Operational Risk

1
Operational Risk System Phoenix ITT
Consulting
2

• Topics
• Sword Overview
• Structure
• Modules Examples
• Security Overview
• Reports
• Sword Calendar

3
Sword Overview

• Sword (developed by Phoenix strategic Partner,
  CI3) is a comprehensive, function-rich
  Operational Risk and Compliance Product Offering.
  
• In particular, SWORD offers the following
  benefits
• Automates a very labour intensive review and
  assessment process for operational risk, internal
  audit and corporate governance
• Provides the ability to assign risk management
  responsibility and accountability within the
  business
• Ensures a cost-effective, continuous assessment
  of ORSAs
• Allows the business to capture and report on
  Incidents, errors and omissions
• Provides an ability to aggregate risks up the
  organisation (at the same time facilitating
  Positive Assurance)
• Provides an organisation-wide issue management
  system that ensures all issues are captured and
  managed to closure.
• Facilitates generation of customisable, flexible
  Risk Management reports through a variety of
  tools and in different formats

4
Sword Data Relationship Diagram
Location
Organisation Unit
Person
Business Activities
Categorisation
Umbrella Risks
5
Sword Relationship Mapping Grouping
Organisational Unit
Business Activities
Bank Group
Bank Group
Business Continuity Planning
Commodities
Private Banking
Foreign Exchange Div
Trading
Futures
Origination
Energy
Execution
Agricultural
Processing
Metals and Mining
Settlement
Funds Management
Reconciliation
Banking
Risks / Controls / Issues / Actions
6
Sword Modules Examples
Swords comprehensive, end-to-end approach
to Risk Management and Compliance helps ensure
that Risks are controlled and reviewed in a
pro-active and consistent matter across the
enterprise, ultimately also helping reduce
Reputational risks.
7
Sword Security - Examples

• Authorisation
• Role based
• Roles are configurable. Standard SWORD product
  comes with 8 roles.
• (Group Risk Manager, Local Risk Manager,
  Information Security User, Internal Audit, Group
  Compliance, Local Compliance, Business User,
  Other)
• A user can have many roles.
• Role authorisations define how you use SWORD
• Organisation unit based
• Every user must be authorised to at least one
  point of the organisation unit hierarchy.
• Defined access level is inherited for all points
  below chosen organisation unit.
• Two access levels Edit View, View only
• Edit/View access levels are defined per system
  function
• Majority of database is partitioned by
  Organisation Unit e.g. two users with
  authorisation to two parts of the tree will see
  totally different data when running the same
  report.
• Organisation authorisations define where you do
  your work.

8
Sword Reporting

• Universal Reporter
• Provides End User Query Tool out of the box
• Transparent use of SWORD security model
• Reports can be saved/scheduled/copied/shared
• Delivery to Screen or Mail
• Output to XL, CSV, XML
• M/Soft Reporting Services
• Provides Enterprise Reporting Services
• MIS Reports
• Dashboard
• Canned Reports
• Functional Integration
• Encyclopaedia for Report Writer (Documents
  tables/views/functions)
• Integration with SWORD security model
• Can Use 3rd Party End User builders (cizer.com)
• Delivery to Screen or Mail
• Output to XL, PDF, CSV, XML, etc
• Other
• Business Objects (Universe Available). SQL DB gt
  can also use Crystal Reporting, etc

9
Sword Event Calendar
12 Month Period
Jan
Feb
Mar
Apr
May
Jun
Jul
Aug
Sep
Oct
Nov
Dec
? Continuous
Escalation / Issue Action / Incidents /
Reporting ?
? Monthly
Key Performance Indicator Entry
and Signoff ?
? Monthly / Quarterly / Half Yearly
/ Annual ORSA Assessment and Signoff
?
? Monthly / Quarterly / Half Yearly
/ Annual Positive Assurance and
Signoff ?