We have started work on a long list of  new features and enhancements to our governance software suite: BPC RiskManager, and, assuming the world doesn’t come to an end this year, we think you are going to like what is coming – but more on that in future posts. 

Our four main service lines -  Software Sales,  Custom Software,  Survey Hosting and Consulting have opened the year with the strongest bookings in a number of years so 2012 looks like it will be an interesting and busy year.  The Custom Software and Consulting teams are now fully committed for the first quarter (obviously sales and hosting don’t have capacity limits) , which is a good way to start the new year.  

2011 was a great year at BPC, and we thank you, our clients and friends for your on going dedication and support – without you we don’t exist.  To our clients, while we don’t get to see many of you personally, our regular telephone conversations and email communications make us feel we know each of you as friends.  We couldn’t ask for a better bunch of clients – loyal, considerate, helpful cooperative, inspirational and fun.   A simple “thank you” just doesn’t seem enough.

 For BPC RiskManager V6 users there has recently been a major update released with lots of new features and a couple of progressive updates since then, so for those with current maintenance subscriptions, make sure you contact us and get the update, and those of you without, make sure you get yourself current and we’ll get you the update.

As a risk management professional, one of my particular concerns is the significant and rapidly growing scope of risks created by social networking and smart mobile technology.  I admit to being in “two minds” about this space.  On the one hand there are definite and clear branding, sales, performance, communication, and social benefits associated with the social media technologies.  On the other hand there are serious and real, present and potential risks that are growing rapidly. I remain concerned that these risks are little understood by the vast majority of the user base, and that there is not a clear path to either mitigating or avoiding them.

The one guiding principle that all internet users should remember, is that “the internet is forever”.  If you are bold enough to venture into the very dark-side of the internet – spend an educational few hours browsing the encyclopedia-dramatica (EA) web site.  (WARNING:  Not Safe For Work.  This site contains extremely offensive, bigoted, obscene and abusive content.  You WILL be offended by some, if not all the content.  While it is intended to be a humorous web site, its humour is based on being deeply offensive to almost everyone – so do not visit unless you have a very thick skin, it is not even remotely possible to offend you, you have a secret fascination for the sordid, an extremely well developed sense of the right of free speech, a professional excuse to be there and/or believe that there is no image or viewpoint too strong to gross you out.  Also, be warned, that there are some things that once seen can never be “unseen” and the image or text may haunt you for the rest of your life. )   One of EA’s pet projects is to explore and ridicule internet “memes” as they rise to fame.  A meme is an internet fashion – the internet equivalent of the proverbial 15 minutes of fame.  It may be a person, an idea, an identity, etc.  EA delights in recounting in depth the foolishness of targeted memes, the process used in tracking their real world identities and exposing their details (names, addresses, associates, phone numbers, etc).  Erstwhile anonymous people who have either done some thing foolish on internet social media sites or people who hold views they consider extreme or hypocritical are targeted and occasionally harassed.  It is this aspect of EA’s function that is relevant to this article, and the step by step accounts of how some of these semi-anonymous people have had their real identities, with phone numbers and addresses, family and real-life jobs exposed and linked together with their internet foolishness are a very strong lesson in how dangerous the illusion of anonymity is on the internet.  The advent of modern social media has made this work simpler, faster and possibly even more devastating to the individual.  

In the world of simple social networks – bulletin boards, chat rooms, YouTube and Email Lists , however, considerable resources and skills were required to achieve this kind of exposure.  It is possibly the ability of the group of people championing or supporting the EA website and the bulletin boards/chat sites from which it draws many of its victims to utilise their apparently large world wide participation base that allows them to sew the data together from these many sources and form a coherent story that facilitates their success.   The sheer effort required to do this kind of work has traditionally made it unlikely that the ordinary internet user whose internet behaviour is more “ordinary” had much about which to be concerned.   With the advent of increasing “smart” social media sites, like FaceBook combined with technology advances like facial recognition, smart phones with mobile apps and GPS tracking technology,  marketing agencies and commercial data tracking firms and 20 years of data tracking this is changing.

Consider the recent article in The Wall Street Journal published 18 October 2010: FaceBook in Privacy Breach.  The essence of the matter reported was that various apps in FaceBook were providing data to external sites that breached user’s privacy settings.  The apps on your FB  page have access to a considerable amount of your private data regardless of your privacy settings and are therefore capable of transmitting this data to external systems.  Even without this dimension, FaceBook uses a unique identifier to identify its users (a characteristic that would be difficult to avoid).  That identifier probably has to be available to any app used by a user for many of the app’s socially beneficial networking capabilities.  Given many apps make use of external (to FaceBook) databases, that id probably has to be available outside of the FaceBook environment.  For the 500 million or so FB users, this is effectively a unique identity number.  Combine that id number with even a polynomial hash of the personal data held in a user’s FB account, and then match that hash with a hash code held for the same fields – say name and address or email address – in a marketing or data tracker’s database and you can link the offline database with the FaceBook user even if you are not transmitting identifiable private information.  

Data tracking and marketing firms can use things as simple as advertisements and images displayed on a web page you visit to identify you by your browser and IP address to track where you go on the internet – before we even get into more sophisticated tracking methods.  So now we have the potential for that information to be tied to your FB user identity.

Now let’s add the latest FB innovation – facial recognition.  The addition of facial recognition capability to FB and applied to the profile and other images loaded up into the FB database and tagged with personal and “friend” identities gives FB possibly the largest facial recognition database outside of any government – and possibly larger than 90% of governments around the world.   

Lastly, we add to this mix the wide spread use of smart mobile technology with their GPS and web browsing systems – including FaceBook, and the growing social media linking systems like Xobni that matches your email inbox to the various social media sites like LinkedIn, FaceBook, Twitter, etc.

Take all of these systems together and we have a growing ability for people’s lives to be comprehensively monitored – real life, social life and internet life:  who you are, what you look like, where you go – in real life and internet life, who you work for, what you do, what you say, who your friends are, what you like, what your political views are, what you buy and what you would rather not have others know.  Does this bother you yet?

Even if this unprecedented potential for tracking and data matching – social convergence – does not concern a given individual, from a corporate perspective if creates some unique risk management questions:  

• When a person’s real-world private life, internet private life and real-world corporate identities converge, and that convergence brings disrepute on an organisation, what should be the organisation’s response?
• How can an organisation measure and limit the risk from social convergence?
• Should an organisation be actively outcome-testing the social convergence of its key employees in order to anticipate the impact of ill-timed exposures?
• Should employees be discouraged from using any data that can be used to match their corporate identities in social media?
• Should an organisation actively educate their staff about the risks of social convergence to them and their employer?
• To what extent should organisations apply the same social-convergence morality tests to the organisations with which the trade?

As a strong proponent of the rights of the individual, freedom of speech and the duty of employers to “mind their own business” with respect to the individuals they employ I find the implications of these questions extremely troubling, but I fear they will not be able to be ignored forever.

The target cutoff for this BETA was intended to be Tuesday, but since everyone suddenly seems to have awoken from a light sleep this last week, and particularly since our BETA15_1 release we may extend for an extra few days and we are receiving lots of requests and suggestions most of which are rapidly doable at the moment.  

The main projects getting a look-in in the BETA15 sub-sequence are:

• RM – Survey Engine Integration
• Compliance/Certification (Financial Statement Elements)  Project
• Compliance Topic Solver (simplification) Project
• Insurance Claims Management
• Safety (Incidents and Hazards) Project
• Workflow Project

Essentially there is a lot of new or improved functionality being turned on in this BETA.  In a number of cases there are features that have been present for some time, but not fully engaged with the rest of the system because other  features were required to make them fully functional that are now ready, or they required us to take the “force a DB change” step to make them work properly.  This is what is happening now.  We are now alao trying to shut down the BETA sequence and move to the release of V6.2.7 as quickly as possible.

So in the interests of managing the flood of email enquiries I am going to post here a little more regularly about what we are doing.  This should help you decide whether you take any BETA15 (almost nightly) build or wait until we stabilise it on BETA16.   BETA16 will most likely be a short staging step until the release of V6.2.7 which will be virtually identical to BETA16, except for any fixes required from BETA16. 

BETA15_4 has:

•  Additional survey engine integration fields and now fully supports survey organisation selection throughout.  This is important so that the RM client can see all the orgs that the SM client can build;
• A new survey question library tab in the risk maintenance screen to allow selection of individual questions from the survey engine to be linked with individual risks.  The initial version of this tab allows individual already created survey questions to linked with risks.  This will be expanded in the next BETA15; 
• A recasting of types of the survey reference fields held in RM tables from varchar to nvarchar.  The survey engine was written to use Unicode characters, while the RM uses standard ASCII.   When we brought the two engines together many years ago the fields in RM that held SM references were created as ASCII fields to be consistent with RM.  That has now been changed so that the cross link fields now all use the standard SM field types.   In RM version 7 we will be going full Unicode, and this is an initial nod in that direction;
• Control Self Assessment surveys now attempt to build themselves in the survey org that is linked to the risk’s owning business unit, rather than in the global default survey organisation.  With the surfacing of survey org’s in RM this just makes better sense;
• Survey Reporting views in the RM survey client that “timed out” in BETA15_1 and BETA15_2 when there were more than 30,000 survey responses have now Bent fixed so they display correctly.  This was actually caused by the reports not being “survey organisation aware” so they were making a Cartesian product when the same survey appeared in multiple organisations ;
• Added lookup searches to the various screens where survey organisations are referenced so that you do not have to know the name of the survey org when you are trying to link it to a RM business unit, etc.
• Added a page to “setup profiles” to enable the creation of survey orgs from within RM;
• The “Global Survey Org” is now just an initial and default survey organisation where you have not defined a survey org to mirror a RM Business Unit;
• A significantly expanded range of risk/compliance fields have been surfaced in the maintain compliance screen, and renaming of some of the existing fields to allow better dynamic captioning choices that distinguish the fields from their risk view counterparts.  There is more happening here between the Solve Topics and Maintain Compliance screens to simplify the screens and make the compliance display less dependent on the Risk View to display additional detail;
• Added “Financial Statement Element” display field to the compliance screen along with the “Document/Section” field.  You can use either or none.
• Added workflow creation and editing to the Risk and Compliance object (with extra buttons on each maintenance screen to enable workflow maintenance therefrom.

Another release is coming tomorrow, I will try and tell you about that then.

BETA15_4 is on the download site – use your client ID to access.   It contains an updated script to build a database from scratch.  We have taken out the DB create command, so you should create your DB first then run the script to build the inside your new DB.  It is SQL Server 2000+ compatible, then use the accompany in XL sheets to load in the initial data.  There is one sheet per table that requires initialisation.  If using your existing DB you will need to contact us to convert your DB until the BETA16 is released, or possibly after if you have one of the intermediate DB versions.  The current DB version is V6.2.7

You may have noticed that since then there have been 2 more updates to BETA15.  This is why we did not “officially” announce it.  There are a number of things that are a day or so away from completion, and so we could get some feedback before the official release we agreed to do a rolling nightly release for a few days.

This will be the case for the next few days – a nightly update with a new complete DB build script included while we include each of the extra features not yet included in the build.  The current release is BETA15_2, but tomorrow there will be a BETA15_3 and so on.

If you want the latest nightly build you are welcome, but understand that this is a moving feast until the official announcement – that will appear on this blog as usual.

To avoid confusion, we will probably stabilise on BETA16 as the announced release. 

BETA15 uses the V6.2.7 database – so it will NOT work with your V6.2.6 databases (BETA14).  You will require an upgrade script or to forward your databases to us for free conversion.  Except for those clients specifically engaged in this release sequence, we will not be converting databases until the stable version is released as there is a (very slim) chance that the DB will be changed during the next couple of days.

If you think you need special consideration – don’t hesitate to contact me via email and we will attempt to cooperate.

Thanks for the excited interest – it is much appreciated.  I will know next time not to try and sneak a new release out, you guys are all way to keen and astute for that.

The official announcement – when it is made – will include detail of what has been added.

The V6.2.6 DB changes have actually been creeping into the DB scripts progressively across the BETA’s but the server and client have not used most of the V6.2.6 changes (or at least not required them) until this release.  We normally feed the major DB changes into the DB structure up to 12 months in advance of  utilising them in a client.  Only when the feature is required in production do we clock over the DB Version number.  (There is actually one DB feature that has been in the system since approximately 1998 that is still waiting to get to the top of the to-do list,  and in that case the code to use the feature is already written, tested and has been utilised in other production applications, but the anticipated requirement has simply not yet surfaced in the market place.) 

In V6.2.5.22  includes:

• Updated - Insurance policy management.  Intended for “Insureds” (holders of insurance policies) rather than insurers (issuers) or insurors (agents).  Insurance policy management holds details such as contacts, coverage, exclusions, history, financial data, and renewal information.  Each Insurance policy can be tied to a type of control which in turn can template, classify and optionally standardise strategies and controls applied to governance matters such as risks, compliance obligations, CR risks, and other governance obligations.  Insurance policies also link to incidents and governance matters (risks, etc.) via claims management.   This release sees the surfacing of additional data fields, new report views and connection of the insurance renewal reminder and review systems to the messaging system.
• Upgraded Email Messaging.  More internally tracked responsibilities have now been added as uniquely managed messages to the mail & message queueing system.  This is available regardless of whether or not you enable email dispatch through the BPC MailManager.  (IE. the messaging system and email tracking works regardless of whether the emails are actually being sent . )  Among the additions are document, section and insurance renewals.
• New - Risk Milestones.  A milestone is restorable a snapshot of a risk.  Milestones existed in BPC RiskManager from version 1, but with the move from Version 5 to 6 the milestones were dropped in favour of a much more expanded continuous audit logging system with dedicated search, a much expanded assessment tracking and management system and the existing restorable archives.   These facilities did most of what milestones did and provided a much wider range of additional capabilities for search, multiple concurrent users assessing risk,  and data extraction.  There were some things that the logging system, et al did not satisfy however, and that includes a simple way to deliver a chart showing risks at an instance in time, or run multiple “what if” analyses (and store the results in a restorable way, and returning to the official values).   So Milestones are back and improved, with milestone types, descriptions, dates, etc, and charts.   There will be lots more happening here over the coming months.
• New Milestone Charts – Track changes in I/C/R ratings over multiple years, etc.
• New Profile Chart – expands the display of assessments against I/R ratings to the current + 2 assessments allowing either 3 time based assessments or current self/reviewer, previous self/reviewer  and previous-previous self/reviewer assessments simultaneously.
• New Email Message Template reports.
• New Auto-Add feature for the Report Builder interfacing engine so that risk-system-administrator-end-users can add custom or rarely used views and tables to the reporting engine reportable data.  If you know the name of the table or view this feature will mine it and build a definition for ReportBuilder  (Report builder is packaged into every client).  Now nothing is hidden!
• New Views for assertion reporting, number capture, etc.
• Updated BPC RiskMailManager (Email message batching) to accommodate the new mail queues in this version.

BETA12 is on the client download site (you will need your username and password), but if applying the BETA12 patch we STRONGLY  advise you to contact us so that we can assist with the DB conversion.   There are a couple of messy changes to tables that are mirrored or version tracked and some new FK constraints that may require more personalised attention depending on your data.  

 Those preferring to skip the BETA’s and wait for the full installer that is shipped with the official release, should be looking about 1 to 2 month’s out from now.

The next BETA release – due end of next week – will include a big update to claims processing and the compliance obligations.

With BETA11 we have finally decided to commit to the new data structure that has been waiting in the wings for about 8 months.  We continued with the BETA stream on the old 6.2.5 DB structure as long as we could, but now it is hampering our ability to move to the next generation of the RM system.

BETA11 actually uses Release 1. of the new V6.2.6 DB structure and will NOT work with the V6.2.5 Database entirely.  The client and server have been designed to accept the V6.2.5 data structure and apply some intelligent field and table selections based on the differences between the data structures but the client will generate several “non-critical” error warning messages on start up as it attempts to access tables that do not exist in the V6.2.5 data structure.   Obviously, this is not appropriate for production installs. 

The BETA11 structure includes a number of revisions to the data layouts to remove some organisational unnecessary restrictions that in some cases date back over 10 years and surface a raft of new insurance, claims, incident and compliance capabilities.  We are currently working closely with a number of clients feeding requirements for their real-world compliance, claims and OHS operational needs and the V6.2.6 DB structure is intended to meet the architectural requirements of these clients. 

This has been a large project commencing over 12 months ago with just a couple of clients, and over the intervening period has expanded substantially as many more of you have joined the BETA team to provide your own version of these related needs.

BETA11 is a production stable release BUT, for production your DB must be upgraded to the V6.2.6 structure.  We have not built an auto-installer for BETA11 (see below for the reason for this decision), and so if you wish to use it in production you should email me and we will make it available for direct download on your client login page.  In each case we will build a custom upgrade script against our copy of your reference database, or (preferably) we will hand upgrade your database, but you will need to make a backup of your current production database for the  purpose.   For a custom upgrade script against a reference database there will be a small fee.  For a upgrade performed by us against a backup of your production database forwarded to us there will be NO fee.  (The custom script takes a lot longer  to make and is more error prone than if you provide us with a backup of your production database and we run a delta analysis between it and our master reference databases using our tools on our hardware and then provide the upgraded DB back to you – so we are clearly trying to encourage you to do the latter).

The issues are that:

•  the 6.2.6 DB involves some fairly tricky table structure changes to foreign key and version table structures that are very hard to automate outside of the installer package and the installers take about 5 hours to build.  
• the 6.2.6 DB structure is being changed in 3 steps (Release 1 is available now) because we are adding some features that are being designed on-the-fly with a number of clients who want to be able to try some ideas and then enhance and expand the ideas so there are more parts coming over the next two to three weeks.
• there are significant developments occurring on multiple fronts at once which should complete over the next month, so the significant cost in building the installers with automated DB version upgrades is better delayed until there is more stability in the DB structure

Having said that, a conversion to the 6.2.6 structure NOW is safe to do because future changes will be minor enhancements rather than the fundamental re-organisation of a number of tables that the 6.2.5 to 6.2.6 change represents. 

So what should you do?  If you really want to be part of the compliance-insurance-claims-OHS BETA stream – do the change.  If you are happy to use the facilities as we design and build them, then wait until the stable build with the automated installer is released.

What is in BETA11 ?

• Insurance has been moved from being a relatively hidden feature of strategy – control and type-of-control design to front and centre of a new Insurance panel.
• Claims management has been added
• Incidents have been moved from being only a slave table of Risk to being handled independent of risks and able to be linked back to multiple risks (and claims and insurance, etc).
• Legal management has been added to allow for the tracking of legal resources associated with a claim.
• Fixes to screen handling in documents to ensure the document and section master lists are refreshed when documents and sections are added
•  New default inherent likelihood rating level can be set for new unrated topics
• The bubble chart now allows the minimum bubble size to be set so they can be stopped from shrinking to a single pixel when most risks/compliance items are in a single bubble.
• “My Responsibility” summary now accounts for delegated responsibilities.  (Under the cover the responsibility summariser has been hugely expanded to cover all responsibilities in the database so you will soon see a substantially expanded responsibility tracking screen in “My RiskManager” that covers everything for which you have any responsibility).
• A large number of new rules capabilities have been added to the surveymanager engine and enhancements to the JavaScript library.   There is more happening on this front as we progressively expand the direct SurveyManager to RiskManager cross table access.  Our aim on this front is to eliminate the need for the intervening results table to interface the survey engine screens with the RiskManager tables.

Beta 12 will be released this week – look to Friday.  It will mainly be a refinement of the things in Beta11 and expansion (hopefully completion) of the claims management capabilities.  Beta11 is not available as a browser plug-in-client (only in desktop download).

The tutorials are at:

BPC SurveyManager Tutorials

 We will be adding more as time permits.

The illustrated list of input controls is at http://riskwiki.bishopphillips.com/index.php?title=BPC_SurveyManager_-_Questions_and_Input_Controls

Among the new features recently added to the BPC SurveyManager libraries is a new password protected portal mode, so you can  now selectively surface surveys in each organisation to a simple portal without writing a portal survey of your own.   We have added more capabilities to the auto publish functions so that you can have anonymous responders for any survey by setting a flag, and impose login requirements per survey without adding user login questions at the start.

The portal mode will be particularly useful to teachers running classed based surveys, because you can now use the portal on a class wide basis in a school based computer for all students to concurrently access a class based survey without you having to publish to them first or send invitations.

There is lots more coming to survey manager over the next few weeks so keep tuned.   Among the changes coming to the SM library is a significant expansion of Survey Manager’s ability to directly interrogate and update risk, insurance claims and incident tables for those using BPC SurveyManager as part of their BPC RiskManager application suite.

The BPC SurveyManager Maintenance WebClient is getting some new features to expand the range of surveys that can be built with it.  We have kept it artificially simplified now for a number of years as it was always intended to be an entry point solution, but the increasingly complex surveys some of the heavier survey manager clients wish to create mean that we really must make more of the survey engines huge range of capabilities available in the web client.   We have recently completed an analysis of the types of clients using our survey technologies heavilly, and those of you making the heaviest and best use of the tech are also those attempting the most complex of surveys.  

The current web client just does not do the underlying survey engine justice and we feel it is time to really let it stretch its legs.   We will try and keep the over-all feeling of simplicity the same, and in fact some things will seem to get simpler because the current release tries makes some things just too mindless by doing a whole lot for you in the background.

Even so, we are told, our web client is still way more powerful than most similar survey clients, but if you like the current one, just wait for the enhancements coming.

Oh, and don’t forget, that we host surveys on our servers, so you can contract us to manage your survey needs on your behalf.  The service includes your own database, the survey engine, emailing invitations, the portal, at least daily backups, 24 hour monitoring, responder assistance, maintenance of the data and content and even assistance with creation of surveys.  All clients are encouraged to try out this extremely economical service as an alternative to doing it yourself.  The distributed nature of BPC SurveyManager means you can exchange surveys and data with our servers to feed back into your risk systems, for example (or just point your survey manager or risk manager clients at our servers in addition to using the web client).

In this release:

RM Server

• AD Active Directory Authentication with Groups – AD LDAP and WinNT authentication is now supported in AD.  WinNT is faster and supports groups, while LDAP is account lockout “safe”  but may not be able to check group membership. 
• AD Active Directory Authentication account lockout on bad password bug fixed.  Under the WinNT where max retries are set on account logins in AD, the user will be locked out if an incorrect password is supplied.  In this case you can use the AD LDAP provider. Groups may or may not be available (use the test program to find out), depending on how the AD access rights are defined.
• AD Active Directory Authentication now accepts OPTIONAL canonical strings for DC filters.
• AD Active Directory Authentication now accepts a flag to select LDAP/WinNT ADSI providers.
• RM Beta8 Bug fix:  Strategies can now be deleted again.

RM Client

• RM Significant speed up in risk, compliance and topic solver screens on risk scrolling.
• RM Risk calculations now update the summary assertion group for each risk
• RM Risk calculations now update and display audit ratings separately from self and reviewer risk ratings
• RM Risk Audit ratings can now have form edit and reading visibility defined.
• RM Risk Audit assessments now display in a dedicated rating level and can be edited in multiple locations.
• DM Refresh of browser list after detailed document record changes fixed.  (Auto-Refresh after document record insert is not yet available. You will have to use reload until then).

BPC RiskManager V6.2.5.18 – BETA8  Desktop client installer has been uploaded to the download site for those clients that need a desktop installer for internal distribiution on local networks. 

The file you need is :

BPCRiskManagerEnrimaV625_18Client_Setup.zip

You will need to unpack this and deploy the enclosed exe to whichever location/solution you are using to push desktop installers onto remote desktops.  The enclosed exe is a signed windows installer.  It should be recognised as an upgrade to any existing Build 14 install, but you can also uninstall the wny existing desktop and run this install as a fresh install as well.  Nothing will be lost on the desktop.

Clients patching full single user installations on desktops will need both this zip and the BETA8 zip to fully patch their desktops, although only the enterprise BETA8 zip is actually required to actually use the single user install.  

The patch in this update contains ONLY the desktop client for use where users do not have a full single user install on their desktops.  While you CAN install the client portion of the single user app with installer in this blog post, the result will mean that the desktop can talk to the remote server, but not the local server, until the server is also updated (from the BETA 8 zip).

There are no new capabilities in this update.  If you need an activeX version of this client build let us know and we will generate it, otherwise we might let it wait until BETA9.

Use your client credentials to login and download as usual.

We received an excellent specification from one of our clients – MFS – for a ‘Topic Based” view of compliance to augment the risk of non-compliance concept supported in the earlier BETA’s and we have integrated that concept into this release of Beta7.   

There are some new charts, report views and export capabilities to be brought into the system yet to complement the assertion views of risk so expect BETA7  to be rapidly replaced by BETA8 

In this release:

1. Main Features Added

• Document Management
• Topic View and Topic Solver
• Publishing Authorities
• Current and Residual Bubble Charts and Expanded MS Word export

2. Detail

• Vastly improved flow of control in Compliance Unit.
• New custom screen architecture to allow inclusion of user customised data entry and access views and other optional screens.  The MFS Topic Solver is the first such example.
• New configurable MFS Risk/Compliance Topic Solver Sub-system.
• New Document management with sections module.  A Document+Section  can be linked to each risk, and compliance questions/assertion tested against the documents.  The document management centre and finder support views of risks by document list, document, section list and section, with word export and drill through to risk details from the document centre.
• New Current and residual risk bubble charts with controls ratings views
• Revised chart screen presentation
• Revised and improved MS Word export from Chart screen.
• Associated new Administration and Setup-Profiles configuration screens.
• SurveyManager – New data entry modes and markup tags added
• SurveyManager – New anonymous and on-demand survey publishing support
• SurveyManager – Potentially annoying bug due to bug tracking system dependencies removed.
• Bug Tracking – The “Phone Home” behaviour of the RM bug tracking system has been changed to write a local log instead.  The phone home system was good where client networks allowed the message through (as some of you discovered when we phone you to tell you there was something wrong with your server, but too unreliable for general use due to the few clients allowing the transmissions.  We have therefore replaced it with a log file, in the temporary files directory so we can at least get the log data if needed. It is only written in the event of a critical system issue.

In this BETA our latest thinking on how a whole of organisation/government governance system should work starts to become clear.   The unique twist is that we are using the risk record to store risks, compliance obligations and compliance obligation events.  So every risk record contains all the information necessary for it to be a compliance record, and vice versa.  Thus every risk has a compliance view and every compliance issue has a risk view – and you can enter data into either view at the same time.  With the addition of documents and sections (for legislation, policy & procedure references, etc) each of which has at least one person responsible for it, you can also see all the compliance obligations + the calculated risk of the obligation breaches by document/section.  Combining this with the already existing other of ways of structuring risks (folders, master-child trees, documents, people, complex searches, etc) you can navigate and summarise the risk/compliance landscape from different angles and using differing ratings and tie it all back to the corporate plan.

Every risk or compliance item can have an indefinite number of groups of assertions/questions linked to it so differing teams can apply multiple and differing checklists and evaluation criteria to the same issue.  In this mode, risk-causes become factors explaining a less than optimal question response adding a layer of structure to a risks usually flat causes list, and each cause/contributing factor can have its own list of strategies / controls to manage / respond to it.   Thus the risk’s flat strategy list becomes structured by the causes of the risk.  Given that all this can be linked to a document and a section within that document (and the document and section have their own activation and update control responsibilities and tracking) you now have an additional set of ways to slice the risk/compliance data.

There is quite a bit more coming in this area as we surface the new corporate planning, compliance obligations, financial elements, and performance management modules progressively over coming releases.  There are a number of other components in the wings.  You may noticed the FlowCharting module with its script engine already in your client that has been there for sometime.  Apart from allowing you to draw and execute scripted multi-user flowcharts, the module is also intended to connect to hooks sewn through your database.  It has been waiting for the some of the other parts of the system to catch up, and you should soon see new flowchart views hooking the various objects  like risks, obligations, strategies, etc together.