JERM Softwre-s--Solution Pckge Enterprise Risk Mngement ( ERM ) Public listed compnies nd orgnistions providing finncil services re required by Monetry Authority of Singpore ( MAS ) nd/or Singpore Stock Exchnge ( SGX ) to implement suitble risk mngement progrmme. The primry objective is to protect the interests of shreholders or service users who re members of the public in Singpore. An ERM progrmme essentilly identifies risks of ll types cross the orgnistion. This enbles Mngement to better understnd the potentil impct of existing risks to stkeholders. There re good nd bd risks. Should risk bering the potentil to dversely ffect stkeholders interest beyond set level of risk tolernce exist, Mngement is obliged to ddress the risk by wy of eliminting it or negting the impct on stkeholders. Risk mngement is crried out on n enterprise-wide bsis so s to vil comprehensiveness in rresting possible bd risks or exploiting good risks. The finl outcome of n effective ERM progrmme is the voidnce of bd risks nd reping the benefits of good ones tht will ugment bottom-line results. A properly conducted ERM implementtion will crete lener, fster nd hppier working environment. While the risk mngement process my vry between orgnistions, there re fundmentl steps nd fetures tht must be present to ensure the integrity of the ERM system. While ISO 31000:2009 provides the principles nd guidelines on implementtion, dpttion is required to be mde so s to fit more purposefully to the orgnistion s business profile nd opertions. JERM Softwre-s--Solution Key Fetures The J ERM SS system is comprehensive system tht orgnistions cn confidently use to implement n ERM progrmme. It is do-it-yourself solution tht llows implementers to instll n ERM progrmme t their own pce nd depth. It is totl solution contining ll resources, risk mngement process nd techniques, nd documenttion tht includes reporting fetures to construct n ERM progrmme. Trining (in video formt) is n integrl prt of the SS. Users re led on step-by-step pproch to complete their risk mngement work. For the Risk Mnger, there re trining modules on project mngement, time implementtion pln, nd esy customistion tools. The J ERM SS is fully complint to ISO 31000 ERM stndrds. Implementers using the softwre cn tune their implementtion in vrying levels of risk coverge, ccording to their needs. Needless to sy, the higher the coverge, the more comprehensive the mngement of risks will be. Setting the context (or focus) is n envible feture of the SS the ERM model cn be skewed towrds the orgnistion s industry nd it lso focuses on the risk perspectives of ech deprtment or function. All these mke for n effective ERM progrmme wholly customised to the orgnistion. Key fetures include: 1. Customistion The softwre cn be customised to meet the needs of ny orgnistion. The Risk Mnger follows cler steps to tilor the softwre to suit the orgnistion s needs. There re tools nd templtes included in the softwre. After the softwre hs been customized, it is replicted to prepre dedicted copies for vrious deprtments to use. Jcob Business Armour pge 1
Imge 1: Screenshot of section to be customized by the Risk Mnger Imge 2: Smple Risk Mtrix to clculte finncil impct severity of risk to compny. Mtrices to indicte severities of risk with respect to humn cpitl, reputtion nd corporte governnce re lso included, nd cn be modified to suit Mngement s risk ppetite. 2. Trining Modules Step-by-step trining in the form of videos nd udio clips re found ll over the softwre, in strtegic loctions to id users with their implementtion. The trining covers both ERM concepts s well s help on using the softwre. The User Mnul is lso provided in the softwre for the Risk Mnger. 3. ERM Policy Mnul An ERM policy mnul templte (in MS Word formt) is included in the softwre, incorporting risk mngement principles nd prctices consistent with ISO 31000:2009 nd integrting J BA s methodology. Imge 3: Extrct of ERM policy mnul Jcob Business Armour pge 2
4. Risk Mngement An effective ERM progrmme hs to be focused nd lso designed to pply to its own risk universe. The J ERM softwre enbles such risk universe to be defined nd grouped into risk components. This llows ll deprtments to focus their risk mngement work on relevnt risks, thereby resulting in comprehensive nd exhustive risk mngement effort. All these re chieved with the help of the softwre fetures. Risk Anlysis Form Risk Officers re guided through the entire risk mngement process when they complete Risk Anlysis form. The identified risk is firstly nlysed nd profiled to determine its impct on the orgnistion, nd then prescribed pproprite tretment ctions. In ddition, the J ERM methodology employs unique pproch to understnd nd tret risks through estblishing their risky conditions nd risk triggers. When this is done, risk tretment is gretly fcilitted. The decision to tret risk is bsed on the orgnistion s risk criteri set by Mngement. The softwre utomticlly computes the risk rtings before nd fter tretment ctions re tken. In filling out the Risk Mngement Form, Risk Officers re ble to focus nd drill down the risk to its pertinent level. Subsequent ctegoristion of risks into Risk Plnes (strtegic, opertions or executive) helps to provide clerer direction for Risk Officers in considering pproprite risk tretments. Risk ownership is vitl in building n effective ERM progrmme. The J ERM system requires ll risks to be corportised, nd then delegted to their respective opertions s Key Risk Indictors. This sets cler ccountbility for risk mngement which will include risk owner, risk supervisor nd tretment owner. Acceptnce of responsibility is done electroniclly, doing wy with the need for pperwork. Imge 4: Screenshots of 2 pges of the Risk Anlysis Form, with section for endorsement by relevnt persons Jcob Business Armour pge 3
Risk Exmples There is myrid of risks present but wht is importnt is the orgnistion s risk universe. For ech risk component, or ctegory, there cn be vrious risk items. The softwre comes with bnk of more thn 200 risk exmples. Risk Officers cn refer to them nd downlod pplicble ones into their Risk Register. Imge 5: Exmples of Risk Components nd Risk Exmples Risk Register - The Risk Register shows the list of ll published risks, llowing users to hve quick look t the risk sitution for the orgnistion nd/or deprtment. Also published on the Risk Register re the gross (i.e. before tretment) nd net (i.e. fter tretment) risk rtings. The Risk Register cn be printed for Mngement reporting. Imge 6: Screenshot of Risk Register Jcob Business Armour pge 4
5. Report Genertion Mngement reports re criticl to ensure proper risk communiction in the orgnistion. The softwre enbles such reports nd grphs to be compiled. In ddition, the Risk Mnger is ble to summrise the entire orgnistion s risk content into n Annul Risk Report, which is sent to Mngement tem, before chnneling it to the Risk Mngement Committee (RMC) nd/or Bord of Directors for their informtion. Imge 7: Risk grphs (left), nd ERM report templte (right) 6. Ese of Updting Mintennce of the softwre is light, requiring reviews nd updting to be mde on regulr bsis. Risk Mngement is essentilly dt detiling the risk sttus of the compny nd using n IT solution will reduce mintennce work, s compred to pper-bsed one. 7. Confidentility nd Security Every deprtment hs its own dedicted softwre which is psswordprotected nd cn be ccessed by the deprtment s Risk Officer nd their ppointed stff. This mens tht there is confidentility nd security built into the softwre. 8. Additionl Fetures Any dditionl fetures required could be incorported by J BA ccording to the needs of the client, if techniclly fesible. However, the stndrd fetures should lredy be sufficient to vil n effective ERM system. 9. Integrting Existing ERM System Should ny orgnistion be looking into using J ERM SS to mnge their current ERM system, J BA could review such possibility nd dvise the client of its fesibility nd cost involved (if pplicble). Jcob Business Armour pge 5