You do not have permission to edit this page, for the following reason:
You can view and copy the source of this page:
Return to ICI Risk Management.
The Icertis Contract Intelligence (ICI) platform introduces the Risk Management Application to make it easier for professionals to carry out their tasks related to risk management such as assessment, due diligence, remediation, monitoring and reassessment. Risk management is the process of identifying potential risk, assessing the magnitude of risk based on the business objectives, devising strategies to eliminate them and tracking the performance until they are completely mitigated.
The platform’s modern, scalable and integration-friendly cloud architecture can model even the most complex risk management scenarios. The App provides secure access such that only authorized users can access the App entities and data, using ICI’s access control functionalities. The user-friendly interface makes it possible for anyone in the enterprise having access to be able to use the platform with ease.
Icertis uses a standard framework of discovery, assessment, remediation, monitoring and optimization to manage enterprise risk.
Here are some terms that will help you better understand the risk management process:
Business risk can emerge from any division of a company and must be managed proactively to avoid devastating
impacts. Often, these risks originate in the contracts of an organization with an external party or because of the
business and regulatory environment in which the entity operates.
Yet, most organizations manage contractual, regulatory, financial reporting and environmental obligations
manually. Automated extraction and monitoring of obligations are prevalent in very few companies across various
industry verticals. Consequently, organizations do not have adequate visibility into the status of these obligations
and end up being reactive in identifying and handling risks.
This raises the following challenges:
Built on the Icertis Contract Intelligence platform, the ICI Risk Management App brings a paradigm shift in
the management of business risks. The App offers a process-oriented enterprise-wide solution to stay on top
of all potential risks that a business faces – whether they emanate from the potential insolvency of a
counter-party, payment default by a customer, supply disruption due to a pandemic or natural disaster,
logistics blockades due to localized conflicts, or other market turbulence.
With the Risk Management App, companies can:
The intelligent and easy-to-use ICI Risk Management App offers these powerful capabilities:
The user must have:
ICI offers the ability to determine the application type (Contracting, Sourcing, Obligation Management and Risk Management application) when creating a contract type. This is possible with the inclusion of two new choice type attributes, Business Application Type and Business Application Category at the contract type level. This feature helps effortlessly drive business applications on ICI platform.
These attributes are enabled through technical configuration and applicable for agreements and associated document contract types. The access privileges for business applications (such as Risk Management) are managed through security groups.
The ICI Risk Management application provides some seeded entities, attributes, workflows, rules and notifications that are necessary for the flow of the risk management. Some of the entities are:
Refer the Risk Management Configuration guide for details.
The ICI Risk Management application provides some seeded masterdata that are necessary for the flow of the risk management. Users can create masterdata instances with desired values.
To create masterdata instance:
1. Click "Configure" > "Masterdata" from the "Home" page menu. The Masterdata page opens.
2. Click "Create" button. The "Create Masterdata" page opens.
3.Select the "Masterdata" Contract Type. For example, "Risk Area Master".
3. Click "Next". The "Attributes" page opens.
4. Enter or select the details in all relevant fields. For example, enter "Risk Area Name" as "Anti-Bribery Corruption".
5. Click "Create". The masterdata instance is created.
Similarly, setup masterdata for "Risk Taxonomy", "Risk Remediation", "Likelihood Rating" and "Risk Score Matrix" Masters.
The ICI Risk Management application enables users to manage risks by creating risk assessment. Risk Assessment deals with the process of identifying and evaluating the magnitude of potential risk areas. For example, buyers can use the ICI Risk Management application that allows configuring a questionnaire to perform supplier risk assessment. The risk areas can be identified based on the responses received for the questionnaire as the outcome of the risk assessment process.
Risk assessment workflow performed by risk assessment owners typically involves the following:
Here is the Risk Assessment workflow at a glance:
1.Click the "Risk Management" tile on the "Home" page. The dropdown opens with options:
2. Click "Create Risk Assessment". The "Attributes" page for "Create Risk Assessment" opens. The "Attributes" page includes questions to capture the responses based on which the risk areas can be generated. These questions are non-seeded attributes and users can configure them to the Risk Assessment contract type as per their business needs.
Attributes page has seeded sections as:
3. Enter the details in fields in the "Identification" section:
4. Enter the details in fields in the "Risk Assessment Timeline" section.
5. Enter the details in fields in all the sections on the Attributes page.
6. Click "Next". The "Verify" page opens.
7. Verify the details and click "Create". The risk assessment is created in "Draft" state.
Once created, users can "Edit", "Delete", "Cancel" or "Submit" the "Risk Assessment".
1. Click the "Risk Management" > "Risk Assessment" tile options on the "Home" page.
2. Click the View Record eye icon next to the Risk Assessment record you want to open. For example, "Risk_Assessment_Jan2022". The Risk Assessment Details page opens.
1. Click "Edit" on the Risk Assessment Details page. The Edit Agreement page opens.
3. Verify the details and click "Update". The risk assessment is updated and remains in "Draft" state.
1.Click "Cancel" on the Risk Assessment Details page.
The confirmation window opens.
2. Click "Yes". The "Add Note" drawer opens.
3. Add note text and select the "Reason Code".
4. Click "Add". The Risk Assessment status changes to "Cancelled".
1. Click "Delete" on the Risk Assessment Details page.
3. Click "Add". The risk assessment will be deleted and agreement index page opens.
Click "Submit" on the Risk Assessment Details page.
Approvers can Approve or Reject the Risk Assessment from the risk assessment Details page.
To reject:
1. Click "Reject".
2. Add note text and select the Reason Code.
3. Click "Add". The Risk Assessment is rejected and goes back to "Draft" state.
To approve:
1. Click "Approve". The "Add Note" window opens.
If there are no Approvers added to the Risk Assessment Team, the record will be approved directly and move to the "Assessment Complete" state.
Changes made to the Risk Assessment record during various ICI risk management workflows are captured and can be viewed under History tab. For example, changes in Risk_Assessment_Jan2022 throughout its lifecycle are captured.
Click "Show Changes" to view the details of the particular event of the risk assessment instance.
Managing Risk Area includes:
The risk area can be generated automatically by seeded rules based on the risk assessment responses. Users can also add the risk area manually to the risk assessment.
The ICI Risk Management application provides set of rules to generate Risk Areas automatically based on the responses gathered from the risk assessment. Refer the ICI Risk Management Configuration Guide for details on rules used in the ICI Risk Management application.
The workflow for generating risk areas automatically includes process as follows:
1. A recommended rule Identify Risk Areas on the event Risk Assessment Created identifies applicable risk areas based on the specific attribute values from the Risk Assessment record.
For example, the sample Identify Risk Areas rule with the attribute Risk Assessment Description. When this attribute has the response as Assessment for Supplier, then the Applicable Risk Area is identified and set as Anti Bribery & Corruption.
To create a risk area for risk assessment:
1. Click "Risk Management" > "Risk Assessments" from the "Home" page. The search results page with all risk assessment records opens.
2. Click the View Record icon next to the Risk Assessment for which you want to create Risk Area. The Risk Assessment Details page opens.
3. Click Create Association action icon (plus sign) next to Risk Area under the Associations. The "Create Association" for Risk Area page opens.
The "Create Association Risk Area" page has these sections:
4. Select or enter the details in the attributes in all the sections. The attributes can be mandatory, lookup type, cascading, conditional, multi-select and so on.
Reference Risk Assessment
This section contains the attributes:
Risk Area Details
This section contains the attributes:
Risk Area owners are Subject Matter Experts who can look into risk area end to end for validity of risk, planning risk remediation, monitoring the progress and performance of risk remediation actions
Inherent Risk Rating
Inherent risk rating is the risk rating applicable to the risk when it was determined for the first time.
This section contains the attributes:
Risk Remediation Plan
This section includes the informaton related to the remediation strategies and actions that can be taken to mitigate the risk areas.
This section contains the attributes:
Residual Risk Rating
This section includes the information related to the residual risk left after the remediation actions are taken.
This section contains the attributes:
5. Click "Create". The Risk Area is created in Assessment state.
Risk Area records can be searched from:
To search risk area from Advanced Search page:
1. Click the "Advanced" link from the header toolbar on the ICI UI. The "Advanced Search" page opens.
2. Select Risk Area in the "Entity" dropdown field.
3. Click the search icon. All available Risk Area records are displayed.
To search risk area using Global Search
Enter the relevant search criteria in the Enter search here…search bar on the ICI UI. For example, Risk Area. All available Risk Area records are displayed in a drop down.
To search risk area from association index page:
1. Click "Associations" tile on the "Home" page. The Associations index page opens.
2. Filter the records for Risk Area entity using "Categories" refine search within the "Refine View" panel. All available Risk Area records are displayed.
Risk area owner can take existing ICI actions for associations on risk area.
The Risk owner can be added to the risk area through configured rules. Risk owner can then take certain actions from the risk area Details page.
The actions can be:
Users can repeat the workflow Due Diligence – Remediate – Monitor until the risk is completely mitigated.
Users can also automate the workflows to initiate due diligence, remediate and monitor risk areas by configuring rules.
1. Click "Risk Management" > "Risk Assessments" from the Home page. The list of all available risk assessments opens.
2. Click View Record icon next to the Risk Assessment you want to opens. The Risk Assessment Details page opens.
3. Click Risk Area tab in the left navigation. The risk area grid opens.
4. Click View Record icon next to the risk area you want to open. The risk area Details page opens.
5. Click "Edit". The "Edit Associated Document" for Risk Area page opens.
Users can edit the risk area from risk area details page as well.
Click "Initiate Due Diligence". The Risk Area Details page opens again.
The status of the risk area changes to "Due Diligence".
With the status of the risk area in "Due Diligence", click "Remediate" on the risk area Details page.
The Risk Area Details page opens again and the status of the risk area changes to "Remediation".
Users can monitor the risk areas based on the remediation actions taken to check whether the risks are reduced.
To monitor a risk area:
Click Monitor on the risk area Details page. The risk area Details page opens again and the status of the risk area changes to Monitoring.
The status of the risk area changes to Monitoring.
Users can repeat the actions taken on the risk areas until the risks are completely mitigated.
1.Click Initiate Due Diligence or Remediate on the risk area Details page for the risk area in the Monitoring state. For example, select Initiate Due Diligence. The Association Initiate Due Diligence note window opens to add a note.
2.Add a note text and select a Reason code.
3. Click Add. The status of the risk area changes back to Due Diligence.
Risk owners can deactivate the invalid risk area. Once deactivated, no further actions are allowed on the risk area.
1. Click Deactivate on the risk area Details page. The Association Deactivate note window opens to add a note.
2. Add a note text and select a Reason code.
3. Click Add. The status of the risk area changes to Deactivated.
Changes made to the Risk Area record during various ICI risk management workflows are captured and can be viewed under History tab. For example, changes in ICIRiskArea_372 throughout its lifecycle are captured.
Click Show All Changes to view the details of the particular event of the risk area instance.
Moving Risk Area workflow automatically
The users can manage the Risk Assessment and Risk Area action workflows using the script attribute Target ICM Status. Users can set the value in Target ICM Status to specific status and move records to that particular state during the risk management workflow. For example, risk area record can be moved from the Draft state to either Due Diligence, Remediation or Monitoring state using attribute Target ICM status .
Risk assessment and risk area records can be uploaded in ICI directly in specific status by setting the state value in the Target ICM Status attribute using ICI’s Legacy Upload functionality. The business status would then be set accordingly.
For example, when users want to upload large number of historical risk assessment records using Legacy Upload, they can directly upload in the Approved state by setting it in the Target ICM Status attribute and the business state would be set as Assessment Complete.
Refer the ICI Risk Management Configuration Guide for details on Managing Risk Workflows using attribute Target ICM Status.
Users can create remediation tasks for managing risks using commitments, obligations or any third party system. ICI Risk Management app currently supports managing Risk Assessment and Risk Area using ICI Commitment functionality.
To create a task using commitment:
1. Click the Risk Management > Risk Assessment on the Home page. The saved search result page opens with all Risk Assessment records.
2. Click the View Record icon next to the Risk Assessment record you want to open. For example, Risk_Assessment_May2020. The Risk Assessment Details page opens.
3. Click the Commitments tab in the left navigation. The existing commitments are displayed if any.
4. Click Add Commitment action icon. The Add Commitment window opens
5. Enter the details for the commitment.
6. Click Add Commitment. The commitment is created and added to risk assessment.
To view and take action on the commitment tasks:
1. Click the icon Take action on commitment. The Add Action window opens.
2. Add the action details.
3. Click Save. The Commitment status is updated according to the action taken.
Refer to the Compliance Management for more details on working with commitments.
The ICI Risk Management app sends the notifications when certain actions are taken on the Risk Area. These notifications are seeded.
The notifications are sent when events occurs:
The recipients can access the notifications from Notification Dashboard:
Related Topics: Agreement Management | Biz Apps Release Notes |
You do not have permission to edit this page, for the following reason:
The action you have requested is limited to users in one of the groups: Users, User.
You can view and copy the source of this page:
Return to ICI Risk Management.