The Main Menu, (and the “Dashboard" screen), is the starting point to navigate around the system. This section will initially give a brief, high level, overview on the main functions available and then explore each of the main functions.
First, in the top right-hand corner of the screen you will see several small icons:
These perform the following tasks:
1.The first icon, 
navigates you back to this Main Menu from wherever you are in the system.
2.The second, 
, is the Reference and Administration area of the system.
3.The third icon, 
, shows the status of each back-end activity processed by the system. These might include activities relating to a group of entities (e.g., replicating a risk from the pilot to the group).
4.The fourth icon, 
, allows you to change the language used by the system; there are two languages available, Arabic and English, and clicking on the relevant flag will switch between the two. You do not have to be in the Main Menu to use this function, it will operate from anywhere in the system.
5.The sixth icon, 
, is the Help function; clicking on this icon, from wherever you are in the system, will bring up help pages from this manual to explain what the area of the system you are in does. This function will be displayed in the language selected using the language icon above.
6.The final 
icon will log you out of the system.
Below these icons, the user name of the individual logged on to the system is shown; in this case it is "Admin". 
The toolbar below these icons gives access to the major segments of the system:
Entity Listing
This gives access to the underlying sub-divisions of the database in which individual risk and control data are stored. These may be individual functional areas of the business or specific products or processes; they may, in fact, be a combination of some or all of these.
Dashboard
This tab simply navigates you back to the Main Menu.
Risk Explorer
This function is designed to provide the user with the ability to navigate through the risk database, conduct inquiries, and obtain reports all from the same screen. The user can also drill down through the database to reach the relevant data fields in order to amend the data. A “hierarchy map” allows you to refine your search to a specific group of related entities.
Notifications
There are a number of exceptions and important issues that the user needs to be notified of in real time. Such issues might include: KRI’s above thresholds, overdue remedial actions etc., and they might relate to one entity or a group of entities. In this module, these issues are automatically brought to the user’s attention in one screen. The user can click on any of them, get the required information and take the necessary actions without the need to log into the relevant entity.
Compliance Tests
This tab will open up an important suite of screens. One key feature of the CAREweb™ system is its ability to allow various levels and functions within the organization to regularly test the control environment, i.e., perform Compliance Testing; in this respect, the system fully supports CRSA as a governance tool. With this degree of flexibility, it is important to ensure that when control tests have been scheduled, they get performed. This tab provides easy access to all Compliance Tests documented within the system. You can view the compliance tests that are either:
•Due;
•Overdue
•Upcoming
•Or Last Conducted.
•Need Approval
The user (if he has access authority to do so) can also click on any of the due tests and enter the test results without the need to go to the relevant Entity and control screen.
Compliance Monitoring
The concept behind this module is to provide a mechanism to measure and review an institution’s compliance to specific regulations.
Corp. Governance
The concept behind this module is to provide a mechanism summarising key data from what could be a very considerable store of risk data in order to provide concise reports to the Board or Board committees, such as the Audit Committee or Risk Committee.
The organization will almost certainly have data about high-level Corporate Risks as well as details about important individual risks at a lower level within the organization; this module allows all of the data to be summarized and reported upon.
One of the key criteria used in determining the acceptability of the control environment for a part of the organization, or Entity, is how close to an “acceptable” range the Entity has managed to maintain its control environment. This “acceptable” range, or Gap Tolerance, is determined for each Entity separately. The whole concept behind the CAREweb™ family of products, and their associated methodology, is to establish a measurement of how well an organization’s actual control environment compares to the best and worst scenarios likely to confront that organisation; in our terminology, we determine a “Control Gap”. This module will summarize each of these "Control Gaps" as well as provide information about whether any recent testing has been done of the relevant controls, and if so by whom.
Internal Audit
The concept behind this module is that all the elements of an organisation that have some degree of risk management or control assessment in their terms of reference should be drawing data about risk and control from the same database. Internal Audit clearly falls into this category; they evaluate the control adequacy of various elements of the organisation and reflect this assessment in their reports and, when planning which elements of a diverse portfolio to schedule for Internal Audit review in the coming period, they take into account, amongst many other factors, the Control Environment of each unit.
This module is designed to provide the Internal Auditor with a framework to hold all of the data needed to plan, manage and report on the work of the Internal Audit function. This framework will already be populated with the most up-to-date risk and control data relating to the audit portfolio. The module is split into logical functions:
•Entity Listing
•Dashboard
•Planning;
•Scheduling;
•Execution;
•Testing details;
•Reporting.
Event Listing
This tab opens up a very important element of the CAREweb™ system; it will show all "events" in the database in default currency. An "event" could simply be defined as the occurrence of a risk; CAREweb™ allows this data to be captured at individual risk level and this module allows this mass of individual event data to be summarized and reported upon.
The types of data captured is:
•Risk Subject - each incident is assigned to a particular risk within the Entity;
•Event Type - actual events and “near misses” can both be recorded
•Description - this is where you describe the event in detail.
•Gross loss - the amount initially lost when the event occurred;
•Total recovery - any amount recovered, up to this point in time.
•GL Account – since the CAREweb™ system is not an accounting system, it is important to periodically ensure that losses actually sustained by the business and recorded in CAREweb™ are also correctly accounted for by the business in their financial statements. This is achieved by entering the General Ledger account code to be used for booking a particular loss into this field.
•Event Date and Event Time
•Event End Date – if an event is considered to be over, the date by which it is concluded can be entered here.
•Accounting Date – it is important to know the accounting period in which the losses will be booked
•Discovery Date – date of discovering the loss event.
•Business Line - For our banking clients, it is important that events are assigned to a particular Business Line so as to meet the requirements of the Basel Accord
•Event Caused By – this is another field required by our Banking customers to help comply with the Basel II regulations, and in some cases the requirements of their own regulators. The drop-down box allows you to assign the cause of an event to either:
▪People;
▪Systems;
▪Internal Processes; or
▪External Events.
•Discovered and Reported By - it is often important to understand who identified the incident in question;
•Event Category - for our clients who wish to use the system for monitoring Health & Safety, this menu helps to put the event into broad categories of fire, fraud, human error and system failure; the field is not mandatory.
•Severity - here you can categorize the event into Low, Medium or High severity according to your own definition of those terms.
•Status of investigation/approval
•Legal case
•Status ended
•Event related to
•Potential/unrealized loss
•Potential recovery
Reports
With the considerable amount of data available in CAREweb™, it is necessary to be able to produce a range of reports, either at screen level or as hardcopy. When the system has been fully installed, all reports will be produced with your organisation’s details in the footer. Reports can either be printed or exported to other applications.
At this corporate level, reports can be produced using data from the entire database or from specified segments of it. You can report on:
•Risks, including Corporate Risks;
•Controls;
•Risk evaluation matrices;
•Strategic risks;
•Compliance Testing;
•Risk appetites