The latest BPC RiskManager Enrima Edition Beta is out and available for download from the download site for registered clients.  Just look for BETA2.

We have been very busy over the last month or two inserting the new compliance system into BPC RiskManager that will augment the existing compliance support, revamping the access control system to increase granularity, surfacing the resource retirement facilities and adding a bunch of other minor items.

The new compliance subsystem is very cool.  Since V2 we have treated compliance obligations as special kinds of risks, which has a lot of advantages, including enabling the use of general risk capabilities for compliance items.  The new subsystem extends this idea in both directions – to risks   and to compliance obligations, so that every risk can be viewed as a compliance obligation and vice versa.

When viewed as a compliance obligation, the risk has unlimited assertions (or questions) arranged in unlimited sets of assertion/question groups for each risk/obligation.  These are separately ratable and can then be used to update the risk ratings. 

In the compliance world each compliance obligation has  a group of questions about (for example) a legislative section or account balance covering availability, resourcing, access, implementation, etc.   These questions form the basis for measuring compliance with an obligation.  When applied to the general risk world, this same method provides a way for you to define criteria for informing the assessment of a risk rating.

in compliance view the causes are automatically linked / grouped by the question/assertion, and in turn the controls/remediation strategies are automatically linked to each cause.   Further, if a survey needs to be generated to, say create a checklist or measure progress on assigned tasks, the survey will automatically use the assigned sub-list of controls specific to the cause.

More coming on this…