Who is this article for?

Users who want to learn more about 12.0 Enterprise Risk and Control management enhancements.

No elevated permissions are required.

This article delves into the developments introduced in 12.0 for Enterprise Risk and Control management, offering users enhanced tools and features to bolster organisational governance and compliance efforts. The latest updates empower users with comprehensive functionalities, fostering a more robust approach to risk mitigation and management.

1. Enterprise Risk management
   1. Risk assessments
   2. Risk self-assessments
   3. Risk details
   4. Controls
   5. Risk Actions
2. Controls management
   1. Attachments
3. Further reading

1. Enterprise Risk management

1.1 Risk assessments

• As part of redesigned system menus, within the Risks > Assessment Menu a new option is available to Approve assessments in bulk. Easy to use tick-boxes allow the user to select multiple items at once. The assessments available are determined by the user’s assessment approval rights, and only applies to Draft or Submitted items.
• An additional new menu item within Configuration, System Configuration and Assessment Configurations allows users to control Risk assessment hidden items, thereby deciding which elements are applicable to see and use.
• When selecting Submit for Approval following a new assessment or re-assessment, the possibility to Send for general approval (i.e. to all applicable reviewers) or Send to specific person is provided via a pop-up window. This new development increases the usability of email notifications to support the approval process.
• Assessment Labels (within Configuration then Assessment Labels) have been improved to support risk assessment approval usage by individual users or roles. This ensures that, for example, assessments that yield a critical level of risk can be monitored and managed only by senior members of the risk team.
• The Assessment guidance tab that describes the criteria applicable for grades of Impact and Likelihood can now be seen in a full-screen layout by selecting the new magnifying glass icon.
• The assessment audit trail for Last Modified Date and Last Modified By information has been added to the list of fields available in custom reporting and email notifications.
• The assessment audit trail for Attachment Last Modified Date and Attachment Last Modified By information has been added to the list of fields available in custom reporting and email notifications.

1.2 Risk self-assessments

• Greater governance over which assessment row is applicable to complete for self-assessment invitations has been included within Configuration then Assessments.
• When defining the properties of each assessment row, a new tick-box option to mark them as Available for self-assessment is available for use.
• Self-assessment recipients completing re-assessments can now see the Assessment History tab, relative to their specific assessment of the risk.
• For configurations where a Control Assessment is not used, a new System Configuration option delivers the ability to Enable controls list within assessment details. When enabled, a new tab for Risk Controls will be present in the main toolbar, providing read-only access to all Controls and Proposed Controls that are linked to the risk being assessed.

1.3 Risk details

• When creating new Risks and selecting Submit for Approval, the possibility to Send for general approval (i.e. to all applicable reviewers) or Send to specific person is provided via a pop-up window.
• The system-generated fields Created Date, Created By, Approval Date, Approved By and Approval Status can now be hidden from the Risk Details tab if required. This is achieved via Configuration, System Configuration, Risk system configurations and Risk view items.
• It is now possible to assign a specific colour to a Risk Type, and this colour will be applied to the selection made in the main Risk Details. Colours are configured by navigating to: Configuration then Risk Types.
• Unique to the Risk Owner drop-down lists (i.e. Primary Owner, Secondary Owner and Additional Owners), via a new shortcut icon it is now possible to create new users without navigating to the Configuration menu separately.

Note: Access to this new efficiency remains controlled by the permission for User Maintenance.

1.4 Controls

• Commensurate with the new configuration section for Risk Assessments, a new System Configuration menu item for Control and action configurations allows users the opportunity to customise the Controls mandatory & hidden items and Control View Items.
• The same functionality is extended to Proposed controls mandatory & hidden items and Proposed Control View Items.
• Within the main toolbar for Controls, a new button has been added to Update Control Owners in bulk.
• Proposed Controls that have been Implemented and subsequently reside in the list of active Controls, now inherit a unique function to view the Original proposed control - Read only view.
• When viewing the Details of the active Control, a subtle icon provides on-screen visibly to all of the original information, including that of un-managed metadata and Managed control metadata.

1.5 Risk Actions

• In the same manner that entity-level Audit Recommendations can be relocated, Risk Actions can now be moved from one Risk to another as required. This can be completed within the Action itself, in the detailed view.

2. Controls management

2.1 Attachments

• The standard Attachments tab existing throughout the system has now been extended to the default Managed Controls properties of Controls Management.
• This allows attachments to be added against managed controls directly within Controls Management.

3. Further reading

• 12.0 Audit file and metadata template developments
• 12.0 Timesheet, expenses recording and reference library developments
• 12.0 Recommendation and questionnaire tracking developments