Webinar Q&A: Protecht.ERM Risk Management System Showcase

We want to thank Adel Fakhreddine for answering the questions and also to all the participants around the world for being really proactive and engaged during the session. To watch the webinar recording: Manage all your risks with an easy to use and configurable system, visit this page.

1. Can users complete a task in an email or do they need to login to complete the task?

Users are prompted to login to the system to complete the task. Users can also complete the task using the mobile app with no need to keep logging in.

2. Can you include AML (Anti Money Laundering) and other compliance requirements?

Yes, AML obligations and regulatory alerts can be setup via an API feeding in from LexisNexis. You can also setup a register allowing you to record and monitor AML events.

3. Is it possible to have a different legal obligation plugin apart from Lexis Nexis?

We currently only work with LexisNexis but we can integrate with any other system using restful API’s to pull data into Protecht.ERM.

4. Is this product suitable for the Education sector?

Yes, we have many different clients in the education sector including the Murdoch University, Tafe NSW, Melbourne Polytechnic, Macquarie University, University of Wollongong, University of Technology Sydney and many more. Protecht is designed for companies of different sizes and industries.

5. For BCP (Business Continuity Planning) module, does it cover resources dependencies analysis, business impact analysis?

Yes, BCP includes both analysis on any dependencies and an business impact analysis where various scenarios can be recorded with any testing and recovery plans also captured against any process. Recording of impacted risk and KRIs can also be captured.

6. Can we track / manage Policy document (alert owners when they are due for renewal)?

Yes, you can use status buttons and renew/review dates to trigger notifications as an example of policy renewals.

7. Is there an ability to limit access to particular areas?

Yes, Protecht.ERM can setup sensitive fields/sections/registers which are only made available to autorised users.

8. Can you back date reports? What the risk register would look like say 3 months ago?

Yes, all registers have a complete audit trail, capturing any changes to any record. Using the audit trail data you can create trend report, historical data modelling reports etc. You can also use a calendar filter to back date reports to view a risk register 3 months back as an example.

9. Can we have more than one risk matrix (one for BAU (Business as usual) and one for Projects)?

Yes. When setting up the risk assessment scales you are able to setup one or multiple risk matrices to be referenced in Protecht.ERM. A example where we see this quite coming is where a business has a different matrices across, Risk, Projects and WHS.

10. Does the system aggregate risks? For example: a risk related to say third party/outsourcing in various parts of an organisation might be low or medium, but aggregated at division or group level might be high? How does the system do this?

Risk aggregation can be done using various methodologies depending on your risk framework. Protecht.ERM is also able to use formula fields to aggregate scores if required.

11. Can a control be linked to multiple risks?

In Protecht.ERM anything can be linked to anything on a one to one, one to many, many to many and many to one basis. A control can be linked to multiple risks if required.

12. With incident management can you link incidents to complaints?

Same as before, in Protecht.ERM anything can be linked to anything on a one to one, one to many, many to many and many o one basis. Incidents can link back to complaints.

13. Is the risk appetite set at parent risk category or can we set at the sub-risk category level too?

Risk appetite can be set at any level using parent category and or sub risk category as an example. Multiple levels of linkages can be created, with the typical implementation having a Level 1 / Level 2 / Level 3 linkage.

14. Can you import risk from your current risk register into the risk event library?

The purpose of the risk library is to act as a repository of risks which can be referenced in the risk register and or any other register as required. As an example, a user conducting a risk assessment can import the risk from the library.

15. Can you please cover data security aspects of the platform?

Protecht.ERM is ISO 27001 certified. All data is hosted with Macquarie Cloud Services in Sydney with DR 1 in Canberra and Dr1 in Penrith Western Sydney. For clients based in the UK and Europe, the system is hosted with AWS.

16. Does Protecht adhere to information security standards?

Protecht.ERM and its product suite have been accredited to ISO27001/IEC27001, for the scope of operations described in our certificate of accreditation. ISO/IEC 27001 also leverages the comprehensive security controls detailed in ISO/IEC 27002. The basis of this certification is the development and implementation of a rigorous security management program, including the development and implementation of an Information Security Management System (ISMS).

This widely-recognised and widely-respected international security standard specifies that companies that attain certification also:

• Systematically evaluate our information security risks, taking into account the impact of security threats and vulnerabilities
• Design and implement a comprehensive suite of information security controls to address security risks
• Implement an overarching audit and compliance management process to ensure that the controls meet our needs on an ongoing basis

17. Is there a capability to feed into finance tools?

Yes, Protecht.ERM can link to other system using web-services or restful API integration. Almost 70% of our clients have one or more systems integrated with Protecht.ERM.

18. Can the system work in conjunction with other systems i.e. SharePoint, so if a risk assessment is logged in SharePoint, it automatically gets updated into this system?

Yes, assuming there is a API integration with Protecht.ERM and SharePoint this would be possible.

19. Can you see risk trend analysis? what are the standard reports? can you create custom reports?

Protecht.ERM has a whole range of out of the box template reports which include trend, frequency rate etc. Clients can also custom build reports using the embedded analytics engine. The build does not require any back-end coding as all report design and creation is based on a drag and drop functionality.

20. Can we assign more than one owner to a risk or a control?

Yes, one or multiple owners can be assigned against any record. Generally the owner would be assigned during the risk or control assessment and not against the specific risk or control in the library. Please note if you want to assign a user against a specific risk or control in the library then this would be possible as well.

22. I am assuming there is a WHS incident reporting application and that actions are managed, escalated etc and linked to risks?

Yes, that is correct. WHS Incidents can be logged and investigated in Protecht.ERM with the capability of embedding in a claim, workers compensation, return to work, case management functionality. Incidents can also be linked to any other record such as obligations, actions, audits etc.

22. How does the WHS incident process categorise the national TOOCS coding ie. type of occupational classification codes?

The national TOOCS codes can be embedded using a drop down functionality listing all categories with related sub categories and linking these back to TOOCs classification codes.

23. Does the system allow for privacy of sexual assault/harassment incidents?

Yes, Protecht.ERM can setup sensitive fields/sections/registers which are only made available to autorised users.

24. Can you link your key risk indicators to controls?

Yes, In Protecht.ERM anything can be linked to anything on a one to one, one to many, many to many and many o one basis. A KRI can be linked to one or multiple controls if required.

25. Can multiple compliance questions be assigned or do they need to be done individually?

When assigning compliance questions you can choose one or multiple questions to assign by named user or role.

26. Can you show us what the data set on compliance responses looks like?

Responses can be aggregated for reporting in any way required to provide the business with a breakdown of all responses by questions types, business units, type of responses etc. You can book a short online meeting with us if you want to see this in action.

27. Similar to my Tasks, is there a My reports menu which might list regular reports you have scheduled to automatically run?

Report Creation - The system contains a highly flexible Risk Analytics module for the creation of high quality, visual and interactive dashboards and reports. Dashboards and reports can be easily configured and adjusted by the client Administrator. Full drag and drop of data elements and graphical types including maps is supported. A report wizard can navigate the user through the creation of reports in a simple seven-step process.

Reports and dashboards can be saved by the user in their own ‘My Reports’ folder for future use, or stored in a ‘Global’ folder (if their permissions allows them to do this), where it can be accessed by any other suitably authorised user. Data displayed in reports and dashboards is limited to the permission of the user running the report or dashboard.

To learn more about Protecht.ERM, book an online or a face to face meeting with our friendly team.

To watch the Protecht.ERM System Showcase recording, click here.

Click here to learn more about our enterprise risk management solutions. Or browse our knowledge centre for more resources on reasons to manage risk or to learn about functions that own and manage risk.