BPC RiskManager V6.2.8 – Is Here!

It seems like we have been on the 6.2.5.x Beta Stream forever, but a couple of weeks ago we quietly released the full auto-installing and auto-upgrading production release version of RiskManager V6.2.8.   It seems word got out, because many of you have been contacting us for upgrades to the new production release.  

 This version is currently released in the V6.2.5.32 build production installer for now.  It ships the V6.2.8 database with the V6.2.5.32 application server and client.  In a little while we will re-release it officially as V6.2.8, but we need to update all the marketing material when that happens – which is a significant effort and takes us away from adding cool stuff into the application suite.  We are absolutely flat out right now with work orders – so we are holding off doing the stuff that doesn’t help you directly – like new brochures.   There are a couple of additional new features that we are working on which will probably make it into the V6.2.8 official version – but essentially the V6.2.5.32 production build is the 6.2.8 release.  Any one that installs now will get an update notice emailed to them when the renamed 6.2.8 installer is released if there is anything different (other than the name) – and it will be just a matter of replacing a couple of files.

Unlike the beta stream, ships as a full auto-upgrading installer and will become the new productions release against which the next auto-installer will auto upgrade your database.   The installer will take any version of RiskManager from V6.1.x up to the current build and V6.2.8 database.

So all the cool enhancements we have been working on for the last couple of years that have been in the Beta stream are now in this new production release, with as usual some more stuff added.

Most of you have been enjoying many of these features for some time now because you have been taking the Beta releases, so the changes will seem more incremental than dramatic – which of course is the idea behind the frequent Beta release programme.   True to form, we haven’t stopped updating, the production release already has a Beta patch which will take you to build, but until the 6.2.8 renaming, we are updating the production installer every few days anyway.   The next production installer update will be out next Wednesday.  

There are so many enhancements being added across the modules it is easy to miss stuff, so after you install the new app turn on incident management (if you haven’t already) and take a look at what has happened to the incident system!   The version in 6.2.5 was written back in 2006 – and it was begging for some attention – well it just got it.   I hope you like what you see, but this is just the tip of the iceberg – the 6.2.8 engine has heaps more it can do with incidents and that is about to be unveiled over the next couple of releases.

We won’t run this next Beta stream so long this time – maybe just a couple of months because we want to wrap up the V6.2.x series and move onto V7

Our existing clients will know that our version numbering is a serious understatement of what is being added as we are likely to add an entire new module in just an incremental build number change – so if we are jumping from 6.2.x to 7.0 you can imagine the dramatic enhancements we have planned for next year. 

 Here’s a hint of what is coming:  You won’t be managing “risks” or “compliance obligations” for much longer – they will be Governance Topics.  You wont be asking “what can go wrong?” but “how can we achieve our planned objective?”.   All the V6 stuff will be there, and the V6.2.8 database has largely accommodated the V7 view of the world – so V7 will be an auto-upgrade  from V6 – so keep you maintenance subscriptions current because you’ll get it at no extra cost.  More on this new approach in later articles.

For now a couple of things about V6.2.8 / V6.2.5.32.   You will notice that a new risk type will be automatically added called “incidents” with a BG  of incidents and a BU of I-Well and Risk of I-Well.  This is the “incident well” for incidents that are otherwise “unattached” to a risk.  Don’t delete them – you need them for the safety module incidents handling to work properly and appear in all reports.    The I-Well is a generic risk for otherwise unlinked incidents.

The incident engine has a whole lot of different reportable event types in it now, as well as a method for tracking the reports action and a work flow of incident handling.  You can still design your own additional attributes and properties, but the current single table view is about to change so that their will be different sets of attributes for each incident type.

You will also notice that the certification / SOX / Sched7  system will insist on creating a “root” account of  “0000″ called “Root”.  Don’t delete this either – if you do it will be automatically recreated.  This is the root of your chart of accounts.  It will allow you to have several different “sets of books” in the chart for different organisations, etc.  All accounts ultimately descend from this root account.  The reason it exists is to ensure that there are no orphan account trees for role ups.

For those of you who have been using master-child risk/compliance relationships (which should be everybody, right?), the roll up engine now rolls up everything – that means that financial values, likelihood, impact, control, assertions, breach flags, etc are rolled up as well as the residual ratings.  (Not the sub tables though – like incidents or causes, except for assertions).  This means that the strange anomalies in bubble charts for master risks are no longer there, BUT you can not set master risk likelihood, consequence, control, assertion responses and ratings or financial values independent of their children once roll up is engaged.   In particular the assertions roll up will float all child assertions up to the master risk/obligation – with the responses according the to assertion roll up rule (so make sure these are set).  Breach flags in the master risks can therefore be triggered by breaches in children – or non completion of assertion responses.  This makes a lot more sense that the old way of doing it, but you might need to re-jig some of your structures a little if you have been treating master risks as just another risk.

This release also surfaces test plans for the certification/compliance module which have been brewing for a while now and are finally appearing.  Again this is a first taste of this stuff, with much more appearing as fast as we can get the screens done.  The 6.2.8 DB already has the tables in it for the soon-to-be-released parts.  For now you can create, design, schedule and manage test plans, and in a few weeks you will be able to record and review the test outcomes and progress as well.

We pulled the claims module back from earlier BETA release of a few months ago so we can do more work on it, but it is only temporary, it will be back in in the new year.   We simply have not had the time to get back to that with all the other client requests we have been working on.  Also we decided that there were some other modules that required attention before claims would work as intended – one of those is obviously incidents.

Lastly you will note there are three different kinds of governance topics – not two as in most governance views:

  1. General Risks
  2. Compliance / certification obligation risks
  3. Compliance Topics/Events

We will eventually rename these but for now this is what they mean: general risks are either project or general “corporate” risks of a future event, compliance obligation risks are the risk of a compliance obligation not being met – IE. the risk of non-compliance, while compliance topics are the compliance events that must are either occurring and must be managed back to compliance or are likely to occur without if ignored.  Every governance topic can be seen  in any of these views simultaneously – as a general risk, as a compliance obligation, or as a compliance event. 

 The main difference between the two ways of looking at compliance is that a compliance risk focuses on strategies / controls to minimise the causes of compliance failure and hence the risk of non compliance, while the compliance topic screen focuses on actions required to remediate the causes of the non compliance and then the control “learning” from that experience.

The two views come about because of the slightly different slant arising from financial statements compliance – where we wish to be able to assert a level of confidence in (and be entitled to assume reliance on)  a set of values in the FMS  to a level of materiality, versus document compliance – legislation or policy  - where there is no allowance for materiality but where active remediation is a defence.

The names are not the best in the RM suite – and apologise for this in advance – but it comes from our need to marry the two different views of compliance where both types of client use the same terminology for fundamentally different ideas and approaches, and our desire to allow you to switch between the two views “live” . 

So what is currently in the RiskManager V6.2.x suite ? 

  • Risk management – general and corporate
  • Assessments and assessment outcome management
  • Compliance obligations – legislation, documents, policies, procedures, etc
  • Certification /SOX / Sched7
  • Compliance events
  • Document management for legislation, policy, procedures, etc, with risk maps and review reminders
  • Insurance
  • Incidents & safety
  • Test plans
  • Audit management
  • Assertions / compliance questions (Indefinite length and indefinite banks of assertions/questions for each obligation)
  • Multiple assessments of each governance topic
  • Corporate planning with obligations linked to risks / governance topics
  • Snap-shots / milestones (with support for ‘what-if’ using restorable milestones)
  • Surveys, custom and control self assessment
  • Review and responsibility control on almost everything with reminders
  • Work flow
  • Process – charting
  • Custom scripting engine
  • End user report writer + import/export engine
  • Tree views with governance topics in multiple tree branches simultaneously
  • Master detail roll up relationships
  • QBE Topic Search
  • Full granular – multi-user security controlling who sees what obligation – internal, AD, LDAP, NT-Groups
  • Multiple risk modelling systems (formula or tabular)
  • Works as a single user install or massively multi-user install with a tiny footprint
  • Internal messaging and task management/tracking

This list doesn’t really do it justice because some of these could inspire entire sublists of features, but these are the “big picture” items.

No Comments so far.

Leave a Reply