1. RiskTaker : Business Risk Management
Enterprising risk management for teams and SME’s

2. Contents
 Risk Governance Overview
 Why manage risks ?
 Risk Maturity
 Integrated Risk Management
 Line Xero Introduction
 RiskTaker
 Award winning software
 Reliable hardware
 Support Services

3. Why manage risks ?
“A company's objectives, its internal organisation and the environment in which it operates
are continually evolving and as a result, the risks it faces are continually changing. A
sound system of internal control therefore depends on a thorough and regular evaluation
of the nature and extent of the risks to which the company is exposed. Since profits are,
in part, the reward for successful risk-taking in business, the purpose of internal control is
to help manage and control risk appropriately rather than to eliminate it.”
“The guidance is based on the adoption by a company's board of a risk-based approach to
establishing a sound system of internal control and reviewing its effectiveness. This
should be incorporated by the company within its normal management and governance
processes. It should not be treated as a separate exercise undertaken to meet regulatory
requirements.”
Turnbull Report, September 1999

4. The Evolution of Risk Management
Previously Now
 Historical risks only  Non-traditional risks
 Expert management  Causes of risk
 Statistical analysis  Organisation-wide involvement
 Senior management buy-in
 Risk indicators

5. Risk Governance Maturity
Maturing
• Simplistic framework
• Departmental
• Limited corporate visibility
• Risk exposure may be inaccurate
• Mitigation plans may be used
to identify priorities
Mature
• Flexible governance framework
• Whole of company
• Corporate visibility & control
• Risk appetite known & monitored
• Use of risk data to drive
Immature investments & priorities
• Risk management is ad-hoc
• Individuals or small teams
• No corporate visibility
• Appetite & exposure unknown
• Risk data not used to drive strategy

6. Integrated risk management
 Risk management must be a “whole of company” process
 Requires board level buy-in to objectives and methods of risk management
 Risks are controlled at the appropriate level within the business, by the most
appropriate people
 Control & management of risks must be part of the normal business process – not an
add-on or afterthought
 Risks must be balanced at the corporate level
 Without risk co-ordination, perceived risks may be blown out of proportion
 There must be mechanisms to escalate risks to the appropriate level.
 The risk management system needs to support the risk process without being
intrusive
 Intrusion usually results in non-use
 Risk co-ordination & challenge processes become “big stick” exercises.

7. Integrating RM & strategic processes
Quantify risk
Identify risks Identify risk:
Impact & Agree acceptable
& understand Related actions
mitigation Risk levels
origins required
Cost/benefit
Identify actions Monitor Monitor external Update
Agree strategic
Required & likely implementation & internal Assumptions &
goals
effects of actions changes goals

8. Line Xero : Company Overview
 Formed in 1990 as an IT strategy consultancy
 Provides IT Design Authority services to a number of FTSE-100
companies
 Created XeroRisk as a product in 2004
 Originally built for United Utilities
 Strong take up in asset intensive & regulated businesses
 Launched RiskTaker in 2008
 Operates e-commerce web application facilities on behalf of
several Internet based businesses

9. Line Xero: RiskTaker Overview
 Licensing
 Easy& flexible licensing schemes
 Web based purchasing process ensures no “down time”
 Support
 Dedicated RiskTaker support team – email, telephone and self-
service portal options available
 Maintenance
 Clearroadmap – XeroRisk release + 1 month
 Maintenance contract to cover support and new releases

10. RiskTaker: A risk management solution
 Fully web based application
 Integrates with existing business
processes
 Simple to deploy
 Very intuitive to use
 Risks identified, managed &
controlled “on the ground”
 Corporate exposure valued &
monitored through escalation and
aggregation

11. RiskTaker: Functional Coverage

12. RiskTaker Features
 Full organisation model support
 Role based security
 Fully configurable risk assessment
categories & levels
 Email escalation & notification
 Full audit trail of all user risk
management activities
 Built in reporting functions include
Excel export, graphs etc
 Support for unlimited risks,
organisation units, hierarchy levels

13. A flexible deployment solution
 Quick Implementation
 RiskTaker doesn’t require installation on each client
 Supplied as a pre-configured appliance – simply plug in and go.
 Reduced support costs
 New releases & updates are installed on central servers
 Does not impact desktop builds or current security policies
 True Thin-Client
 There are no ActiveX or Java components downloaded to the client
 Partners or contractors can be quickly added without IS intervention
 Low client hardware demands
 Only a standard web browser is required for access
 Integrates with standard or thin client desktops (e.g. Citrix)
 Industry leading components
 Windows 2003 Server R2 or higher (Windows 2003 R2 Advanced server recommended)
 Microsoft SQL Server 2000 (Microsoft SQL Server 2005 SP2 recommended)

14. Reliable Hardware
 Dedicated appliance pre-configured with the latest RiskTaker software version
 All third party components licensed through the RiskTaker license
 Simply plug into your network and run
 Eliminates expensive server hardware and complex installation
 No co-existence issues to complicate the support requirements.
 Can be upgraded as the business grows
 Additional memory and/or processors
 Additional licenses to increase RiskTaker users

15. Support Services
 Dedicated Support Team
 Web portal – Online submission of low priority support requests, access to FAQ’s and upgrades
 Phone – Support for urgent requests including hardware failures, software errors and problems
with licensing and upgrade services
 Email – Dedicated email queue monitored by the support team
 Hosting Service
 If you cannot host your own RiskTaker appliance, Line Xero can do it for you – simply access
your RiskTaker over the Internet
 Licensing Service
 Fully automated licensing service ensures additional licenses can be added without waiting for
purchase approvals
 Temporary licensing possible for short-term projects & programmes.
 Migration Services
 For RiskTaker installations growing beyond the scalability of the hardware, an upgrade to
hosted XeroRisk canbe performed
 Data is transferred securely from RiskTaker to the hosted XeroRisk installation with no loss of
information

16. Thank you