Active Risk Pty Ltd 40/140 William Street MelbourneVIC 3000AUSTRALIATel: +61 3 9229 3852

Twitter @ActiveRisk

Malaysia

Sword Active Risk Pty LtdLevel 33, Ilham TowerNo. 8, Jalan Binjai 50450 Kuala LumpurMALAYSIATel: +60 3 2117 5302