Risk softwaRe

RepoRt 2017

thinking resilience

Market analysis In ever more

complex business environments, risk

software is being deployed to address

a widening array of challenges. David

Adams looks at the market p44

Building blocks of successful

integrated risk management Ladd

Muzzy describes how GRC software

can support each building block of a

genuinely cohesive programme p46

Product and features Your guide to

risk software products along with a

comprehensive table of features p48


Sponsored by


Nasdaq BWise provides leading software solutions for Risk Management,

Internal Audit, Internal Control, Compliance, Information Security, Business

Continuity Management and 3rd Party Risk Management.

Each soluon can be used as standalone or can

be seamlessly integrated within the GRC Plaorm.

Departments across an organisaon are able to work

from one common risk taxonomy, focused on business

objecves with a common language. Addionally,

the BWise plaorm makes it easier for companies

to idenfy, understand, measure and manage key

organisaonal risks on a holisc level.






strategic and



Lower risk

profiles and

incident costs

Better overall


Reduction of

GRC technology


Reduction of

the burden of


The #1 Governance, Risk Management and Compliance software solution


2017 Category Winner

Operational Risk & GRC


Risk Software Report 2017

Risk Software Report 2017 Market analysis

If vendors of risk management

software had been hoping for a

year that would show just how

unpredictable and risky our world is,

they really couldn’t have asked for

anything more than 2016 delivered.

While the unexpected political and

economic events of the year played out

alongside extreme weather, terrorism,

cyber attacks and other risk events,

providers of risk management software

saw their products deployed across a

broadening range of organisations

and projects. These wide ranging

deployments help users develop their

understanding and enhance their

management of risks; improve

efficiency, productivity and compliance;

and reduce operational and other costs,

including those relating to insurance.

Ladd Muzzy, principal and subject

matter expert at Nasdaq BWise,

observes that codifying the value

that risk management brings to the

business is something that is capturing

attention. Risk and risk management is

dynamic and having a software that is

nimble and flexible enough to respond

to rapid risk changes is essential to

effective risk management. He iterates

that governance, risk and compliance

(GRC) software is an enabler,

something adaptable by the end-user.

This ensures that risk management

practices are aligned with the changing

risk environment and assures that

all stakeholders (the business, audit,

executives, regulators) have holistic

information to make informed


It is still the case that larger

organisations, particularly in highly

regulated sectors such as finance,

energy, utilities and government, are

more likely than are smaller entities to

be using risk management software.

Gisle Bråstein, global product manager

for enterprise risk management

solutions at DNV, says his company’s

client base can be split into two groups:

organisations that face safety-critical

Market analysis

In ever more complex business environments, risk software

is being deployed to address a widening array of challenges.

The way in which the risks are being assessed and the tools

accessed is also changing. David Adams looks at the market

operational hazards, like energy

companies or airlines; and financial

sector companies, where the key

concerns are more likely to be issues

such as fraud or cyber security. But

across both groups, he says, there is

increased acceptance of the need “to

embed risk into decision-making”.

Bråstein believes the fundamental

challenge for every organisation trying

to do this is gathering and analysing

the relevant data. The need to meet

this challenge is often one of the most

important reasons why an organisation

moves away from the use of

spreadsheet-based risk management to

a solution-based approach. The need to

do so becomes ever more pressing as an

organisation’s operations become more

complex, particularly if it is operating

in multiple geographical locations.

Angus Rhodes, product marketing

and business development at Ventiv,

sees similar trends among his client

base. He believes the drive to consider

using risk management is also often

part of a more wide-ranging review

of corporate governance processes in

general, with one important driver the

need to reduce costs.

Yet it is still organisations that face

risks that could have the greatest

impact on society and the physical

environment that are most likely to be

using risk management software, says

Mark Brown, vice-president of software

solutions and services at Active Risk.

His company’s software enables

organisations to use a focused projectbased

form of risk management, within

an enterprise risk management (ERM)

approach designed to improve overall

operational GRC; and counts Lockheed

Martin, Rio Tinto, Skanska; and

government organisations such as the

US Department of Homeland Security

and the UK Ministry of Defence among

its client base.

Anagold Madencilik, part of Alacer

Gold Corporation, has been using the

Active Risk Manager (ARM) solution

to manage risks at its Çöpler Gold Mine

in Eastern Turkey. John Ebbett, project

director for Alacer Gold, says the

company values the way the solution

tracks project risks and compliance

requirements, with tools for advanced

risk scoring and analysis to help

prioritise risk mitigation activities.

He points in particular to the way

the solution uses information drawn

directly from frontline employees

to identify emerging risks and to

highlight the relationships between

risks; information then presented to

44 January 2017 cirmagazine.com

Risk Software Report 2017

managers through dashboards and

reports. “This functionality has enabled

the team to take an upside view of risk

and identify opportunities throughout

the project, delivering opportunities

with financial benefits of several

millions of dollars,” says Ebbett. “The

insight provided has delivered immense

value to this project and has helped

to raise the profile of project risk and

the importance of managing it across

the organisation.”

One recurring theme in the

development of these technologies

in recent years has been a focus on

making the software more userfriendly,

to enable employees across

an organisation to use the solution,

so assisting the process of gathering

risk information.

Brown lists the different job roles

within organisations where individuals

may now be using the software,

from risk managers to engineers and

frontline staff who actually own specific

risks, to senior management and board

members. This means there needs to

be a flexible user interface, able to suit

these different audiences.

Ross Ellner, managing director,

EMEA, at provider Riskonnect,

emphasises the value of an end user

organisation being able to configure

the system easily to meet specific

requirements. He says its product

has been designed to allow end

users to make over 90 per cent of the

configuration changes to the software

themselves, with assistance from a

provider only required for the most

intricate one-off changes.

New ways of working

The way the solutions are used has also

changed: many providers enable end

users to access the device via mobile

technologies; many solutions can be

delivered on a software-as-a-service

(SaaS) basis, or via other cloud-based

platforms. This can offer cost benefits

and flexibility in terms of user access.

Specialised forms of risk

management software are also

continuing to evolve. HawkSight, a

customisable security risk management

tool, is attracting interest among

smaller organisations that may have

used spreadsheets to manage security

risks in the past, but can see the value

in using software to do so, according

to HawkSight managing director, Paul

Mercer. Other end users include larger

organisations operating in multiple

locations, including corporates,

hotels, airlines and energy or

construction companies.

Mercer says this sort of software

delivers include a more consistent

way of evaluating and managing

security risks; and more effective

communication between security

functions and senior management.

His solution also provides risk

mapping and visualisation tools,

allowing security managers to see

very quickly the status of incidents

and risk management progress across

different geographical areas.

End users include the British

Council in Nigeria, the largest British

Council operation in sub-Saharan

Africa, with four main offices and over

200 staff. It runs multiple education

and development projects across

the country, sometimes in areas that

present significant safety risks.

Lucy Pearson, director of business

services for the British Council

in Nigeria, led a review of the

organisation’s security risk management

strategy when she began her current

role in 2014. The aim was to create a

security risk management framework

that would inform decisions over

bidding for specific projects financed

by the UK Government or the EU, as

well as enabling detailed planning for

security risk mitigation.

“We now do that at a really granular

level,” says Pearson. “What’s the

activity? Who’s taking part? What’s

the risk environment? We look at that

against a risk appetite we’ve defined,

looking at controls we need to put in

place to go ahead safely and securely.”

The organisation spent a year

planning and designing the security

risk management framework and a

further year going through software

implementation and training processes.

Pearson claims that within the first

six months of the project going live it

had enabled the organisation to win

over £500,000 worth of new business;

and that it is helping to drive doubledigit

growth in the numbers of people

working on educational qualifications

in high risk areas of the country. “It has

enabled us to deliver projects in places

that previously would have been no go

areas,” she says.

Increasingly, risk management

technology is also being integrated

into other business systems, to help

organisations consolidate control

of overall GRC processes and risks.

A capability to integrate data from

multiple systems is a vital part of

providing senior managers with a

single version of the truth within their

organisations, according to Ellner. “The

most common integrations we see are

between risk, audit and compliance,

with a heightened interest from

business continuity management and

strategy,” he reports.

And there is evidence that risk

management software can help

organisations reduce insurance costs.

Brown claims that at least five major

Active Risk customers have enjoyed

significant savings on insurance costs as

a result of their investment in ERM.

The need for risk management

software and the potential benefits it

can provide are clear; and the variety

and capabilities of these solutions each

continue to increase. While 2017 may

be met with some trepidation following

the turmoil of 2016, risk software

providers, and their ever wider client

base will be arguably better placed to

prosper throughout the coming year.

Risk Software Report 2017 Market analysis

cirmagazine.com January 2017 45

Risk Software Report 2017

Risk Software Report 2017 Market analysis

Building blocks of successful

integrated risk management

Risk management is an integrated

subject, spanning across all

aspects of the business – both

support functions and audit. It is

imperative for compliance to have a

strong understanding of laws and

regulations; IT requires an

understanding of the risk effects on

critical assets; finance needs assurance

of the controls surrounding financial

reporting; and the list goes on.

A challenge to integrating risk

management for the organisation

is that edicts vary, skill sets differ,

approaches diverge and budgets for

supporting technology and services

are fragmented. The result is an

amalgamation of disparate practices

and information that ends up confusing

executives, regulators, and other

stakeholders. An integrative

GRC strategy coupled with some

holistic thinking and software

that facilitates an integrated

approach, can help operationalise

and bring value to an organisation’s

risk management practices.

There are five building blocks of

any successful risk management

programme that a leading class GRC

software can support:

Truly integrated risk management is a major challenge for many

organisations. Ladd Muzzy describes how GRC software can

support each building block of a genuinely cohesive programme

unified across functions. There has

to be a mechanism to take detailed

decisions on definitions ensuring

consensus between the groups with

initial design of taxonomy and the

maintenance going forward. After

a unified risk language is defined

and implemented, everyone speaks

the same language. Subsequently,

integrated reporting can be introduced

offering a ‘single version of the truth’ to

management and stakeholders.

Educate the business

Risks that have a significant impact

on the business are usually a result of

incidents occurring along the value

chain, like a snowball gathering size

down the mountain. The second and

third lines of defence must learn to

collaborate to extrapolate how risk

data exists within business activities

and processes. Moreover, the business

may have little understanding how its

activities create risk for the organisation

1. Common taxonomy

2. Educate the business

3. Backward testing and

forward thinking

4. Measure outcomes and be relevant

5. Integrated GRC technology

(IRM platform)

Common taxonomy

The language to define risks, controls

and other GRC elements should be

46 January 2017 cirmagazine.com

Risk Software Report 2017

as a whole. There should be an

expectation that just as risk data

is collected from the business, the

second and third lines of defence

should be educating the business

about risk and control. This assures

accountability, economies of scope,

economies of scale in the control

environment, assures control

diversification effects are recognised,

and as appropriate, reflected in capital

calculations. A GRC solution can

provide the foundation for risk and

control creating the foundation of

awareness to optimise control spend

and management activity.

Backtest and be forward thinking

GRC software creates and audit trail,

or a history of risk data and how it has

changed over time, based on items

like risk and control assessments and

mitigating actions. These tell a story.

It provides the means to evaluate

whether a risk control and management

philosophy would have predicted

the actual results. This is helpful in

evaluating whether the existing risk

management methodology would have

adequately predicted the criticality of

risk. Moreover, the structured data

within the GRC system can act as a

means to extrapolate new scenarios

of risk. This is useful when stressing

criticality assessments of risk and/or

creating new risks that the organisation

may not have experienced. The

conclusions of these evaluations lead to

substantiated reasoning for increased

control and management investments

(including bases for insurance) to

thwart unwanted exposures.

Measure outcomes and be relevant

Risk management functions are

often unfortunately seen as overhead

functions, adding little perceived

value to the business. Risk and

control data need to be explicable

and tied to business performance

objectives. GRC software provides

the basis for analysing and providing

the detail of risk and control data

to make it meaningful and tie it to

what the business is trying to achieve.

Metrics such as key risk, control,

and performance indicators (KRIs,

KCIs, and KPIs respectively) can all

be created and supported through

the GRC solution. Historical data

can be used in trending to predict

future exposures, or for that matter,

where the control environment can be

relaxed. Moreover, the data from the

GRC system can be used to inform

risk assessments, support the second

line-of-defence’s challenge function, or

to substantiate the efficacy of exposure

from a new product or service. Risk

management functions need to move

away from the perception of ‘police’

to ‘partner’, working with the business

to understand its risks, control and

management options, and to support

business growth.

Integrated GRC platform

A GRC software must support,

enable, and sustain the organisation’s

risk management practices. Each

aspect of the lines-of-defence has

a methodology that enables it to fit

within the other like ‘pieces of a puzzle’,

to inform the overall profile of the

institution. Although each part of the

lines-of-defence may approach risk

management differently (ie. different

tolerance levels, assessment methods,

controls), the underlying data must be

structured in such a way that it can be

reported on centrally. An integrated

risk management software solution

can piece together information from

varying parts of the organisations to

create a holistic picture of risk.

Software enables and supports

the risk management process. The

software’s power is in utilising it in

such a way that it provides insight.

Configuration, automating data

input, and ‘just-in-time’ reporting

functionality are a few of the

software capabilities that support

the organisation’s risk management

taxonomy. Thus providing education to

the business, backtesting and scenarios,

and measuring and producing relevant

outcomes. Ladd Muzzy is principal at

Nasdaq BWise, and has over twenty

years’ experience in developing,

implementing, and coordinating

risk management programmes.

Ladd Muzzy is principal at

Nasdaq BWise

Risk Software Report 2017 Market analysis

cirmagazine.com January 2017 47

Risk Software Report 2017

Risk Software Report 2017 Products

Your guide to risk software

Risk Software Report

Nasdaq BWise

Nasdaq BWise provides solutions for governance, risk

management and compliance (GRC) which enable organisations

to support their GRC functions, streamline their GRC processes,

and report to stakeholders.

The BWise® GRC Platform offers world class role-based software

solutions for risk management, internal audit, internal control,

regulatory compliance, information security, business continuity

management and third party risk management. Each solution

can be used as standalone or can be seamlessly integrated within

the GRC Platform. Departments across an organisation are able

to work from one common risk taxonomy, focused on business

objectives with a common language. Additionally, the BWise

platform makes it easier for companies to identify, understand,

measure and manage key organisational risks on a holistic level.

Customer benefits include increased corporate accountability;

improved financial, strategic, operational efficiencies; lower risk

profiles and incident costs; better overall performance; reduced

burden of compliance; and reduction of GRC technology costs.

Due to the seamless integration of all the software solutions,

CEOs will have greater transparency and are in total control of

financial and reputational risks while having greater oversight of

company-wide risk mitigation and compliance action plans in

one integrated system. The CFO benefits from increased

financial and operational control of cash flow related risks, such

as fraud, operational losses and business continuity. BWise also

enables the corporate secretary to monitor and manage corporate

governance and compliance matters, and codes of conduct.

BWise® Internal Audit supports the end-to-end audit process

by providing rich and complete functionality, user friendliness

and powerful reporting capabilities. It supports each step in the

audit cycle, from maintenance of the audit universe to planning,

preparation, work paper management, reporting, and finding

and issue tracking. Audits can become even more powerful by

coupling it with BWise’s audit analytics solution, which enables

users to create, edit, and execute unique formularies to analyse

business and operational data.

BWise® Risk Management is easy to use, and highly configurable.

It covers all aspects of the risk management process including

risk identification, risk assessment, key risk indicator/metric

management, loss and incident management, and action management;

with powerful dashboards and reporting. While most risk

management processes are iterative, this tool offers the flexibility

to perform any part of the process at any time. This enables the

business and risk management functions to react quickly as the

risk profile changes. The solution also enables users to configure

the software to align to the unique risk management needs of the

organisation. In a rapidly changing risk environment, having a

malleable tool to adjust framework elements like risk tolerance,

heat maps, workflows and policies is critical to sustainable success.

Configurability offers an enormous advantage over custom

coding, which can take months to develop and incorporate and

can be difficult and costly to adjust to the ever evolving risk

management requirements. This tool addresses enterprise risk

management; operational risk management; vendor risk

management; and IT risk management. Following ISO 31000

ERM methodology, COSO ERM, among others, BWise clients

keep a keen eye on their key organisational risks.

BWise® Compliance and Policy Management supports the endto-end

compliance process and helps compliance teams quickly

identify company policies and business processes directly impacted

by each regulation. BWise gives enhanced visibility on internal

compliance activities and real-time regulatory alerts from various

sources, such as StateScape, ERC Portal, FINRA, UCF and many

others. Compliance teams can then determine whether to engage

business process owners using targeted compliance assessment

campaigns and action plans to remediate compliance issues as

efficiently and effectively as possible.

BWise® Information Security helps organisations establish, implement,

maintain and continuously improve their information

security management systems. Standards like ISO27001, NIST,

COBIT and PCI DSS are used as reference. BWise InfoSec brings

together these standards into one solution with one process and

one library to manage. The optional BWise InfoSec data analytics

solution can integrate with other third party software applications

like Vulnerability Scanners and Baseline Analyzers.

BWise® Internal Control is a software solution that supports the

end-to-end internal control process, from planning to reporting.

The methodology behind the internal control software solution is

built on leading practice and can be easily configured by the end

user based on the unique developmental and functional needs of

the client.

The internal organisation can be catalogued to capture the

organisational structure, including roles and responsibilities.

From there, the internal control framework can be codified –

defining organisational objectives, process documentation, and

identifying and assessing risk. Internal controls can be organised

into a library, forming the basis for the control assessments,

review, and any ongoing monitoring or remediation efforts. For

example, BWise then enables the performance of a full design

effectiveness test at the required level of detail and the required

regularity. Then the operating effectiveness of key controls is

tested by BWise, either through manual or automated testing.

Actions to address issues can be tracked and validated.

Lisa Cunningham – Business Development Manager

+44 (0)7931 937801 / lisa.cunningham@nasdaq.com


48 January 2017 cirmagazine.com

Risk Software Report 2017

active risk manager

Sword active risk

Sword Active Risk supplies enterprise risk

management software that drives business

performance and corporate growth by providing

management and the board with information

that supports more informed decision making.

The Sword Active Risk approach to enterprise

risk management (ERM) is designed to enable a

more holistic view of risk, linking the risk

management process with business planning

activities. As such, from managing project and

programme risk through to strategic business

planning, Active Risk Manager (ARM) can help

organisations identify, analyse, control, monitor,

mitigate and report on risk across the


ARM addresses the risk management needs of

the entire organisation across operational risk

management; project risk management;

governance and compliance; and opportunity


The latest version, ARM 9, delivers a raft of

additional collaborative working functionality.

The full solution portfolio comprises ARM

Core; ARM Risk Express; ARM Risk

Performance Manager (RPM); ARM Risk

Connectivity; ARM Apps; ARM Unplugged;

and ARM Cloud.

ARM Risk Express provides a highly intuitive

interface for business users, presenting risk

information in an editable grid format, with

dials and filters that enable users to update

information quickly and easily within seconds,

as well as providing a more detailed, in depth

view of risks. Risk Express is fully integrated

with the ARM core platform, which helps to

maintain data integrity, governance and


ARM is supplied with a library of standard

reports and Risk Performance Manager (RPM)

provides the ability to create dashboards, tables,

charts and matrices without the need for

specialised IT or report writing knowledge.

RPM can also be used to connect to an online

community of risk professionals to share

knowledge and exchange templates.

While key administration and risk management

personnel can choose from a variety of training

options, most end users will need only minimal

training because of the intuitive nature of the

software. ARM can be supplied on-premise or

as a hosted solution through Amazon Web


ARM is deployed by such organisations as

London Underground, Crossrail, Lockheed

Martin, EADS, US Department of Homeland

Security, UK MOD, Saudi Aramco, Rio Tinto,

TSB, Bechtel and Skanska.




CalQRisk is a fully integrated and end-to-end

GRC management information system,

featuring risk assessment, action management,

incident management and complaints

management modules; control verification /

compliance monitoring, compliance estimation

and audit functionality; as well as configurable

calendars, an interactive executive-level

dashboard and a large suite of exportable


Central to the functionality of this product is

the CalQRisk knowledge base of risks and

associated controls, which it states are

continually maintained in line with best

practice, industry standards and evolving legal

and regulatory requirements, helping user

organisations to maintain a risk and compliance

position that is appropriately aligned with

objectives and risk appetite. Aligned with ISO

31000, risk assessments and reports can be run

in a consistent format.

Delivered in the cloud, CalQRisk can be

accessed by a number of stakeholders,

representing a single point of reference through

which to gather intelligence from across the

organisation while identifying, assessing,

managing, monitoring and reviewing the

organisation’s risk and compliance position.




Ideagen is a global provider of integrated

enterprise GRC software, with many its clients

operating in highly regulated, high risk

industries. Ideagen’s cloud-based performance

and risk management software, Covalent,

manages the entire lifecycle of risks, supporting

planning, and provides board-level assurance on

the effectiveness of internal controls for

mitigation, governance and compliance.

Covalent’s visually rich dashboards provide an

at-a-glance understanding of problem areas and

tools to manage corrective and preventative

action, aimed at giving managers the business

intelligence to make and execute better


This tool’s providers say the product offers

seamless synchronisation of risk assessments,

actions and KPIs, and can transform static data

into dynamic plans, to deliver assurance on

internal controls and limit a risk’s impact on the

business. It also measures progress against key

targets to ensure priorities are met with clear

lines of accountability. This product is designed

to deliver a powerful workflow and task

management system that provides early

warnings and helps to manage corrective action,

in a thorough and effective manner, through to


Covalent provides business management

features including action and project planning,

performance, incident, and audit management

through a wide variety of modules.

Compatible with any device, Covalent

constantly monitors status changes, like

trending risks or missed deadlines and alerts

nominated owners when things change,

Risk Software Report 2017 Products

cirmagazine.com January 2017 49

Risk Software Report 2017

Risk Software Report 2017 Products

allowing users to take quick, remedial actions.

This product is designed to deliver a

performance-orientated risk responsive culture

at all organisational levels, and is popular

among businesses, in further education,

healthcare, and government.

Features planned for release this year include

improvements to the appraisals and policies

modules, enhanced performance indicator

querying, infrastructure improvements, and a

single sign-on feature across all products and

devices, among other new features.


figtree systems

ntt data figtree systems

NTT DATA Figtree Systems is a specialist

software provider for Risk Management

Information Systems. This system is used

globally for incident and OH&S management,

claims management, corporate insurance and

employee benefits management, fleet and asset

management and enterprise risk management.

Using system features including workflow

automation, document management and

creation, reports and dashboards, smartphone

and web-based data capture and email

notifications, user clients have increased

productivity, lowered costs and improved their

risk management processes. The configurability

aspect of the system ensures that variations in

business processes are catered for easily.

The system is available in the traditional clientserver

model as well as a SaaS model from ISO

27001 compliant datacentres. Incident and

OH&S management provides an easy way to log

an incident or hazard from either a mobile

device or a web browser. An initial incident

notification would only require that some basic

details be filled in. Configurable workflow rules

notify relevant personnel to review the forms.

Claims management processes, including first

notification of loss, reserve-setting, payments

and recoveries are comprehensively covered by

the system. Loss adjusters and insurers can also

collaborate in this process. All types of claims

including motor, property, life and disability,

liability and workers compensation claims can

be managed using this system.

This tool performs corporate insurance

management functions such as maintaining

local and master policies with aggregate,

deductible and excess values, maintaining

country-wide asset and exposure lists,

generating certificates and invoices and

performing annual renewals. Credit risk claims,

employee benefit covers, policies and master

agreements can also be managed.

The enterprise risk management process of risk

assessment, risk treatment, risk monitoring and

risk reporting can also be performed using this

product. A graphical matrix of severity and

impact gives a summary of risks at business unit

levels, as well as the enterprise level.


hawksight software

hawksight srm

HawkSight Software is a security risk

management tool that aims to save time,

improve consistency of risk analysis and

mitigation whilst delivering a strategic overview

of entire portfolios in a single platform.

HawkSight Software facilitates consistency,

continuity, compliance, collaboration and

communication from strategic decision making

to operational delivery.

The product has drill-down capability to

regional, national, city or project level. Project

colour-coding and geo-location provides instant

visual representation of risk levels held.

This product quantifies values of security spend

at every level; models and simulates variables to

increase or reduce risk vs investment; uses a

common language to enhance communication

between business leadership and risk owners;

prioritises critical business risk mitigation

requirements; facilitates a collaborative

approach and complements organisational

approaches to ERM through integration or

parallel operation.

A recurring annual subscription to hosted

software includes five named user licences,

initial set-up and ongoing support.

Bespoke deployment and integration is available

and can offer customisation and configuration

to meet specific business needs; on-premise

deployment or third party infrastructure;

compliance with IT security policy; database

requirements and GIS integration.

HawkSight SRM software is designed to be fully

customisable and scalable. ISO 31000

compliant, this product is endorsed by Lloyd’s

Register Quality Assurance.

Upgrades scheduled for release in late 2017 are

expected to include multiple layer dashboard

mapping, with a number of new features.


jcad core


JC Applications Development has been a market

leader in the development and implementation

of software for risk management and claims

processing for over a quarter of a century, and

has a large client base of over 200 organisations

from a diverse range of industries and the

public sector.

JCAD CORE is offered as a simple to

implement and cost-effective solution for risk

and compliance management. Simple to use, all

stakeholders are thus able to participate in the

risk management process. This product is

designed to help users proactively identify,

50 January 2017 cirmagazine.com

Risk Software Report 2017

monitor and mitigate risk; ensure corporate

governance; capitalise on new opportunities;

drive effective business strategy and improve


Features of JCAD CORE include multiple

registers; performance metrics; interactive

dashboards; configurability and automated

alerts. As a web-based solution it is suitable for

both small and large organisations.


jcad lachs


JC Applications Development has been a market

leader in the development and implementation

of software for risk management and claims

processing for over a quarter of a century, and

has a large client base of over 200 organisations

from a diverse range of industries and the

public sector.

JCAD LACHS is a market leading claims

handling system that aims to enhance efficiency

and streamline the claims handling process. The

way in which claims are handled is constantly

changing, and this provider continually

develops its products to comply with changing

market needs. This product is designed to help

users efficiently process claims in-house; view

data and generate reports easily; reduce claims

and insurance premiums; maintain historic

data; enable powerful and flexible reporting and

improve efficiency and productivity.

Features include a range of additional modules

and central data management. This off-the-shelf

system is scalable and intuitive.


maclear egrc suite


Maclear offers comprehensive enterprise

governance, risk and compliance solutions and

services to help users evaluate their needs, adopt

best practices and implement GRC automation.

The provider’s global client base includes

banking, financial services, insurance,

healthcare, retail, manufacturing, education and

energy companies. Using a modular approach,

customers can start with as little as one module

and, as their GRC programme matures, scale up

with additional modules. Through powerful

analytics and trending, this provider’s

methodology is designed to help customers

rapidly consume large volumes of risk data from

multiple sources simultaneously. This data is

then quickly analysed based on the customer’s

risk tolerances, mapped to specific assets and

prioritised for remediation activities in a single

central repository.







Do you have control of your risk

and QHSE management?

With Synergi Life software you have all

the tools you need to manage QHSE

non-conformances, incidents, risk,

risk analyses, audits, assessments and

improvement suggestions.

Want to learn more?

Visit dnvgl.com/synergilife


Risk Software Report 2017

magique galileo

magique galileo software

natural workflows and processes, which is

aimed at helping to make complex information

accessible, understandable and actionable.

origami risk

origami risk

Access to this system is available anytime, from

anywhere, on almost any device – tablet, laptop,

or desktop. Marsh ClearSight was designed to

seamlessly integrate data from multiple internal

Risk Software Report 2017 Products

Magique Galileo if a fully integrated web-based

system for ERM and internal audit.

Magique is a feature-rich web-based risk

management system designed to assist

organisations with record, evaluate and manage

their risks.

In addition to the risk register and an emerging

risks register, there are options for loss events/

incident management, for scenario analysis, a

questionnaire system for control self assessment,

a policy compliance system to monitor

compliance with regulatory requirements and

an action tracking system for recording and

tracking of further required actions from any

part of the system.

This system is used by over 200 customers, with

users ranging from five to over 1,000.

Galileo is the optional internal audit modules

covering risk-based auditing, audit

management, resource scheduling, work papers,

compliance questionnaires, issue tracking and

extensive KPI/MI reporting.

Magique and Galileo can be used independently

or fully integrated to support a risk-based audit

methodology. Both systems can be configured

to the user client’s chosen terminology and



marsh clearsight

marsh clearsight

The Marsh ClearSight Platform was designed to

make the job of risk and claims professionals

easier, faster and more effective. Quick to learn

and easy to use with features that are both

intuitive and reliable, users can follow their

and external data sources, including carriers

and third-party vendors, as well as HR and

finance departments.


metricstream risk

management solution


This product provides an integrated and flexible

framework for documenting and assessing risks,

defining controls, identifying issues and

implementing remediation plans.

This product is not designed to support or

process insurance claims, policy and premium

management and renewals.

The solution is used for managing enterprise,

operational, compliance, IT risks, vendor,

reputational risks. It provides in-depth, realtime

insights into changing business conditions

and risks that could impact a business.

The M7 platform delivers an improved user

experience, high configurability, mobility,

powerful analytics, and a future-ready

architecture for GRC. The MetricStream

integration framework has the capability of

integrating with external systems using its data

integration engine.

Available on-premise or in the cloud, technical

support is available 24/7 from support centres

around the globe. MetricStream’s commercial

models are based on the number of application

modules and number of users. The primary

model is subscription-based with some

exceptions on perpetual licencing.


Origami Risk’s Risk Management Information

System, Claims Management System and Policy

Management System were designed to offer

speed, flexibility, automation, data import and

export tools, claims management tools, analysis

and reporting tools. Users deploy this product

to carry out property values collection; claims

administration and incident intake; policy/

programme management; claims, internal and

safety audits’ governance risk and compliance;

captive management; reporting and analytics;

and asset and fleet management. This product

has the versatility to interface with multiple

systems, including those of TPAs, insurance

carriers, brokers, agents, banks and payroll

providers. Users can capture, import and

analyse information from various external and

internal sources, databases and spreadsheets to

understand and analyse loss trends, pinpoint

cost drivers and identify best practices.

Origami Risk’s data export features enable

clients to share timely information internally

and with key providers to promote safety, and

allocate costs to operating units and individual

cost centres. Other features enable clients to

manage documentation, contracts and

insurance policies more effectively.



risk decisions

Predict! was designed to provide a closely

integrated combination of a browser accessible

central risk and action management database

with a Monte Carlo analysis tool.

Comprehensive, multi-level reporting,

transforms this data into the information

required to make decisions and gain assurance.

Predict! 5 is a complete and fully integrated risk

management, analysis and reporting package,

52 January 2017 cirmagazine.com

Risk Software Report 2017

comprising Predict! Risk Controller – for

capturing, assessing, managing and reporting

on risks, issues, opportunities, and their

associated controls, mitigation / fallback actions:

project, programme, portfolio, enterprise;

Predict! Risk Analyser – Monte Carlo analysis

for determining contingency budget, and

determining the real likelihood of meeting cost

and schedule objectives; Predict! Risk Reporter

– allows users to tailor their own report

templates for use from within Predict! Risk

Controller; Predict! Risk Controller Lite –

designed to make risk management easy with an

MS Excel interface to Predict! Risk Controller;

and Predict! Connect – which pulls data out of

Predict! Risk Controller for integration with

corporate reporting tools.




Quantate’s products are delivered in a SaaS

environment and accessed via a personal

dashboard. Dashboards show personal

information such as key responsibilities, tasks to

perform, their reports, and issues raised or

escalated for their attention as well as jump off

points to the relevant parts of each application.

Quantate Risk provides a platform that enables

organisations to record information and

monitor activities that are consistent with the

principles and guidelines of ISO 31000, the

standard for risk management. Quantate

Compliance is a web application that provides a

platform for the management and monitoring

of obligations. Quantate Project has been

designed specifically to support the

management of project risk. It uses Monte Carlo

techniques to quantify project risk, both cost

and schedule. Safety Kit is a complete package,

one that fulfils the requirements of a best

practice health and safety framework. Licencing

for this product is offered on an enterprise-wide

basis and is independent of number of users.

Options for users to arrange third-party access

are available.




Riskonnect provides a flexible, robust, and fully

integrated risk management work platform,

configured to meet each client’s specific

workflow, processes and reporting needs. This

centralised database and analytics system

provides for a secure, online reporting

environment with a simple user interface that

allows clients to create, modify and manage all

workflow rules, custom data fields, screen

designs, user security, and other system

configurations necessary for important daily


Riskonnect RMiS is an innovative approach to

incidents, claims, litigation, exposure, property,

including COPE, policy management and asset


With Riskonnect EHS, risk managers and safety

professionals are better positioned to provide

actionable business intelligence to senior

management and key stakeholders.

Riskonnect EHS provides integrated risk

management solutions, combined with business

intelligence – all on one risk management work


Riskonnect GRC is a comprehensive, webbased

system that gathers diverse risk data

from across the enterprise in a highly visual

manner so that risks are more easily identified,

assessed and managed.

Riskonnect’s Healthcare Work Platform enables

the complete handling of healthcare risk

management, quality of care, patient safety, and

employee management. The system brings

together many disparate operations that

traditionally have been supported by individual

applications. The Riskonnect Healthcare Work

Platform helps support the reduction of risk and

helps risk managers to ensure safety processes

are in place to provide greater attention to; and

areas that will increase patient safety and

improve patient outcomes.

Customisable, easy to use, and accessible on

mobile devices, it is easy to pull up and

complete a short form to report an event,

meaning it won’t take much time away from

clinicians to provide patient care.

Reporting is designed to be easy with this userfriendly



risksense platform


RiskSense provides users with a proactive cyber

security risk management tool that

contextualises internal security intelligence,

external threat data and business criticality.

This product automates previously manual

processes, helping user organisations to reveal

imminent cyber risks, increase the productivity

of their limited cyber security staff, and

minimise attack surface exposure.



acuity risk management

Key features of STREAM include integrated risk

and compliance management for easy

management decision-making; flexible

configuration; measurable return on investment;

reports, benchmarking and real-time views of

risk and compliance status.

Typical use cases provided by STREAM include

automated risk registers providing easy access

for business managers to log, assess, monitor

and manage their material business risks.

Workflow and scheduling allows progress to be

tracked and reviewed, while dashboards,

graphical reporting and custom report building

provides easy ‘at a glance’ information on risk

status against tolerance and appetite.

Risk Software Report 2017 Products

cirmagazine.com January 2017 53

Risk Software Report 2017

Risk Software Report 2017 Products

Risk and control self-assessments can be carried

out against user-defined frameworks or

preconfigured content provided by Acuity.

Responsibility can be passed to business and

technical managers, suppliers, auditors and

other stakeholders who need to assess, approve,

accept or monitor risk and compliance status.

Remediation workflow and reporting allows

progress to be monitored and STREAM’s Risk

Delta functionality provides business risk-based

prioritisation for improvement programmes.

Vulnerability scans, penetration test results and

control metrics can be imported from external

data sources, such as scanning and monitoring

systems, and used to update the business risk

and compliance status in real-time as well as

monitoring and reporting on key indicator

performance and trends.

Through its real-time dashboards and workflow

functionality, STREAM helps to ensure that

vulnerabilities are alerted to appropriate

technical staff quickly to allow for efficient


Integrated management systems can be

established and managed using STREAM. For

example, a cyber security or information

security management system might require a

combination of: risk registers fed by cyber

security threat intelligence; risk and control selfassessments

against security control

frameworks; automated feeds from security

scanning and monitoring systems; and logging,

monitoring and management of incidents and


synergi life

dnv gl

Driven by its purpose of safeguarding life,

property and the environment, DNV GL

designs products that enable organisations to

advance the safety and sustainability of their


Synergi Life is a comprehensive risk, quality,

EHS and operational integrity management

solution. It is used by more than 400 companies

worldwide, with 800,000 users globally across a

number of industries, including energy,

healthcare, transport, local government and


The application is translated into more than 25

languages and supported through the global

DNV GL organisation.

The product provides business units and the

company management with all the information

they need to be able to prevent unacceptable

risks, share lessons they have learned, and

manage corrective measures and actions.

The application provides companies with the

ability to share and roll-up data across complex,

multi-layered organisations, allowing them to

recognise trends and ensure compliance with


riskhive enterprise risk


riskhive software


Founded in 1999, riskHive is a global provider

of web-based software solutions for the analysis

and management of risks, assumptions, issues,

and dependencies (RAID) and desktop software

solutions for the analysis and control of costs

and schedules.

The riskHive Enterprise Risk Manager is a cloud

-based risk database that manages risk,

opportunity, assumptions and trends data in

one place. The riskHive was designed for users

wishing to implement a simple way of

centralising risk data and reporting. The

application is also an online assurance

repository for Excel spread sheets that assess,

analyses and tracks changes to inputs and

formulae for audit and assurance purposes.

This product can run automated shock tests and

report on the sensitivity of output to input

deviation, allowing the exploration of input

range scenarios. This application replaces the

need for expensive actuaries and modellers to

manually audit and report on spread sheet

content tracking.


thesis bowtie

abs group

STREAM scales to support multiple, integrated

management systems within a single database

providing consistent enterprise-wide GRC

applications including cyber security; health,

safety and environmental; supply chain;

business continuity; project and quality

management, and ERM.

A free downloadable version of the software can

help users to configure a GRC solution suitable

for their organisation.


Synergi Life reduces costs by improving the

efficiency and effectiveness of the operational

risk and incident management process. DNV

GL’s product is a module-based solution

designed to meet the demands from both

reactive indicators and proactive initiatives.

These modules can be used as standalone

solutions or in combination of several modules

that contribute to a total risk and QHSE

management solution.


THESIS was designed as a cost-effective and

reliable way of assessing the diverse risks facing

an organisation. This software integrates with

risk management to promote safety, reliability

and business continuity across the enterprise.

Developed to assist risk managers and

stakeholders in their decision making process,

THESIS delivers a simplified and

comprehensive risk management solution for

mapping threats, risk events and consequences

54 January 2017 cirmagazine.com

Risk Software Report 2017

at all levels of an organisation – from the frontend

engineering design stage through to

operations and decommissioning.



ventiv technology

Ventiv helps users to effectively manage the

entire data lifecycle from collection to

consolidation and reporting. The Ventiv

offering includes flexible online and mobile

intake forms that make it easy for external/field

users to report and notify from any device,

including offline options; data conversion that

allows for one-time, regularly scheduled and

real-time consolidation of historic and current

data from multiple sources; business process

and workflow management tools, including

alerts and reminders to track progress;

comprehensive reporting and analytic tools,

including dashboards, for insights and business

intelligence; a full range of international

support, including multilingual and multicurrency,

to allow global deployment and usage;

and a secure private cloud solution, with a

single-source, fully accountable technology

infrastructure certified to ISO 27001 security

standards. A modular system can be configured

to meet bespoke needs, while self-service tools

allow users to tailor the system. Modules cover

risk activity areas including ERM, risks, controls

and treatments; incidents and claims; safety;

renewals and submissions; assets and exposures;

cost/premium allocations and calculations;

insurance programmes and policies, including

certificates; risk engineering survey and

recommendations; and audits and assessments.




Webrisk was originally conceived to support the

complex needs of the insurance and risk

manager, and has since grown to embrace the

needs of broader risk management. Over 80

global clients use the product to gather,

consolidate and analyse insurance renewal

information; control and manage policy

portfolio; automate the implementation of

survey recommendations and handle incidents

and claims, create and implement dynamic risk

registers and manage risk programmes. Webrisk

is updated regularly to provide reporting and

analysis tools and mobile integration. This

product is a fully hosted solution, simplifying

implementation. It is also offered on an

unlimited user basis, encouraging as broad a use

of the system as possible. Most clients deploy

Webrisk as a branded risk management portal.



Risk Software Report 2017


Active Risk Manager



Figtree Systems

HawkSight Software



Maclear eGRC Suite

Magique Galileo

Marsh ClearSight

Risk Software Report 2017 Products features

MetricStream Risk Management Solution

Origami Risk



Riskonnect Integrated Risk Management Solutions

RiskSense Platform


Synergi Life

The riskHive Enterprise Risk Manager





Full process analysis hierarchy

Full process escalation hierarchy

Objectives hierarchy

Organisational hierarchy

Asset hierarchy

Financial accounts hierarchy

Expand and collapse hierarchy

Audit findings

Scalable and tested to 100 users

Scalable and tested to 1,000 users

Scalable and tested to 10,000 users

Context sensitive help

Screen customisation

Search and filter

Roll-forward capability

Multi currency

Multi language

Web application

Web service API

Synchronisation with active directory

Integration with MS Office

Integration with enterprise reporting systems

Integration with collaboration tools

Ability to install software on users own IT infrastructure

Support for offline working and synchronisation

Hosted option / SaaS

Mobile capability: Add / update claims

Mobile capability: Manage tasks / activities

Mobile capability: View reports / dashboards

User security clearance

Technical support / service desk 24/7

Data management

Load historic data

Consolidating data from external sources

COPE data management

Deliver secure content

Integrated document scanning

Integrated electronic signature

Social Collaboration & Networking

Compatable with All Web Browsers without plug ins

Fully accessible via smartphone / tablet

• • • • •

• • •

• • • •

• • • • • • • •

• • • • • • • •

• • • • • • •

• • • • •

• • • • • •

• • • • • •

• • • • • • • • • • • • • • • • • • • • •

• • •

• • • • • • • • • • • • • • • • • • • • •

• • • • • • • • • • • • • • • • • • • • • •

• • • • • • • • • • • • • • • • • • • •

• • •

• • • • • • • • • • • • •

• • • • • • • • • • • • • • • • • • • •

• • • • • • • • • • • • • • • • • • • • • •

• •

• •

• •

• • • •

• • • • • • • • • • •

• • • • • • • • • • • • • • • • • • • •

• • • • • • • • • • • • • • • •

• • • •

• • • •

• •

• •

• • • • • • •

• • • • • • • • • • • • • • • • • • •

• • • • • • • • • • • • • • • • • • • •

Major functional areas

Incident reporting


• • • • • •

• • • •

• • • • • • •

• • • •

• •

• • •

• •

56 January 2017 cirmagazine.com

Risk Software Report 2017


Active Risk Manager



Figtree Systems

HawkSight Software



Maclear eGRC Suite

Magique Galileo

Marsh ClearSight

MetricStream Risk Management Solution

Origami Risk



Riskonnect Integrated Risk Management Solutions

RiskSense Platform


Synergi Life

The riskHive Enterprise Risk Manager




• • • •

• •

• • • • • • • • • • • • • • • • • • •

• • • • • • • • • • • • • • • • • • • • •

• • •

• •

• •

• • • • • • • • • • • • • • • • • • • • •

• • • • • • • • • • • • • • • • • • •

• •

• •

• •

• •

• •

• •

• • •

• •

• •

• • •

• • • • •

• • • • • • • • • • • • • • • • • • •

• • • • • • • • • • • • • • • • • • • •

• •

• • • • • • •

• •

• •

• • • •

• • •

• • • • • • • • • •

• • • •

• • •

• • • •

• •

• • • •

• • • •

• • • • • • • • • • • • •

• • • • • • • • • • • • •

• • • • • • • • • •

Major functional areas


Standard reports

Business Intelligence reports


Location / Assets


Internal audit





Premium calculation and allocations


Renewal data collection



Track & service recommendations

Health & safety hazards

Governance, risk and compliance



Vendor management

Risk Identification

BCM Knowledge base

Issues, losses and risks

Custom IDs

Risk quantification

Risk comments

Linked documents

Loss and accident identification

Linking losses to risk

Multiple risk types

Risk linkage

Risk review process

Risk approval

Risk surveys

Control surveys

Risk Software Report 2017 Product features

• •

• •

• •

• •

• •

Risk Assessment

Risk matrix

Qualitative assessment

Quantitative assessment

Gross, Residual, Target


cirmagazine.com January 2017 57

Risk Software Report 2017


Active Risk Manager

Risk Software Report 2017 Products features



Figtree Systems

HawkSight Software



Maclear eGRC Suite

Magique Galileo

Marsh ClearSight

MetricStream Risk Management Solution

Origami Risk



Riskonnect Integrated Risk Management Solutions

RiskSense Platform


Synergi Life

The riskHive Enterprise Risk Manager




Risk Assessment


Financial years modelling

Multiple risk impacts for single risks



Risk aggregation

Relationship matrices

Risk mitigation

Control assessment





Provision management

Plans linked to multiple risks

Linked actions to multiple plans

Compliance auditing

Certificate management

Certification for projects

Analysis & Reporting

Multiple application reporting

Probability vs. impact impact diagram

Monte Carlo simulation

Sensitivity analysis

Provision management

Schedules reporting

Data driven reporting

Ad hoc reporting

Automated email report distribution

Risk adjusted balanced score cards

Risk adjusted GANT chart

Bayesian analysis

User-defined dashboards

Integration with business intelligence reporting tools

Automatic alerts

Ability to combine data from all modules within

a single report

Ability to combine data from all modules within

a single dashboard

Ability to meet user reporting needs without

the need from custom reports

Integration with geospatial analytics

• •

• • •

• • • • •

• • • •

• • •

• •

• • • • •

• •

• • • • •

• • • • •

• • • •

• •

• • • •

• • • • • •

• •

• •

• •

• •

• • • •

• • • •

• •

• •

• •

• •

• • •

• • • • • • • • • • • • •

• • • •

• • • • • • • • • • • • •

• • • • • • • • • • • •

• •

• •

• •

• •

• • •

• •

• • • • • • • • • • • • •

• • •

• •

• •

• • •

• • •

• • •

• •

• • • • •

• • • •

• • •

• • • • •

• • • • • • • • •

• • • • • • • • • • •

• • •

• •

• •

58 January 2017 cirmagazine.com

Risk Software Report 2017


Active Risk Manager



Figtree Systems

HawkSight Software



Maclear eGRC Suite

Magique Galileo

Marsh ClearSight

MetricStream Risk Management Solution

Origami Risk



Riskonnect Integrated Risk Management Solutions

RiskSense Platform


Synergi Life

The riskHive Enterprise Risk Manager




• •

• • • • • • •

• •

• •

• •

• •

• •

• •

• •

• •

• •

• •

• •

• •

• •

• •

• •

• •

• •

• •

• •

• •

• •

• •

• •

• •

• •

• •

• •

• •

• •

• •

• •

• •

• •

• •

• •

• •

• •

• •

• •

• •

• •

• •

• •

• •

• •

• •

Analysis & Reporting

Automatic alerts based on the proximity and

severity of external events to locations

Mapping capabilities

Drill up / down / through reporting

Download to Word

Download to Powerpoint

Export to Excel

Incident management

Web-based incident reporting

Convert incidents to claims

Forward and automatically attach emails to the system

Automated incident investigation and escalation

Data conversion and consolidation services

Anonymous / third party incident reporting

Claims management

Full claims administration

Dashboards for tracking claims metrics and KPIs

RIDDOR / CRU1 Reporting

External claims benchmarking

Forward and automatically attach emails to the system

Data conversion and consolidation services

Managing financials through programme structure

Claim audits

Policy and premium management

& Premium allocation

Insurance knowledge base

Policy programme functionality

Policy erosion

Allocation of premiums based on exposure

values and loss experience

Tracking of covered locations and perils

Ability to report on premiums by insurer, broker or business unit

Captives support

Ability to report on exposure by insurer and insurer ratings

Ability to map insurance programme

Ability to diagram policy erosion

Renewal data

Ability to customise renewal questionnaires

Automated data validation against previously submitted values

Automatic reminders for unsubmitted values

Predefined report templates for renewal data consolidation

Risk Software Report 2017 Product features

cirmagazine.com January 2017 59

To Advertise in the Classified Section contact Graeme McQueen - Telephone: 020 7562 2434 or email graeme.mcqueen@cirmagazine.com

Perspective Publishing

Sixth floor, 3 London Wall Buildings

London, EC2M 5PD

thinking resilience

To Advertise in the Classified Section contact

Graeme McQueen - Telephone: 020 7562 2434

or email graeme.mcqueen@cirmagazine.com

Business Continuity CertifiCation

LRQA…protecting your assets

As a leading management systems certification, verification and training body, LRQA provides a range of assessment

and training services to help our clients meet the requirements of ISO 22301, the business continuity management system

(BCMS) standard.

Only independent approval to ISO 22301 can prove Business Continuity capability and instil confidence in stakeholders which



Middlemarch Office Village

Siskin Drive



Freephone: 0800 783 2179

Tel: +44 (0) 24 7688 2343

Fax: +44 (0) 24 7630 2662

Email: enquiries@lrqa.co.uk

Web: www.lrqa.co.uk

in turn can help safeguard market share, reputation and brand.

We provide experienced assessors who have all undergone rigorous BCI-accredited training. This is a crucial element in our

ability to provide real value through meaningful assessments.

For help and guidance on how to implement your BCMS, case studies, checklists and more please visit: www.lrqa.co.uk

We provide training, certification, verification and auditing to management system standards across key business areas and

concerns including information security, environment, health and safety, corporate governance and quality.



Improving performance, reducing risk

Business Continuity software

Specialising in Business Continuity and programme management, PinBellCom are Winners of the BCI European Innovation

of the Year Award 2014, Sslution providers to Marks and Spencer – European BCI & CIR Award Winners 2014. We work closely

with partners and clients in most market sectors including: Retail, Healthcare, Education, Logistics and Manufacturing. Our

products, TheOneView and BCP4me are:

• Scalable – from primary school to multi-national corporations

• Cost effective – single user, site and enterprise licensing

• Intuitive - requires minimal training or implementation costs

• Securely hosted on or off site


• Innovative – leading edge and adaptable solutions

+44 (0) 333 011 0333

Our Business Impact Assessment tool uses a unique ‘Heat Map’ and ‘I.T. Gap analysis’ to support, prioritise and define pragmatic

recovery plans.



Our BC Programmes align to relevant Standards. We can provide dependency gap analysis, cloud readiness assessments,

security profiling, Incident management, escalation, trending and dashboard reporting, programme management through

in-line audit and assessment dashboards and genuine mobile app to increase access and engagement in over 100 countries.

"We help the Business Continuity function to drive bottom line value and process improvement"

52 July 2015 cirmagazine.com


Call + 4 (0)844 863 3 00

Email enquiries@phoenix.co.uk

www.phoenix.co.uk/bcma surance

Phil Walden

JC Applications Development Ltd

Manor barn, Hawkley Rd,

Li s, Hampshire, GU 3 6JS

Tel: +44 (0) 1730 712020

Fax: +44 (0) 1730 712030


(JCAD an ISO9 01 a credited company)


Tower Place, London


Contact: James Sawle

Tel: + 4 (0) 20 7357 5760

jsawle@c stars.com

www.c stars.com

Busine Impact Analysis (BIA)

• Busine s Continuity Pla ning

How you benefit

flexible remote working solutions enable your sta f to work from virtua ly any location, uninte rupted. And our award-wi ning

Shadow-Planner software wi l help you plan to protect your busine s against unfores en circumstances

solution provider.

To advertise in our Software Reports contact Steve Turner - Telephone: 020 7562 2434 or email steve.turner@cirmagazine.com

Professional services guide

To Advertise in the Classified Section contact Graeme McQueen - Telephone: 020 7562 2434 or email graeme.mcqueen@cirmagazine.com

Savant Ltd

Dalton Ha l Busine s Centre

Dalton Lane


United Kingdom & European Head O fice Unit B

Heathrow Corporate Park

Gr en Lane, Hounslow

Mi dlesex


+ 4 (0)8 0 143 413




To Advertise in the Cla sified Section contact Graeme McQu en - Telephone: 020 7562 2434 or email graeme.mcqu en@cirmagazine.com

Business Continuity software

Sungard Availability Services Busine s Continuity Management Planning Software

Sungard AS A surance CM is designed by users for users.

Newly available is A surance CM Co nect which helps you to eliminate manual data management proce ses and custom coding.

Co nect handles any combination of S aS and/or on-premise data sources from a single platform to minimise complexity so that

your plan stays a curate for longer; improving your decision making for better busine s outcomes.

A surance CM busine s continuity software and risk management solution removes the ba riers to organisation-wid engagement, and

builds greater confidence in contingency plans. It’s about extending beyond simply a dre sing compliance requirements. It’s also

about knowing teams are prepared to recognise threats to the busine s and empowering them to engage loca ly before incidents lead

to major disruptions.

A surance CM is:

Intuitive – Simple and easy, get your program up and ru ning with minimal training

Aware Merg external ha penings with enterprise plans and gain real-time contextual insigh to act decisively

Alive – Eliminate manual data management and trus that your data is a curate and up-to-date

E ficient – Yet secure to help you work smart, engage users and delight stakeholders on program e fectivene s

Independent – S aS and mobile, co nect quickly to people and information that ma ter the most.

And provides a 9. 9% SLA availability guarant e.

busine s continuity/ disaste recovery pla ning cycle and share it acro s the company for be ter outcomes.


Sungard AS customers can rely on.

For more information please contact us.

To Advertise in the Cla sified Section contact Graeme McQueen - Telephone: 020 7562 2434 or email graeme.mcqu en@cirmagazine.com

Business Continuity software

Phoenix Shadow-Pla ner enables you to plan, develop, test and execute more streamlined and structured Busine s Continuity

strategies. Taking the pain out of th entire proce s, Shadow-Planner helps your people work smarter and faster – and enables

your busine s to deliver against its BC commitments more quickly, e ficiently and cost e fectively.

Designed by specialists in busine s continuity, this suite of integrated software su ports the entire Busine s Continuity

Management (BCM) lifecycle: from impact analysis through developing plans to testing and reporting. Phoenix can also

su port you every step of the way, helping you create the strongest and most e fective plans to minimise downtime and ensure

you can work ‘busine s as usual’.

Shadow-Pla ner is based on four core modules:


• Mobile Plans (cu rently on Blackbe ry and iPhone)

Organisations the financial service sector, public sector and others in regulated industries have used Shadow-Pla ner to help

comply with busine s continuity standards such as ISO 2301 and other specifi codes of practise.

A low cost solution, requiring no local cap ex or hardware investments, you can:

Save time and money

Eliminate duplication and ina curacy

• Get rid of ine ficient, inaccurate and risky manual a proaches - Word documents and spreadsh ets

Reduce risk - be ter m et governance

Ensure l e sential data (plans, contacts, documentation and more) are in a single secure location, at your fingertips

Have an a surance that a l data is regularly reviewed, updated and consistent

Mitigate against costly downtime

Acce s and update BC plans anytime, anywhere – from desktop, mobile, tablet .

Protect and enhance sta f productivity, with security vi a propriate acce s levels

• Achieve faster ISO 2301 BC certification

Phoenix is an acknowledged leader and award-winning provider of busine s continuity and disaster recovery services. Our

Risk Software Report

Supplier Directory

Plans and testing do not deliver outcomes, people do. A surance CM is about enabling you to take what we learn back into the

Introducing our new powerful emergency notification t ol, designed for when you n ed it most. Send critical alerts to your key

recipients at any time, using any device, and ge the response you n ed.

A surance NM Alerting and Mobile Services leverages a variety of communication methods to transmi tens of thousands of voice and

text me sages in minutes. The A surance NM communication solution is built on an award wi ning platform that is used by both

public and private sector organisations worldwide, o fering them market leading capabilities and superior performance which

Mataco is a busine s continuity planning t ol that offer su port for all aspects of the BCM process:

thinking resilience

Ca l 08 4 863 3 0


h tp: /www.phoenix.co.uk

Tel: + 4 (0)1524 78 4 0

Fax: + 4 (0)870 460 1023



Business Continuity, disaster reCoVery

• It is aligned to BS 25 9 and ISO 2301

• It provide secure o f-site hosting a ce sible from anywhere

• Mobile Mataco is also included, enabling a ce s to a l contact lists and Plans from mobile devices

• Updates to busine s data, such as phone numbers, teams, actions, resources, su pliers is done once in one place and the

updates are automatica ly made in a l Plans containing the data.

• BIA data can be imported into Mataco from Excel

• Mataco su ports the monitoring and control of reviews and exercises

• The Reporting facility enables quick and easy reporting on BIA data with expor to Excel. Reports can be developed to m et

specific client requirements.

• Mataco wi l deliver improved control and reduce maintenance time

• An audi trail tracks a l changes made to the data

Phoenix an award-wi ning busine s continuity leader the UK. We’ve b en delivering our services for over 25 years and

have an unblemished recovery record. As a fu l-service busine s continuity provider, Phoenix delivers e sential services to our


E sential to the planning and management of your business continuity programme through BCM A surance. We can advise,

deliver, su port and manage a l or part of your busine s continuity management needs with software, consultancy and managed

E sential to the protection and recovery of your IT & systems through Recovery A surance – our solutions and expertise can

protect and recover physical or virtual servers, Cloud a plications, laptops, desktops and mobile devices to meet your specific

RTOs and RPOs.

E sential to you resilience through widest busine s continuity network of any UK based provider - delivering traditional

workare and IT DR services. We’re there for you loca ly, with 18 centre spread throughout the UK. We’re technology experts,

part of the Phoenix IT Group, with over 1,3 0 technology specialists. And for our customers, we’re trusted advisors for all

things busine s continuity.

For more information ca l us on 08 4 863 3000 or visit www.phoenix.co.uk

Claims handling & risk management software solutions

risk management software & ConsultanCy

Contact Phoenix to find out more abou the unique benefits of Shadow-Planner. Ca l 08 4 863 3000

email enquires@phoenix.co.uk or visit phoenix.co.uk

JC A plications Development Ltd are market leaders in the development & implementation of highly e fective software for the

Claims Handling and Risk Management markets. Our commitmen to providing simple to use yet feature rich a plications has

enabled us to grow a su ce sful and satisfied client base of over 160 organisations, with over 2 0 su ce sful implementations to

our name.

Although our clients can o cupy very di ferent sectors of busine s, for instance; UK Central & Local Government, US

Government, Housing Associations, Construction and Insurance, sentiments converge when l oking for a proven technology

So, if you are looking to improve your Corporate Governance and reduce costs through be ter claims management or wish to

easily embed risk managemen throughout your organisation, then we l ok forward to talking with you.

STARS is the globa leader in technology, analytics and data service solutions acro s risk, safety and claims management

for many of the world’s largest corporations. A busine s unit of Marsh Inc., STARS su ports more than 750 customers in 25

countries and has a trusted data store of over 60 mi lion claims ama sed through decades of operation. With the industry’s

single largest risk database, STARS uniquely enables its customers to a curately analyse trends, gain industry insights,

optimise decision-making, and reduce costs acro s th entire risk lifecycle.

STARS industry leadership and 40 years of continued i novation fosters d ep client engagement around four key a tributes –

network, data, platform, and people. The STARS client network facilitates and encourages open community sharing of

best-practices. And with an ever-growing database of risk, safety and claims information cu rently at more than 125TB,

STARS Big Data provides unpara leled benchmarking data to help clients derive actionable insights, drive measureable value,

and achieve rapid ROI. Architected for the Cloud, the proprietary STARS platform is easy-to-use, simple to maintain, and

secure, complying with the industry’s most stringent requirements. The knowledge and expertise of STARS people drives a

co laborative, client-focused a proach to deliver world-clas solutions helping busine ses manage risk inte ligently, proactively

and cost e fectively.

54 July 2015 cirmagazine.com

To advertise in the Professional Services Guide,

contact Steve Turner - Telephone: 020 7562 2434

or email steve.turner@cirmagazine.com

cirmagazine.com July 2015 53


Woolgate Exchange

25 Basinghall Street

London EC2V 5HA

United Kingdom

Contact: Lisa Cunningham

Tel: +44 (0)7931 937 801



Twitter: @Nasdaq BWise

Linkedin: Nasdaq BWise

Nasdaq BWise is a global GRC technology leader. We help organisations, both big and small, around the globe, embed,

sustain, and streamline their GRC and integrated risk management activities. The BWise software application is the

cornerstone of Nasdaq’s GRC technology portfolio. It offers a wide range of leading GRC functional capabilities for risk

management, internal audit, internal control, information security and regulatory compliance.

Having implemented some of the largest GRC projects in various industries around the globe means that Nasdaq BWise

will truly be able to leverage its global resources to ensure a successful implementation by bringing a blend of technical

and industry experience, a mature project governance methodology, and a dedication to effectively and efficiently

transfer knowledge for long-term success.

BWise is recognised by independent analysts as a leader in GRC software and won awards for best product as well as

best vendor in the industry.

Nasdaq is recognised around the globe as a diversified worldwide technology, trading and information services provider

to the capital markets, with more than 3,500 colleagues serving businesses and investors from over 50 offices in 26

countries across six continents – and in every capital market.

ABS Group provides holistic enterprise risk management tools to help you identify, analyse and manage hazards. Our

THESIS BowTie 6.3 standalone and THESIS Enterprise risk management software solutions help document risk

analyses in a systematic manner, making the control of hazards easier to understand.

ABS Group

EQE House, The Beacons,

Warrington Road, Birchwood

Cheshire. WA3 6WJ. UK

Tel: +44 (0)1925 287300


LinkedIn: https://www.linkedin.com/


Developed to assist risk managers and stakeholders in their decision making process, THESIS delivers a simplified

and comprehensive risk management solution for mapping threats, risk events and consequences at all levels of an

organisation – from the front-end engineering design stage through to operations and decommissioning.

THESIS BowTie is a cost-effective and reliable way to assess the diverse risks facing an organisation. Our software

integrates with risk management to promote safety, reliability and business continuity across the enterprise.

Using the qualitative Bowtie Method, THESIS displays the relationship among hazards, controls, risk reduction measures

and business activities, helping managers communicate critical procedures and demonstrate compliance.


Veritasveien 1, Hovik 1363, Norway

Tel: +47 67 57 99 00 - Norway

Tel: +44 (0)20 3816 4000 - UK



linkedIn: www.linkedin.com/company/5005106

Driven by our purpose of safeguarding life, property and the environment, DNV GL enables organisations to advance

the safety and sustainability of their business. With Synergi Life, DNV GL is one of the world’s most recognised EH&S/

QHSE and risk software providers, offering on-premise, cloud-based and mobile app solutions. Synergi Life is used by

more than 350 companies worldwide, with 750,000 users globally across a number of industries, such as energy,

healthcare, transport, local government, construction and more.

With Synergi Life you have the tools you need to manage QHSE (or HSE) non-conformances, incidents, risk, risk

analyses, audits, assessments and improvement suggestions.

60 January 2017 cirmagazine.com

To advertise in our Software Reports contact Steve Turner - Telephone: 020 7562 2434 or email steve.turner@cirmagazine.com


Manor Barn, Hawkley Road, Liss,

Hampshire GU33 6JS

Contact: Phil Walden

JC Applications Development Ltd has been a market leader in the development & implementation of highly effective

software for risk management and claims processing for over a quarter of a century. During this time we have built

up a large client base of well over 200 organisations that cover a range of diverse industries both in the public and

private sectors.

In an age of change we are proven to be a trusted business partner to our clients and our passion for delivering

robust but cost effective solutions has not diminished. As a family-owned business, we strive to provide excellent,

friendly customer support. Our specialist team works continuously to update and improve our products, ensuring

our solutions help clients improve efficiency, increase accuracy and save money.

Tel: +44 (0)1730 712020



Easy to use fully integrated web-based system covering risk management, control attestation, incident/loss event

management, appetite and indicators / measures, emerging risk, scenario analysis, policy compliance, questionnaires and


Magique Galileo Software Ltd

Level 30, The Leadenhall Building

122 Leadenhall Street

London EC3V 4AB

Tel: +44 (0)20 3753 5535



Includes audit trail, history, tracking and extensive reporting as well as e-mail alerts and analysis tools.

• Configured to meet your exact methodology, terminology, workflow, security and reporting

• Over 250 active clients from 5 users to over 1,000 users.

• Mature product developed and enhanced over 20 years.

• Every implementation led by experienced Risk Management professionals.

NTT DATA Figtree Systems

Level 3, 2 Royal Exchange

London EC3V 3DG

United Kingdom

Tel: +44 (0)20 722 09210

Fax: +44 (0)20 728 38944



NTT DATA Figtree Systems is a specialist software provider for Risk Management Information Systems. Catering to all

claims types, our cloud platform streamlines claims administration, while enhancing risk awareness and cost control.

Providing configurable workflow, flexible business rules and a full suite of Claims, Risk and Safety Management

modules, our software is adaptable to variations in business processes and complexity. Used by clients globally, this

award winning system features document creation and management, custom dashboards and reports, smartphone and

web-based data-capture, email notifications, and enterprise system integration. Hosted in a secure datacentre, certified

ISO 27001, the system delivers centralised data management, while providing remote, real-time access.

cirmagazine.com January 2017 61

To advertise in our Software Reports contact Steve Turner - Telephone: 020 7562 2434 or email steve.turner@cirmagazine.com

Origami Risk

4th floor, Victoria House

Victoria Road, Chelmsford Essex

CM1 1JR United Kingdom

Contact: Neil Scotcher

Tel: +44 (0)1617 917740

Mobile: +44 (0)7775 758655




The Origami Risk RMIS (Risk Management Information System) was designed by industry veterans committed to

helping clients streamline the collection, analysis and reporting of risk, insurance and claims information. The

innovative, web based RMIS software is designed with the latest technology and is focused on ease-of use, performance

and dependability. Origami Risk is accessed securely through any modern web browser.

Use the Origami Risk RMIS to consolidate all of your internal and external risk data. Take your consolidated data one

step further with easy-to-customise reports, making it easier than ever to win support for impactful programmes to

lower your total cost of risk.

Origami Risk’s highly experienced and professional service team is there when you need us and offers easy transitions,

consistency and accessibility.

For three years running, the Origami Risk’s RMIS has been named the industry’s #1 RMIS by the Advisen RMIS Review.

Riskonnect is the trusted, preferred source for enabling organisations to anticipate and manage strategic and operational

risks across the enterprise. Riskonnect is also the only provider of true integrated risk management solutions.


11 Leadenhall Street

London, EC3V 1LP

Contact: Ross Ellner

Tel: +44 (0)20 3608 8218


Twitter: @Riskonnect

Linkedin: Riskonnect, Inc.

As an innovator in risk management technology, Riskonnect offers a growing suite of solutions on a world-class cloud

computing model, helping clients elevate their programs for management of all risks across the enterprise. Riskonnect

provides the highly configurable technology needed to understand, manage and control risks, positively affecting

shareholder value.

Riskonnect’s solutions are all connected, allowing users to easily navigate within the system to review, analyse, and report

on data from web-based interfaces that provide a single point of access for global organisations.

Sword Active Risk provides world-class risk management software that drives business performance, enhancing

transparency and profitability at project, programme and enterprise levels. Active Risk Manager (ARM) enables better

informed decisions, and the ability to use risk management to create competitive advantage.

ARM provides a suite of products designed for specific users within the risk process:

Sword Active Risk

1 Grenfell Road, Maidenhead,

Berkshire, SL6 1HN

Tel: +44 (0)1628 582500



Twitter: @ActiveRisk

• ARM Core for Risk Professionals

• ARM Risk Express for business risk owners, powerful yet easy to use solution, fully integrated with the core solution,

replaces spreadsheet usage

• ARM Risk Performance Manager (RPM) communicates risk through dashboards and reports

• ARM Apps, which are web-based applets for task owners.

ARM is used across some of the world’s leading energy, infrastructure and defence projects, by organisations like the US

Air Force, Bechtel, Crossrail, US Federal Aviation Administration, Lockheed Martin, Rio Tinto and Skanska to manage

project risk worldwide.

62 January 2017 cirmagazine.com

To advertise in our Software Reports contact Steve Turner - Telephone: 020 7562 2434 or email steve.turner@cirmagazine.com

Experience the Ventiv difference. Problem


Ventiv Technology

30 Eastcheap

London, EC3M 1HD

Contact: John Irving

Tel: +44 (0)20 3817 7407



Twitter: @Ventivtech

LinkedIn: https://www.linkedin.com/


Ventiv Technology empowers insurance, risk and claims managers to take control of increasingly diverse risks and

exposures. Our risk management information system aggregates, manages and analyses data in a single, secure location.

With more confidence in your data, you’ll make smarter, timely decisions that support your organisation’s objectives.

Here are some examples of how we have benefitted clients:

• International hotel giant Hyatt Hotels Corporation generated a total decrease of incurred loses year over year of 33%

• Akzo Nobel saved around 500 hours of work per year on aggregating data and producing claims management reports

• Tesco reduced indemnity spend; improved store safety; reduced accidents; and implemented successful riskmitigation


Our modular system is easily configured for your organisation’s specific requirements, while self-service tools let you

tailor the system even further.

Contact us to discover how your organisation can benefit from working with Ventiv.


Looking for the right software, but don’t know where to start?

Try CIR’s free comparison tool at www.cirmagazine.com/cir/cirreports.php

A major driver for the success of emergency & mass notification software has been its increasing functionality – making it

suitable for a growing range of applications. And with the market itself expanding fast, the task of finding the right software can

be time-consuming and complex. CIR’s online comparison tool has been designed with all this in mind, helping you compare

software from a wide range of providers across the globe to offer you a quick and easy way to find the tool that’s right for you.

Try CIR’s free comparison tool today at www.cirmagazine.com/cir/cirreports.php

As always, our annually updated Emergency & Mass Notification Software Report is also available as a PDF.

cirmagazine.com January 2017 63

Similar magazines