From ICIHelp8.2
Jump to: navigation, search
 
(96 intermediate revisions by 3 users not shown)
Line 9: Line 9:
  
 
Icertis uses a standard framework of discovery, assessment, remediation, monitoring and optimization to manage enterprise risk.
 
Icertis uses a standard framework of discovery, assessment, remediation, monitoring and optimization to manage enterprise risk.
<div class="image-green-border">&nbsp;</div>
+
<div class="image-green-border">ICI Risk Management supports the following risk management business scenarios: &nbsp;</div>
ICI Risk Management supports the following risk management business scenarios: &nbsp;
+
 
+
 
*'''Business Operations Risk:&nbsp;'''For example, the impact of pandemic on the business operations of an organization.&nbsp;  
 
*'''Business Operations Risk:&nbsp;'''For example, the impact of pandemic on the business operations of an organization.&nbsp;  
 
*'''Contractual Risk:'''&nbsp;For example, managing risks that arise from non-standard agreement terms, clauses, and so on.&nbsp;  
 
*'''Contractual Risk:'''&nbsp;For example, managing risks that arise from non-standard agreement terms, clauses, and so on.&nbsp;  
 
*'''Counter-Party Risk:'''&nbsp;For example, managing risks relevant to suppliers and vendors.  
 
*'''Counter-Party Risk:'''&nbsp;For example, managing risks relevant to suppliers and vendors.  
  
&nbsp;
+
== The Terminology ==
 +
 
 +
Here are some terms that will help you better understand the risk management process:
 +
 
 +
*Risk Assessment:&nbsp;&nbsp;It deals with the process of identifying and evaluating the magnitude of potential risk areas.
 +
*Risk Area:&nbsp;It is the exposure that an organization has from internal or external factor(s) that impact the normal<br/> functioning of business and will lower its bottom line (or profits) or lead it to fail. For example, cyber security<br/> risk.
 +
**Risk Taxonomy:&nbsp;It is comprehensive set of risk categories and sub-categories used in an<br/> organization. It outlines as approach to categorize and aggregate all types of risks that could affect<br/> the organization's objectives.
 +
**Assessment:&nbsp;Risk owner determines or assesses whether identified risk area is valid or not.<br/> Likewise, risk owner can add a risk area manually.
 +
**Due Diligence:&nbsp;It is a complete review of the risk area. As part of incomplete or missing<br/> information, tasks may be created to gather information.
 +
**Remediation:&nbsp;It is a strategy created to mitigate risks. For example, Avoid strategy, Transfer<br/> Strategy, Reduce Strategy, etc. Based on the remediation strategy, mitigation tasks are initiated.
 +
***Control Effectiveness Rating: It represents the effectiveness of risk remediation actions<br/> taken to mitigate risk.&nbsp;   
 +
*Monitor and Optimize: Monitoring involves the process of tracking the progress of residual risk level and risk<br/> score of a risk area as against the remediation tasks made for mitigation. If the residual risk score and risk<br/> level does not change as compared to the inherent score, then optimization allows taking additional due<br/> diligence or remediation tasks to mitigate risk.
 +
*Risk Score Matrix:&nbsp;&nbsp;It is a matrix that uses a combination of likelihood and consequence rating to determine<br/> magnitude of risk.&nbsp;
 +
**Inherent Risk:&nbsp;It is a risk indicator. It is the starting score for each identified risk area and is<br/> expected to be controlled.
 +
**Residual Risk:&nbsp;It is a risk indicator. It is the score that depicts the risk remaining once mitigation<br/> actions have been planned and implemented.
 +
**Likelihood Rating: On a risk matrix, it represents the likelihood (level of probability) of risk<br/> occurrence.
 +
**Consequence Rating:&nbsp;On a risk matrix, it represents the magnitude (level of impact) of risk<br/> occurrence.
 +
**Risk Level:&nbsp;&nbsp;It is the qualitative score for every risk area transaction.
 +
**Risk Score:&nbsp;It is the quantitative score for every risk area transaction. 
 +
 
 +
== The Challenge ==
 +
 
 +
Business risk can emerge from any division of a company and must be managed proactively to avoid devastating<br/> impacts. Often, these risks originate in the contracts of an organization with an external party or because of the<br/> business and regulatory environment in which the entity operates.<br/> Yet, most organizations manage contractual, regulatory, financial reporting and environmental obligations<br/> manually. Automated extraction and monitoring of obligations are prevalent in very few companies across various<br/> industry verticals. Consequently, organizations do not have adequate visibility into the status of these obligations<br/> and end up being reactive in identifying and handling risks.
 +
 
 +
This raises the following challenges:&nbsp;
 +
 
 +
*Companies cannot proactively assess and manage their risks in business environment characterized by<br/> unpredictability, volatility and mounting counter-party solvency risks.
 +
*Traditional Governance, Risk and Compliance (GRC) and Risk Management tools are not able to roll-up<br/> enterprise-wide risk insights from across contracts which are the ultimate source of commercial truth, and<br/> hence are only good at reporting and analyzing risks in hindsight.&nbsp;
 +
*Lack of visibility and insight into obligations, typically spelled out in detail in service contracts, can lead to<br/> substantial risks for businesses if not surfaced at the appropriate time and monitored at an adequate level to<br/> provide required executive attention.
 +
 
 +
== The Solution ==
 +
 
 +
Built on the Icertis Contract Intelligence platform, the ICI Risk Management App brings a paradigm shift in<br/> the management of business risks. The App offers a process-oriented enterprise-wide solution to stay on top<br/> of all potential risks that a business faces – whether they emanate from the potential insolvency of a<br/> counter-party, payment default by a customer, supply disruption due to a pandemic or natural disaster,<br/> logistics blockades due to localized conflicts, or other market turbulence.
 +
 
 +
With the Risk Management App, companies can:&nbsp;
 +
 
 +
*Perform risk discovery, assessment, remediation, monitoring and optimization in any business context that is<br/> relevant to a specific organization. For example, supplier risk assessment at the time of onboarding a supplier,<br/> customer credit risk check while signing long-term contracts on non-cash terms, contractual performance risk<br/> while evaluating technical capabilities of a service provider, etc.&nbsp;
 +
*Prevent and reduce risk-injection as opposed to only managing risks.
 +
 
 +
== The Capabilities ==
 +
 
 +
The intelligent and easy-to-use ICI Risk Management App offers these powerful capabilities:
 +
 
 +
*Ability to embed risk assessment in various business processes:
 +
**For example, during negotiation, supplier/ customer onboarding, third party contract ingestion, etc. 
 +
*Flexible and configurable risk assessment frameworks:
 +
**To cater to various industry and business-specific risk management requirements. 
 +
*Questionnaire-based risk identification:
 +
**Questionnaire configuration capability to discover all vendor or business operation risks based on<br/> responses. 
 +
*Risk area and scoring model configurability:
 +
**A configurable risk area to gauge contract, counter-party and operations risk at various levels of<br/> business granularity.
 +
**An easy-to-configure platform that helps to set up a quantitative and qualitative risk score model to<br/> meet business needs. 
 +
*Alerts and notifications:&nbsp;
 +
**In-built notifications to inform risk owner about changes in risk area status. 
 +
*Auditing:&nbsp;
 +
**Audit trails of every action with user and time-stamp details. 
 +
 
 +
== The Benefits&nbsp; ==
 +
 
 +
*The ICI Risk Management App changes the risk management paradigm from identification and mitigation to<br/> preventing risk injection and remediation.
 +
*Effective risk monitoring reduces the impact of operational, financial and reputational risk, contributing<br/> significantly to the company’s bottom line.
 +
*Configurable system can conform to any risk model in the world and even develop industry and companyspecific risk models with no custom code required, thereby greatly reducing deployment costs.
  
 
== The Prerequisites ==
 
== The Prerequisites ==
Line 27: Line 86:
 
== Configuration setup overview ==
 
== Configuration setup overview ==
  
ICI offers the ability to determine the application type (Contracting, Sourcing, Obligation Management and Risk Management application) when creating a contract type. This is possible with the inclusion of two new choice type attributes, Business Application Type and Business Application Category at the contract type level. This feature helps effortlessly drive business applications on ICI platform.<br/> These attributes are enabled through technical configuration and &nbsp;applicable for agreements and associated document contract types. The access privileges for business applications (such as Risk Management) are managed through security groups.&nbsp;<br/> &nbsp;
+
ICI offers the ability to determine the application type (Contracting, Sourcing, Obligation Management and Risk Management application) when creating a contract type. This is possible with the inclusion of two new choice type attributes, Business Application Type and Business Application Category at the contract type level. This feature helps effortlessly drive business applications on ICI platform.<br/> These attributes are enabled through technical configuration and &nbsp;applicable for agreements and associated document contract types. The access privileges for business applications (such as Risk Management) are managed through security groups.&nbsp;
  
 
=== Seeded Configuration and setup ===
 
=== Seeded Configuration and setup ===
Line 59: Line 118:
 
The ICI Risk Management application provides some seeded masterdata that are necessary for the flow of the risk management. Users can create masterdata instances with desired values.<br/> To create masterdata instance:
 
The ICI Risk Management application provides some seeded masterdata that are necessary for the flow of the risk management. Users can create masterdata instances with desired values.<br/> To create masterdata instance:
  
1.&nbsp;'''Click '''''Configuration ''> ''Masterdata ''> ''Create Masterdata ''on the ''Home ''page. The ''Create Masterdata ''page opens.
+
1.&nbsp;'''Click '''"Configure"&nbsp;> "Masterdata"&nbsp;from the "Home"&nbsp;page menu. The Masterdata page opens.
<div class="image-green-border">[[File:7.12-RiskManagement-Configuration1.png|RTENOTITLE]]</div>  
+
<div class="image-green-border">[[File:RMApp1-11.PNG|720px|RMApp1-11.PNG]]</div>
2.&nbsp;'''Select '''the ''Masterdata Contract Type''. For example, ''Risk Area Master''.
+
2. '''Click&nbsp;'''"Create" button. The "Create Masterdata" page opens.
<div class="image-green-border">[[File:7.12-RiskManagement-RiskAreaMaster.png|720px|RTENOTITLE]]</div>  
+
<div class="image-green-border">[[File:RMApp1-12.PNG|720px|RMApp1-12.PNG]]</div>  
3.&nbsp;'''Click '''''Next''. The ''Attributes ''page opens.
+
3.'''Select '''the "Masterdata" Contract Type. For example, "Risk Area Master".
 +
<div class="image-green-border">[[File:RMApp1-13.PNG|720px|RMApp1-13.PNG]]</div>  
 +
3.&nbsp;'''Click '''"Next". The "Attributes"&nbsp;page opens.
  
4.&nbsp;'''Enter '''or '''select '''the details in the fields. For example,&nbsp;enter ''Risk Area Name as Anti-Bribery Corruption.&nbsp;''
+
4.&nbsp;'''Enter '''or '''select '''the details in all relevant fields. For example,&nbsp;enter "Risk Area Name" as "Anti-Bribery Corruption".
  
5.&nbsp;'''Click '''''Save''. The masterdata instance is created.
+
5.&nbsp;'''Click '''"Create". The masterdata instance is created.
<div class="image-green-border">[[File:7.12-RiskManagement-RiskAreaMaster1.png|720px|7.12-RiskManagement-RiskAreaMaster1.png]]</div>  
+
<div class="image-green-border">[[File:RMApp1-14.PNG|600px|RMApp1-14.PNG]]</div>  
Similarly, setup masterdata for ''Risk Taxonomy, Risk Remediation action, &nbsp;Likelihood Rating ''and''&nbsp;&nbsp;Risk Score Matrix Masters''.
+
Similarly, setup masterdata for "Risk Taxonomy", "Risk Remediation",&nbsp; "Likelihood Rating"&nbsp;and&nbsp; "Risk Score Matrix" Masters.
  
 
== Working with Risk Assessment ==
 
== Working with Risk Assessment ==
Line 75: Line 136:
 
The ICI Risk Management application enables users to manage risks by creating risk assessment. Risk Assessment deals with the process of identifying and evaluating the magnitude of potential risk areas. For example, buyers can use the ICI Risk Management application &nbsp;that allows configuring a questionnaire to perform supplier risk assessment. The risk areas can be identified based on the responses received for the questionnaire as the outcome of the risk assessment process.<br/> Risk assessment workflow performed by risk assessment owners typically involves the following:
 
The ICI Risk Management application enables users to manage risks by creating risk assessment. Risk Assessment deals with the process of identifying and evaluating the magnitude of potential risk areas. For example, buyers can use the ICI Risk Management application &nbsp;that allows configuring a questionnaire to perform supplier risk assessment. The risk areas can be identified based on the responses received for the questionnaire as the outcome of the risk assessment process.<br/> Risk assessment workflow performed by risk assessment owners typically involves the following:
  
*Initiating Risk Assessment: The risk assessment owners can initiate the risk assessment workflow to identify the risks. For example, the risk assessment can be a questionnaire where the users respond to the questions by submitting it. This initiates the risk assessment in ''Draft'' state.  
+
*Initiating Risk Assessment: The risk assessment owners can initiate the risk assessment workflow to identify the risks. For example, the risk assessment can be a questionnaire where the users respond to the questions by submitting it. This initiates the risk assessment in "Draft" state.  
 
*Approving Risk Assessment: Based on the complexity of risk assessment, ICI administrators can configure the rules to add approvers to the assessment team. If there are approvers added to the team, the risk assessment is sent to the approvers for approval. The risk assessment is approved automatically if no approvers are added to the team.  
 
*Approving Risk Assessment: Based on the complexity of risk assessment, ICI administrators can configure the rules to add approvers to the assessment team. If there are approvers added to the team, the risk assessment is sent to the approvers for approval. The risk assessment is approved automatically if no approvers are added to the team.  
*Completing Risk Assessment: The status of the risk assessment changes to ''Assessment Complete'' when the risk assessment is approved. The risk area can be identified and auto-instantiated based on the configured rules.  
+
*Completing Risk Assessment: The status of the risk assessment changes to "Assessment Complete" when the risk assessment is approved. The risk area can be identified and auto-instantiated based on the configured rules.  
  
<br/> Here is the Risk Assessment workflow at a glance:
+
Here is the Risk Assessment workflow at a glance:
 
<div class="image-green-border">[[File:7.12-RiskManagementWorkflow.png|720px|7.12-RiskManagementWorkflow.png]]</div>  
 
<div class="image-green-border">[[File:7.12-RiskManagementWorkflow.png|720px|7.12-RiskManagementWorkflow.png]]</div>  
 +
&nbsp;
 +
 +
&nbsp;
 +
 +
&nbsp;
 +
 +
 
== Creating a Risk Assessment ==
 
== Creating a Risk Assessment ==
  
1.'''Click '''the ''Risk Management'' tile on the ''Home ''page. The drop-down opens with options:
+
1.'''Click '''the "Risk Management" tile on the "Home"&nbsp;page. The dropdown opens with&nbsp; the following option:
 
<ul style="margin-left: 40px;">
 
<ul style="margin-left: 40px;">
<li>''Risk Assessment''</li>
+
<li>Risk Assessments</li>
<li>''Create Risk Assessment''</li>
+
 
</ul>
 
</ul>
<div class="image-green-border">[[File:7.12-RiskManagement-CreateRiskAssessment1.png|720px|7.12-RiskManagement-CreateRiskAssessment1.png]]</div> <div class="image-green-border">&nbsp;</div>  
+
<div class="image-green-border">[[File:RMApp1.PNG|720px|RMApp1.PNG]]</div> <div class="image-green-border">&nbsp;</div> <div class="image-green-border">'''Click&nbsp;'''"Create" on the Risk Assessment index page to open the "Create Risk Assessment" page.&nbsp;</div> <div class="image-green-border">&nbsp;</div> <div class="image-green-border">[[File:8.1-RiskAssessmentIndexPage.PNG|720px|8.1-RiskAssessmentIndexPage.PNG]]</div> <div class="image-green-border">&nbsp;</div> <div class="image-green-border">&nbsp; &nbsp; a. Alternatively, '''click''' the Create workbench plus icon, the "Create" workbench drawer opens with several create action options.</div> <div class="image-green-border">&nbsp;</div> <div class="image-green-border">[[File:RMApp-RiskWorkflow13.PNG|720px|RMApp-RiskWorkflow13.PNG]]</div> <div class="image-green-border">&nbsp;</div> <div class="image-green-border">&nbsp; &nbsp; b. '''Click''' "Create Assessment".</div> <div class="image-green-border">&nbsp;</div> <div class="image-green-border">[[File:RMApp-RiskWorkflow15.PNG|720px|RMApp-RiskWorkflow15.PNG]]</div>  
2.&nbsp;'''Click '''''Create Risk Assessment''. The ''Attributes'' page for ''Create Risk Assessment'' opens. The ''Attributes'' page includes questions to capture the responses based on which the risk areas can be generated. These questions are non-seeded attributes and users can configure &nbsp;them to the Risk Assessment contract type as per their business needs.
+
2.&nbsp;'''Click '''"Create Risk Assessment". The "Attributes" page for "Create Risk Assessment" opens. The "Attributes" page includes questions to capture the responses based on which the risk areas can be generated. These questions are non-seeded attributes and users can configure &nbsp;them to the Risk Assessment contract type as per their business needs.
  
 
Attributes page has seeded sections as:
 
Attributes page has seeded sections as:
 
<ul style="margin-left: 40px;">
 
<ul style="margin-left: 40px;">
<li>''Identification''</li>
+
<li>Identification</li>
<li>''Risk Assessment Timeline''</li>
+
<li>Risk Assessment Timeline</li>
 
</ul>
 
</ul>
  
3.&nbsp;'''Enter '''the details in fields in the ''Identification ''section:
+
3.&nbsp;'''Enter '''the details in fields in the "Identification"&nbsp;section:
 
<ul style="margin-left: 40px;">
 
<ul style="margin-left: 40px;">
<li>''Risk Assessment Name''</li>
+
<li>Risk Assessment Name</li>
<li>''Risk Assessment Description''&nbsp;</li>
+
<li>Risk Assessment Description&nbsp;</li>
<li>''Risk Assessment Entity: ''The context for which the risk assessment is being created. For example, ''Business Operations, Contractual or Counter Party''.</li>
+
<li>Risk Assessment Entity: The context for which the risk assessment is being created. For example, "Business Operations", "Contractual" or "Counter Party".</li>
 
</ul>
 
</ul>
<div class="image-green-border">&nbsp;[[File:7.12-RiskManagement-RiskAreaMaster2.png|720px|7.12-RiskManagement-RiskAreaMaster2.png]]</div>  
+
<div class="image-green-border">&nbsp;[[File:RMApp1-15.PNG|600px|RMApp1-15.PNG]]</div>  
4.&nbsp;'''Enter '''the details in fields in the ''Risk Assessment Timeline section''.
+
4.&nbsp;'''Enter '''the details in fields in the "Risk Assessment Timeline" section.
 
<ul style="margin-left: 40px;">
 
<ul style="margin-left: 40px;">
<li>''Assessment Start Date: ''The date that you start the risk assessment of entity. For example, May 31, 2020.</li>
+
<li>Assessment Start Date: The date that you start the risk assessment of entity. For example, January 15, 2022.</li>
<li>''Assessment End Date: ''The date by which risk assessment of entity should be completed. The assessment end date should be greater than the start date else validation is displayed.</li>
+
<li>Assessment Due Date: The date by which risk assessment of entity should be completed. The assessment due date should be greater than the start date, otherwise a&nbsp;validation error message is displayed.</li>
 
</ul>
 
</ul>
<div class="image-green-border">[[File:7.12-RiskManagement-RiskAreaMaster3.png|720px|7.12-RiskManagement-RiskAreaMaster3.png]]</div>  
+
<div class="image-green-border">[[File:RMApp1-17.PNG|720px|RMApp1-17.PNG]]</div>  
5.&nbsp;'''Enter '''the details in fields in all the sections on the ''Attributes ''page.
+
5.&nbsp;'''Enter '''the details in fields in all the sections on the Attributes page.
  
6.&nbsp;'''Click '''''Next''. The ''Verify ''page opens.
+
6.&nbsp;'''Click '''"Next". The "Verify"&nbsp;page opens.
  
7.&nbsp;'''Verify '''the details and '''click''' ''Create''. The risk assessment is created in ''Draft'' state.&nbsp;
+
7.&nbsp;'''Verify '''the details and '''click'''&nbsp;"Create".
<div class="image-green-border">&nbsp;[[File:7.12-RiskManagement-RiskAreaMaster4.png|720px|7.12-RiskManagement-RiskAreaMaster4.png]]</div>  
+
<div class="image-green-border">[[File:8.0 RM 1.PNG|720px|8.0 RM 1.PNG]]</div> <div class="image-green-border">&nbsp;</div> <div class="image-green-border">The risk assessment is created in "Draft" state.</div> <div class="image-green-border">&nbsp;</div> <div class="image-green-border">[[File:RMApp1-18.PNG|720px|RMApp1-18.PNG]]</div>  
Once created, users can ''Edit, Delete, Cancel ''or ''Submit ''the ''Risk Assessment''.&nbsp;
+
Once created, users can "Edit", "Delete", "Cancel"&nbsp;or "Submit"&nbsp;the "Risk Assessment".
  
=== Searching and viewing the Risk Assessment ===
+
On deleting the risk assessment, users will be redirected to the Risk Assessment “Index” page.&nbsp;<br/> &nbsp;&nbsp;<br/> Some actions that are used less frequently such as “Delete”, option is now moved under the three dots icon on the Risk Assessment “Details” page.
  
1.&nbsp;'''Click '''the ''Risk Management ''> ''Risk Assessment ''on the ''Home ''page.
+
The “Copy Record” action is not supported for Risk Assessment.
<div class="image-green-border">The saved search result page opens with all ''Risk Assessment ''records.&nbsp;Users can refine the search result by applying filters, options and keywords.</div> <div class="image-green-border">&nbsp;</div> <div class="image-green-border">[[File:7.12-RiskManagement-ViewRiskAssesment2.png|720px|7.12-RiskManagement-ViewRiskAssesment2.png]]</div>
+
<div class="note-box">'''Note''': Users can configure the less frequently used actions such as “Copy Record”, “Delete” &nbsp;as per the requirement. &nbsp;</div>  
2.&nbsp;'''Click '''the ''View Record ''icon next to the ''Risk Assessment ''record you want to open. For example, ''Risk_Assessment_May2020''. The ''Risk Assessment Details ''page opens.
+
<div class="image-green-border">[[File:7.12-RiskManagement-RiskAssessmentDetails.png|720px|7.12-RiskManagement-RiskAssessmentDetails.png]]</div> <div class="image-green-border">&nbsp;</div>  
+
 
&nbsp;
 
&nbsp;
 +
 +
 +
=== Searching and viewing the Risk Assessment ===
 +
 +
1.&nbsp;'''Click '''the "Risk Management"&nbsp;> "Risk Assessments" tile options&nbsp;on the "Home"&nbsp;page.
 +
<div class="image-green-border">The Risk Assessment index&nbsp;page opens displaying all the risk assessments.&nbsp;Users can refine the search result by applying filters, options and keywords.</div> <div class="image-green-border">&nbsp;</div> <div class="image-green-border">[[File:8.1-RiskAssessmentIndexPage.PNG|720px|8.1-RiskAssessmentIndexPage.PNG]]</div>
 +
2.&nbsp;'''Click '''the View Record eye&nbsp;icon next to the Risk Assessment record you want to open. For example, "Risk Assessment for Acme Corporation". The Risk Assessment Details page opens.
 +
<div class="image-green-border">[[File:RMApp1-20.PNG|720px|RMApp1-20.PNG]]</div> <div class="image-green-border">&nbsp;</div> <div class="image-green-border">The left navigation pane can be expanded or collapsed, as needed. The collapsed view gives a wider view of the Risk Assessment Details page.</div> <div class="image-green-border">&nbsp;</div> <div class="image-green-border">[[File:RMApp-RiskWorkflow26.PNG|560px|RMApp-RiskWorkflow26.PNG]]</div> <div class="image-green-border">&nbsp;</div> <div class="image-green-border">Clicking the hamburger menu icon&nbsp;[[File:Hamburger-menu-1.jpg|15px|Hamburger-menu-1.jpg]] expands the left pane.</div> <div class="image-green-border">&nbsp;</div> <div class="image-green-border">[[File:RMApp-RiskWorkflow27.PNG|560px|RMApp-RiskWorkflow27.PNG]]</div> <div class="image-green-border">&nbsp;</div> <div class="image-green-border">&nbsp;</div> <div class="image-green-border">'''Advanced Search'''</div> <div class="image-green-border">&nbsp;</div> <div class="image-green-border">The Advanced Search now displays the business app entity Risk Assessment and Risk Area in the Advanced Search window.&nbsp;</div> <div class="image-green-border">&nbsp;</div> <div class="image-green-border">[[File:8.1-RMApp-AdvancedSearch.PNG|720px|8.1-RMApp-AdvancedSearch.PNG]]</div> <div class="image-green-border">&nbsp;</div>
  
 
=== Editing the Risk Assessment ===
 
=== Editing the Risk Assessment ===
  
1.&nbsp;'''Click '''Edit on the Risk Assessment Details page. The Edit Agreement page opens.
+
1.&nbsp;'''Click '''"Edit" on the Risk Assessment Details page. The Edit Risk Assessment page opens.
<div class="image-green-border">[[File:7.12-RiskManagement-Edit1.png|720px|7.12-RiskManagement-Edit1.png]]</div> <div class="image-green-border">&nbsp;</div> <div class="image-green-border">2.&nbsp;'''Make '''the required changes and '''click''' ''Next''. The&nbsp;''Verify&nbsp;''page opens.&nbsp;</div> <div class="image-green-border">[[File:7.12-RiskManagement-Edit2.png|720px|7.12-RiskManagement-Edit2.png]]</div>  
+
<div class="image-green-border">[[File:RMApp-Edit.PNG|720px|RMApp-Edit.PNG]]</div> <div class="image-green-border">&nbsp;</div> <div class="image-green-border">2.&nbsp;'''Make '''the required changes and '''click'''&nbsp;"Next". The "Verify"&nbsp;page opens.&nbsp;</div> <div class="image-green-border">&nbsp;</div> <div class="image-green-border">[[File:RMApp-Edit2.PNG|600px|RMApp-Edit2.PNG]]</div>  
3.&nbsp;'''Verify '''the details and '''click''' ''Update''. The risk assessment is updated and remains in ''Draft'' state.
+
3.&nbsp;'''Verify '''the details and '''click'''&nbsp;"Update". The risk assessment is updated and remains in "Draft" state.
<div class="image-green-border">[[File:7.12-RiskManagement-Edit3.png|720px|7.12-RiskManagement-Edit3.png]]</div>  
+
<div class="image-green-border">[[File:RMApp-Edit3.PNG|480px|RMApp-Edit3.PNG]]</div>  
 
&nbsp;
 
&nbsp;
  
 
=== Canceling the Risk Assessment ===
 
=== Canceling the Risk Assessment ===
  
1.'''Click '''''Cancel'' on the ''Risk Assessment Details'' page.
+
1.'''Click '''"Cancel" on the Risk Assessment Details page.
<div class="image-green-border">[[File:7.12-RiskManagement-CancellingRiskAssessment.png|720px|7.12-RiskManagement-CancellingRiskAssessment.png]]</div>  
+
<div class="image-green-border">[[File:RMApp-Cancel.PNG|840px|RMApp-Cancel.PNG]]</div>  
 
The confirmation window opens.
 
The confirmation window opens.
<div class="image-green-border">[[File:7.12-RiskManagement-CancellingRiskAssessment1.png|720px|7.12-RiskManagement-CancellingRiskAssessment1.png]]</div>  
+
<div class="image-green-border">[[File:RMApp-Cancel2.PNG|360px|RMApp-Cancel2.PNG]]</div>  
2.&nbsp;'''Click '''''Yes''. The ''Add Note'' window opens.
+
2.&nbsp;'''Click '''"Yes". The "Add Note" drawer&nbsp;opens.
<div class="image-green-border">[[File:7.12-RiskManagement-CancellingRiskAssessment2.png|720px|7.12-RiskManagement-CancellingRiskAssessment2.png]]</div>  
+
<div class="image-green-border">[[File:RMApp-Cancel3.PNG|540px|RMApp-Cancel3.PNG]]</div>  
3.&nbsp;'''Add '''note text and '''select''' the ''Reason Code''.
+
3.&nbsp;'''Add '''note text and '''select''' the "Reason Code".
 +
 
 +
4.&nbsp;'''Click '''"Add". The Risk Assessment status changes to "Cancelled".
 +
<div class="image-green-border">[[File:RMApp-Cancel4.PNG|720px|RMApp-Cancel4.PNG]]</div>
 +
&nbsp;
  
4.&nbsp;'''Click '''Add. The Risk Assessment status changes to ''Cancelled''.
 
<div class="image-green-border">[[File:7.12-RiskManagement-CancellingRiskAssessment3.png|720px|7.12-RiskManagement-CancellingRiskAssessment3.png]]</div>
 
 
&nbsp;
 
&nbsp;
  
 
=== Deleting the Risk Assessment ===
 
=== Deleting the Risk Assessment ===
  
1.&nbsp;'''Click '''''Delete'' on the Risk Assessment ''Details'' page.&nbsp;
+
1.&nbsp;'''Click '''"Delete" on the Risk Assessment Details page.&nbsp;
<div class="image-green-border">[[File:7.12-RiskManagement-DeleteRiskAssessment.png|720px|7.12-RiskManagement-DeleteRiskAssessment.png]]</div> <div class="image-green-border">&nbsp;</div> <div class="image-green-border">The&nbsp;''Add Note&nbsp;''window opens.&nbsp;</div> <div class="image-green-border">&nbsp;</div> <div class="image-green-border">[[File:7.12-RiskManagement-DeleteRiskAssessment1.png|720px|RTENOTITLE]]</div>
+
<div class="image-green-border">[[File:RMApp-Delete1.PNG|720px|RMApp-Delete1.PNG]]</div> <div class="image-green-border">&nbsp;</div> <div class="image-green-border">The "Add Note"&nbsp;window opens.</div> <div class="image-green-border">&nbsp;</div> <div class="image-green-border">2.&nbsp;'''Add''' note text and '''select''' the "Reason Code".</div>
2.&nbsp;'''Add''' note text and '''select''' the ''Reason Code.''
+
3.&nbsp;'''Click'''&nbsp;"Add". The risk assessment will be deleted and risk assessment index page opens.
 
+
3.&nbsp;'''Click''' ''Add''. The risk assessment will be deleted and agreement index &nbsp;page opens.
+
  
 
&nbsp;
 
&nbsp;
Line 160: Line 233:
 
=== Submitting the Risk Assessment ===
 
=== Submitting the Risk Assessment ===
  
'''&nbsp;Click '''''Submit'' on the Risk Assessment ''Details'' page. The risk assessment is sent for approval and its status changes to ''Waiting for Approva;''
+
'''&nbsp;Click '''"Submit" on the Risk Assessment Details page.
<div class="image-green-border">[[File:7.12-RiskManagement-SubmittingRiskAssessment.png|720px|7.12-RiskManagement-SubmittingRiskAssessment.png]]</div>  
+
<div class="image-green-border">[[File:RMApp-Submit.PNG|720px|RMApp-Submit.PNG]]</div> <div class="image-green-border">&nbsp;</div> <div class="image-green-border">The risk assessment is sent for approval and its status changes to "Waiting for Approval".</div> <div class="image-green-border">&nbsp;</div> <div class="image-green-border">[[File:RMApp-Submit2.PNG|720px|RMApp-Submit2.PNG]]</div>  
Approvers can Approve or Reject the Risk Assessment from the risk assessment Details page.&nbsp;
+
Approvers can Approve or Reject the Risk Assessment from the risk assessment Details page.
 +
 
 +
&nbsp;
 +
 
 +
&nbsp;
  
 
=== Rejecting the risk assessment ===
 
=== Rejecting the risk assessment ===
Line 168: Line 245:
 
'''To reject:'''
 
'''To reject:'''
  
1.&nbsp;'''Click '''''Reject''.&nbsp;
+
1.&nbsp;'''Click '''"Reject".&nbsp;
<div class="image-green-border">[[File:7.12-RiskManagement-RejectRiskAssessment.png|720px|7.12-RiskManagement-RejectRiskAssessment.png]]</div>  
+
<div class="image-green-border">[[File:RMApp-Reject1.PNG|700px|RMApp-Reject1.PNG]]</div>  
 
2.&nbsp;'''Add '''note text and select the Reason Code.
 
2.&nbsp;'''Add '''note text and select the Reason Code.
<div class="image-green-border">[[File:7.12-RiskManagement-RejectRiskAssessment1.png|720px|7.12-RiskManagement-RejectRiskAssessment1.png]]</div>  
+
<div class="image-green-border">[[File:RMApp-Reject2.PNG|600px|RMApp-Reject2.PNG]]</div>  
3.&nbsp;'''Click '''Add. The Risk Assessment is rejected and&nbsp;goes back to ''Draft'' state.
+
3.&nbsp;'''Click '''"Add". The Risk Assessment is rejected and&nbsp;goes back to "Draft" state.
 +
 
 +
&nbsp;
 +
 
 +
&nbsp;
  
 
=== Approving the risk assessment ===
 
=== Approving the risk assessment ===
Line 178: Line 259:
 
'''To approve:'''
 
'''To approve:'''
  
1.&nbsp;'''Click '''''Approve''. The ''Add Note'' window opens.&nbsp;
+
1.&nbsp;'''Click '''"Approve". The "Add Note" window opens.&nbsp;
<div class="image-green-border">[[File:7.12-RiskManagement-ApproveRiskAssessment.png|720px|7.12-RiskManagement-ApproveRiskAssessment.png]]</div>  
+
<div class="image-green-border">[[File:1080px-8.0 RM 3.PNG|720px|1080px-8.0 RM 3.PNG]]</div> <div class="image-green-border">&nbsp;</div> <div class="image-green-border">2.&nbsp;'''Add&nbsp;'''note text.</div> <div class="image-green-border">&nbsp;</div> <div class="image-green-border">3.&nbsp;'''Click '''"Add". The Risk Assessment state changes to "Assessment Complete".</div>
2.&nbsp;'''Add&nbsp;'''note text.
+
If there are no Approvers added to the Risk Assessment Team, the record will be approved directly and move to the "Assessment Complete" state.
<div class="image-green-border">[[File:7.12-RiskManagement-ApproveRiskAssessment1.png|720px|7.12-RiskManagement-ApproveRiskAssessment1.png]]</div>  
+
<div class="image-green-border">[[File:RMApp-Complete.PNG|720px|RMApp-Complete.PNG]]</div>  
3.&nbsp;'''Click '''Add. The Risk Assessment state changes to ''Assessment Complete''.
+
 
+
If there are no Approvers added to the Risk Assessment Team, the record will be approved directly and move to the ''Assessment Complete'' state.
+
<div class="image-green-border"><br/> [[File:7.12-RiskManagement-RiskAssessmmentDetails.png|720px|7.12-RiskManagement-RiskAssessmmentDetails.png]]</div>  
+
 
&nbsp;
 
&nbsp;
<div class="note-box">'''Note''': The ''Assessment Complete'' state is the final state for Risk Assessment, and users cannot take further actions.</div>  
+
<div class="note-box">'''Note''': The "Assessment Complete" state is the final state for Risk Assessment, and users cannot take further actions.</div>  
 +
&nbsp;
 +
 
 
&nbsp;
 
&nbsp;
  
 
=== Auditing Risk Assessment ===
 
=== Auditing Risk Assessment ===
  
Changes made to the Risk Assessment record during various ICI risk management workflows are captured and can be viewed under History tab. For example, changes in Risk_Assessment_May2020 throughout its lifecycle are captured.
+
Changes made to the Risk Assessment record during various ICI risk management workflows are captured and can be viewed under "History" tab. For example, changes in "Risk Assessment for Acme Corporation&nbsp;throughout its lifecycle are captured.
<div class="image-green-border">[[File:7.12-RiskManagement-AuditingRiskAssessment.png|720px|7.12-RiskManagement-AuditingRiskAssessment.png]]</div>  
+
<div class="image-green-border">[[File:RMApp-RiskWorkflow12.PNG|720px|RMApp-RiskWorkflow12.PNG]]</div>  
'''Click''' ''Show All Changes'' to view the details of the particular event of the risk assessment instance.
+
'''Click'''&nbsp;"Show Changes" to view the details of the particular event of the risk assessment instance.
<div class="image-green-border">[[File:7.12-RiskManagement-AuditingRiskAssessment1.png|720px|7.12-RiskManagement-AuditingRiskAssessment1.png]]</div> <div class="image-green-border">&nbsp;</div>  
+
<div class="image-green-border">[[File:RMApp-History2.PNG|800px|RMApp-History2.PNG]]</div> <div class="image-green-border">&nbsp;</div> <div class="image-green-border">Clicking the status of the Risk Assessment or Risk Area opens the “History” window.</div> <div class="image-green-border">&nbsp;</div> <div class="image-green-border">[[File:8.1-RMApp-History.png|500px|8.1-RMApp-History.png]]</div> <div class="image-green-border">&nbsp;</div>
&nbsp;
+
  
 
== Working with Risk Area ==
 
== Working with Risk Area ==
Line 207: Line 285:
  
 
The risk area can be generated automatically by seeded rules based on the risk assessment responses. Users can also add the risk area manually to the risk assessment.
 
The risk area can be generated automatically by seeded rules based on the risk assessment responses. Users can also add the risk area manually to the risk assessment.
 +
 +
&nbsp;
  
 
=== <br/> Creating Risk Area automatically using rules ===
 
=== <br/> Creating Risk Area automatically using rules ===
  
The ICI Risk Management application provides set of rules to generate Risk Areas automatically based on the responses gathered from the risk assessment. Refer the ICI Risk Management Configuration Guide&nbsp;for details on rules used in the ICI Risk Management application.
+
The ICI Risk Management application provides set of rules to generate Risk Areas automatically based on the responses gathered from the risk assessment. Refer the "ICI Risk Management Configuration Guide" for details on rules used in the ICI Risk Management application.
  
 
The workflow for generating risk areas automatically includes process as follows:
 
The workflow for generating risk areas automatically includes process as follows:
  
1.&nbsp;A recommended rule Identify Risk Areas on the event Risk Assessment Created identifies applicable risk areas based on the specific attribute values from the Risk Assessment record.
+
1.&nbsp;A recommended rule "Identify Risk Areas" can be configured by the app implementation team&nbsp;on the event "Risk Assessment Created" to identify&nbsp;applicable risk areas, based on the specific attribute values from the Risk Assessment record.
 +
 
 +
For the attribute "Risk Assessment Description", if the response is "Sup" (representing supplier), then the Applicable Risk Area is identified and set as "Sanctions".
 +
<div class="image-green-border">[[File:RMApp-RiskWorkflow32.png|360px|RMApp-RiskWorkflow32.png]]</div> <div class="image-green-border">&nbsp;</div> <div class="image-green-border">2.&nbsp;Once the "Risk Areas" are identified, the seeded rule "Auto instantiate applicable risk area" generates those identified risk areas.</div> <div class="image-green-border">3.&nbsp;Another seeded rule "Copy Attribute Values" then copies values specified in the rule from Risk Assessment record to the Risk Areas.</div> <div class="image-green-border">For example, when the "Risk_Assessment_Jan2022" is approved, the risk area is automatically created as "Sanctions".</div> <div class="image-green-border">&nbsp;</div> <div class="image-green-border">[[File:RMApp-RiskWorkflow33.PNG|720px|RMApp-RiskWorkflow33.PNG]]</div>
 +
&nbsp;
 +
 
 +
&nbsp;
  
For example, the sample Identify Risk Areas rule with the attribute Risk Assessment Description. When this attribute has the response as Assessment for Supplier, then the Applicable Risk Area is identified and set as Anti Bribery & Corruption.
 
<div class="image-green-border">[[File:7.12-RiskAreausingRules.png|720px|7.12-RiskAreausingRules.png]]</div> <div class="image-green-border">&nbsp;</div> <div class="image-green-border">2.&nbsp;Once the ''Risk Areas'' are identified, the seeded rule Auto instantiate applicable risk area generates those identified risk areas.</div> <div class="image-green-border">3.&nbsp;Another seeded rule Copy attribute values then copies values specified in the rule from Risk Assessment record to the Risk Areas.</div> <div class="image-green-border">For example, when the Risk_Assessment_May2020 is approved, the risk area is automatically created as Anti Bribery & Corruption.</div> <div class="image-green-border">&nbsp;</div> <div class="image-green-border">[[File:7.12-RiskAreaList.png|720px|7.12-RiskAreaList.png]]</div>
 
 
=== Creating Risk Area manually&nbsp; ===
 
=== Creating Risk Area manually&nbsp; ===
  
 
To create a risk area for risk assessment:&nbsp;
 
To create a risk area for risk assessment:&nbsp;
  
1.&nbsp;'''Click '''Risk Management > Risk Assessment on the Home page. The search results page with all risk assessment records opens.
+
1.&nbsp;'''Click '''"Risk Management" > "Risk Assessments" from&nbsp;the "Home" page. The search results page with all risk assessment records opens.
  
2.&nbsp;'''Click '''the ''View Record'' icon next to the Risk Assessment for which you want to create Risk Area. The ''Risk Assessment Details'' page opens.
+
2.&nbsp;'''Click '''the View Record icon next to the Risk Assessment for which you want to create Risk Area. The Risk Assessment Details page opens.
  
3.&nbsp;'''Click '''''Create Association'' action icon (plus sign) next to ''Risk Area'' under the Associations. The ''Create Association'' for ''Risk Area'' page opens.
+
3.&nbsp;'''Click '''Create Association action icon (plus sign) next to Risk Area under the Associations. The "Create Association" for Risk Area page opens.
<div class="image-green-border">[[File:7.12-CreateRiskArea.png|720px|7.12-CreateRiskArea.png]]</div>  
+
<div class="image-green-border">[[File:RMApp-Association1-1.PNG|720px|RMApp-Association1-1.PNG]]</div>  
The Create Association Risk Area page has sections:
+
The "Create Association Risk Area" page has these sections:
  
 
*Reference Risk Assessment  
 
*Reference Risk Assessment  
Line 244: Line 328:
 
*Risk Assessment Name: This field is populated automatically based on the information entered when creating the risk assessment.&nbsp;  
 
*Risk Assessment Name: This field is populated automatically based on the information entered when creating the risk assessment.&nbsp;  
 
*Risk Assessment Description: This field is populated automatically based on the information entered when creating the risk assessment.&nbsp;  
 
*Risk Assessment Description: This field is populated automatically based on the information entered when creating the risk assessment.&nbsp;  
<div class="image-green-border">[[File:7.12-ReferenceRiskArea.png|720px|7.12-ReferenceRiskArea.png]]</div>  
+
<div class="image-green-border">[[File:RMApp-Association2.PNG|600px|RMApp-Association2.PNG]]</div>  
 
'''Risk Area Details&nbsp;'''
 
'''Risk Area Details&nbsp;'''
  
Line 250: Line 334:
  
 
*Risk Area Instance ID: This is generated automatically after the risk area is created.  
 
*Risk Area Instance ID: This is generated automatically after the risk area is created.  
*Risk Area Name: '''Select''' the risk area name from the drop-down list. This populates the information for the following attributes from the masterdata.&nbsp;  
+
*Risk Area Name: '''Select''' the risk area name from the dropdown list. This populates the information for the following attributes from the masterdata.&nbsp;  
 
**Risk Area Master ID&nbsp;  
 
**Risk Area Master ID&nbsp;  
 
**Short Description  
 
**Short Description  
 
**Category  
 
**Category  
 
**Sub Category  
 
**Sub Category  
**''Risk Area Owner''    
+
**"Risk Area Owner"    
 
*Origin: '''Enter''' the description that contains information about the probable source of risk area.&nbsp;  
 
*Origin: '''Enter''' the description that contains information about the probable source of risk area.&nbsp;  
 
*Effect: '''Enter''' the description about the probable effects of the risks foreseen based on the risk assessment created.  
 
*Effect: '''Enter''' the description about the probable effects of the risks foreseen based on the risk assessment created.  
*Additional Risk Area Owners: If risk area owner is not available in master, then user can add additional risk area owners.&nbsp;<br/> &nbsp;  
+
*Additional Risk Area Owners: If risk area owner is not available in master, then user can add additional risk area owners.&nbsp;  
  
 
Risk Area owners are Subject Matter Experts who can look into risk area end to end for validity of risk, planning risk remediation, monitoring the progress and performance of risk remediation actions
 
Risk Area owners are Subject Matter Experts who can look into risk area end to end for validity of risk, planning risk remediation, monitoring the progress and performance of risk remediation actions
<div class="image-green-border">[[File:7.12-RiskAreaOwners.png|720px|7.12-RiskAreaOwners.png]]</div>  
+
<div class="image-green-border">[[File:RMApp-Association3.PNG|600px|RMApp-Association3.PNG]]</div>  
 
&nbsp;
 
&nbsp;
 
<div class="note-box">'''Note''': The certain values in the risk area details section can be auto-populated from Risk Area Master . The Risk Owner and Additional Risk Area Owners can be added to the risk area team through configured rules.</div>  
 
<div class="note-box">'''Note''': The certain values in the risk area details section can be auto-populated from Risk Area Master . The Risk Owner and Additional Risk Area Owners can be added to the risk area team through configured rules.</div>  
&nbsp;
 
 
 
'''Inherent Risk Rating&nbsp;'''
 
'''Inherent Risk Rating&nbsp;'''
  
Line 277: Line 359:
 
<div class="note-box">Note: The Inherent risk level and score is determined from the values in inherent likelihood rating and consequences rating and can be entered manually or by configuring rules.</div>  
 
<div class="note-box">Note: The Inherent risk level and score is determined from the values in inherent likelihood rating and consequences rating and can be entered manually or by configuring rules.</div>  
 
*Comments: This includes any additional information that you might want to provide regarding the risk assessment created.  
 
*Comments: This includes any additional information that you might want to provide regarding the risk assessment created.  
<div class="image-green-border">[[File:7.12-RiskArea-InherentRiskRating.png|720px|7.12-RiskArea-InherentRiskRating.png]]</div>  
+
<div class="image-green-border">[[File:RMApp-Association4.PNG|600px|RMApp-Association4.PNG]]</div>  
 
'''Risk Remediation Plan&nbsp;'''
 
'''Risk Remediation Plan&nbsp;'''
  
Line 283: Line 365:
  
 
*Remediation Action: '''Enter''' the remediation action that is planned to be taken to minimize the probable risks.&nbsp;  
 
*Remediation Action: '''Enter''' the remediation action that is planned to be taken to minimize the probable risks.&nbsp;  
*Control Effectiveness: '''Select''' the level from the drop-down list that defines the level of effectiveness of measures that will be applied to minimize the risks.  
+
*Control Effectiveness: '''Select''' the level from the dropdown list that defines the level of effectiveness of measures that will be applied to minimize the risks.  
 
*Remediation Action Details: '''Enter''' the remediation action details that describe the remediation actions that will be taken to minimize the risk.&nbsp;  
 
*Remediation Action Details: '''Enter''' the remediation action details that describe the remediation actions that will be taken to minimize the risk.&nbsp;  
<div class="image-green-border">&nbsp;[[File:7.12-RiskAreaRemediation.png|720px|7.12-RiskAreaRemediation.png]]</div>  
+
<div class="image-green-border">&nbsp;[[File:RMApp-Association5.PNG|600px|RMApp-Association5.PNG]]</div>  
 
'''Residual Risk Rating'''<br/> This section includes the information related to the residual risk left after the remediation actions are taken.<br/> This section contains the attributes:
 
'''Residual Risk Rating'''<br/> This section includes the information related to the residual risk left after the remediation actions are taken.<br/> This section contains the attributes:
  
Line 294: Line 376:
 
*Residual Risk Score: Quantitative scoring based on likelihood and consequence if residual risk occurred.&nbsp;  
 
*Residual Risk Score: Quantitative scoring based on likelihood and consequence if residual risk occurred.&nbsp;  
 
*Comments for Residual Risk:&nbsp;This includes any additional information that you might want to provide regarding the risk area.  
 
*Comments for Residual Risk:&nbsp;This includes any additional information that you might want to provide regarding the risk area.  
<div class="image-green-border">[[File:7.12-ResidualRiskRating.png|720px|7.12-ResidualRiskRating.png]]</div>  
+
<div class="image-green-border">[[File:RMApp-Association6.PNG|600px|RMApp-Association6.PNG]]</div>  
5.&nbsp;'''Click '''''Create''. The Risk Area is created in Assessment state.&nbsp;
+
5.&nbsp;'''Click '''"Create". The Risk Area is created in Assessment state.&nbsp;
<div class="image-green-border">[[File:7.12-RiskAreaCreatedList.png|720px|7.12-RiskAreaCreatedList.png]]</div> <div class="image-green-border">&nbsp;</div>
+
<div class="image-green-border">[[File:RMApp-RiskWorkflow14.PNG|720px|RMApp-RiskWorkflow14.PNG]]</div>  
 +
&nbsp;
 +
 
 +
&nbsp;
 +
 
 +
&nbsp;
 +
 
 +
&nbsp;
 +
 
 +
&nbsp;
 +
 
 
&nbsp;
 
&nbsp;
  
Line 305: Line 397:
 
*Advanced Search page  
 
*Advanced Search page  
 
*Global Search  
 
*Global Search  
*Associations index page
 
  
 
To&nbsp;search risk area from Advanced Search page:
 
To&nbsp;search risk area from Advanced Search page:
  
1.&nbsp;'''Click''' ''Search'' tile on the ICI UI. The ''Advanced Search'' page opens.<br/> 2. '''Select '''Risk Area in the Please select Entities to search field.<br/> 3. '''Click''' the search icon. All available Risk Area records are displayed.
+
1.&nbsp;'''Click'''&nbsp;the "Advanced" link on the header toolbar. The "Advanced Search" page opens.
<div class="image-green-border">[[File:7.12-RiskArea-AdvancedSearch.png|720px|7.12-RiskArea-AdvancedSearch.png]]</div>  
+
<div class="image-green-border">[[File:RMApp-RiskWorkflow16.PNG|600px|RMApp-RiskWorkflow16.PNG]]</div>
 +
<br/> 2. '''Select '''"Risk Area" in the "Entity"&nbsp;dropdown&nbsp;field.
 +
<div class="image-green-border">[[File:RMApp-RASearch1.PNG|360px|RMApp-RASearch1.PNG]]</div>  
 +
3. '''Click''' the search icon. All available Risk Area records are displayed.
 +
<div class="image-green-border">[[File:RMApp-RASearch2.PNG|720px|RMApp-RASearch2.PNG]]</div>  
 
&nbsp;
 
&nbsp;
  
To search risk area using Global Search&nbsp;
+
The left navigation pane can be expanded or collapsed, as needed. The collapsed view gives a wider view of the Risk Area Details page.
 
+
<div class="image-green-border">[[File:RMApp-RiskWorkflow28.PNG|600px|RMApp-RiskWorkflow28.PNG]]</div> <div class="image-green-border">Clicking the hamburger menu icon&nbsp;[[File:Hamburger-menu-1.jpg|15px|Hamburger-menu-1.jpg]] expands the left pane.</div> <div class="image-green-border">&nbsp;</div> <div class="image-green-border">[[File:RMApp-RiskWorkflow29.PNG|600px|RMApp-RiskWorkflow29.PNG]]</div>  
Enter the relevant search criteria in the Enter search here…search bar on the ICI UI. For example, Risk Area. All available Risk Area records are displayed in a drop down.
+
<div class="image-green-border">[[File:7.12-RiskArea-GlobalSearch.png|720px|7.12-RiskArea-GlobalSearch.png]]</div>  
+
 
&nbsp;
 
&nbsp;
  
To search risk area from association index page:
+
=== Risk Area using Global Search ===
  
1.&nbsp;'''Click '''Associations Management > Associations on the Home page. The Associations index page opens.
+
To search risk area using Global Search:
  
2.&nbsp;'''Filter '''the records for Risk Area entity using Categories facet search. All available Risk Area records are displayed.
+
Enter the relevant search criteria in the Enter search here…search bar on the ICI UI. For example, "Risk Area". All available Risk Area records are displayed in a dropdown.
<div class="image-green-border">&nbsp;[[File:7.12-RiskArea-AssociationIndexpage.png|720px|7.12-RiskArea-AssociationIndexpage.png]]</div>  
+
<div class="image-green-border">[[File:RMApp-RASearch3.PNG|480px|RMApp-RASearch3.PNG]]</div>  
 
&nbsp;
 
&nbsp;
 +
 +
&nbsp;
 +
  
 
=== Working of existing ICI actions for Risk Area ===
 
=== Working of existing ICI actions for Risk Area ===
Line 331: Line 427:
 
Risk area owner can take existing ICI actions for associations on risk area.
 
Risk area owner can take existing ICI actions for associations on risk area.
  
*View Document: Opens the preview of the risk area if available, in the Document Viewer window.  
+
*Preview Document: Opens the preview of the risk area if available, in the Document Viewer drawer.  
*View Smart Link: Opens the smart links if available, in a Smart Links window.&nbsp;  
+
*View Smart Links: Opens the smart links if available, in a Smart Links window.&nbsp;  
*Dissociate: Displays the error message as Oops something went wrong, please try again.&nbsp;: You do not have necessary access privileges for this functionality,
+
*Copy: Copies risk area instance.
+
 
*Edit: Opens the Edit Associated Document - Risk Area page to modify the details of the risk area instance.  
 
*Edit: Opens the Edit Associated Document - Risk Area page to modify the details of the risk area instance.  
<div class="image-green-border"><br/> [[File:7.12-ICIActionsforRiskArea.png|720px|7.12-ICIActionsforRiskArea.png]]</div> <div class="image-green-border">&nbsp;</div>  
+
*View Details: Opens the Risk Area Details page.
 +
<div class="image-green-border">[[File:900px-8.1-RiskAreaAssociationList.png|720px]]</div> <div class="image-green-border">&nbsp;</div>
 +
 
 
=== Taking actions on the Risk Area ===
 
=== Taking actions on the Risk Area ===
  
Line 346: Line 442:
 
*Monitor - action taken to track the performance based on remediation actions until risks are completely mitigated  
 
*Monitor - action taken to track the performance based on remediation actions until risks are completely mitigated  
  
Users can repeat the workflow Due Diligence – Remediate – Monitor until the risk is completely mitigated.<br/> Users can also automate the workflows to initiate due diligence, remediate and monitor risk areas by configuring rules.<br/> &nbsp;
+
Users can repeat the workflow Due Diligence – Remediate – Monitor until the risk is completely mitigated.<br/> Users can also automate the workflows to initiate due diligence, remediate and monitor risk areas by configuring rules.
  
==== Editing Risk Area ====
+
&nbsp;
  
1.&nbsp;'''Click '''Risk Management > Risk Assessments on the Home page. The list of all available risk assessments opens.
+
&nbsp;
  
2.&nbsp;'''Click '''View Record icon next to the Risk Assessment you want to opens. The Risk Assessment Details page opens.
+
&nbsp;
  
3.&nbsp;'''Click '''Risk Area tab in the left navigation. The risk area grid opens.
+
&nbsp;
  
4.&nbsp;'''Click '''View Record icon next to the risk area you want to open. The risk area Details page opens.
+
==== Editing Risk Area from Three Dots Menu ====
  
5.&nbsp;'''Click '''Edit. The Edit Associated Document for Risk Area page opens.
+
1.&nbsp;'''Click '''"Risk Management" > "Risk Assessments" from&nbsp;the Home page. The list of all available risk assessments opens.
<div class="image-green-border">[[File:7.12-EditRiskArea.png|720px|7.12-EditRiskArea.png]]</div>
+
6.&nbsp;'''Make '''the required changes and click Update. The Risk Area is updated and the Risk Area Details page opens again.
+
<div class="image-green-border">[[File:7.12-UpdateRiskArea.png|720px|7.12-UpdateRiskArea.png]]</div>
+
&nbsp;
+
  
Users can edit the risk area from risk area details page as well.
+
2.&nbsp;'''Click '''View Record icon next to the Risk Assessment you want to opens. The Risk Assessment Details page opens.
<div class="image-green-border">[[File:7.12-EditRiskArea1.png|720px|7.12-EditRiskArea1.png]]</div> <div class="image-green-border">&nbsp;</div>
+
&nbsp;
+
  
 +
3.&nbsp;'''Click '''"Risk Area" tab in the left navigation. The risk area grid opens.
 +
<div class="image-green-border">[[File:RMApp-RiskWorkflow21.PNG|720px|RMApp-RiskWorkflow21.PNG]]</div>
 +
4.&nbsp; '''Click''' the three dots menu of a Risk Area record.
 +
<div class="image-green-border">5.&nbsp;'''Click '''"Edit". The "Edit Risk Area" for Risk Area page opens.</div> <div class="image-green-border">&nbsp;</div> <div class="image-green-border">[[File:RMApp-RiskWorkflow25.PNG|720px|RMApp-RiskWorkflow25.PNG]]</div> <div class="image-green-border">&nbsp;</div> <div class="image-green-border">6.&nbsp;Make the required changes and '''click '''"Update". The Risk Area will be updated and the Risk Area Details page opens again.</div> <div class="image-green-border">&nbsp;</div> <div class="image-green-border">[[File:RMApp-RiskWorkflow24.PNG|600px|RMApp-RiskWorkflow24.PNG]]</div> <div class="image-green-border"><br/> &nbsp;</div>
 +
==== Editing Risk Area from&nbsp;Risk Area Details page ====
 +
<div class="image-green-border">&nbsp;</div> <div class="image-green-border">Users can edit the Risk Area from the Risk Area Details page as well:</div> <div class="image-green-border">
 +
1.&nbsp;'''Click '''View Record icon next to the risk area you want to open. The risk area Details page opens.
 +
<div class="image-green-border">[[File:RMApp-RiskWorkflow22.PNG|720px|RMApp-RiskWorkflow22.PNG]]</div>
 +
2.&nbsp;'''Click '''"Edit". The "Edit Associated Document" for Risk Area page opens. Then, follow the aforementioned step # 6 under "Editing Risk Area from Three Dots Menu" to edit and save the editing.
 +
<div class="image-green-border">[[File:RMApp-RiskWorkflow23.PNG|720px|RMApp-RiskWorkflow23.PNG]]</div> <div class="image-green-border">&nbsp;</div> <div class="image-green-border">&nbsp;</div> </div> <div class="image-green-border">&nbsp;</div>
 
==== Initiating Due Diligence ====
 
==== Initiating Due Diligence ====
  
'''Click '''Initiate Due Diligence. The Risk Area Details page opens again.&nbsp;
+
'''Click '''"Initiate Due Diligence". The Risk Area Details page opens again.
<div class="image-green-border">[[File:7.12-InitiateDueDiligence.png|720px|7.12-InitiateDueDiligence.png]]</div>  
+
<div class="image-green-border">[[File:RMApp-RAActions4-4.PNG|720px|RMApp-RAActions4-4.PNG]]</div>  
The status of the risk area changes to Due Diligence.
+
The status of the risk area changes to "Due Diligence".
<div class="image-green-border">[[File:7.12-InitiateDueDiligence1.png|720px|7.12-InitiateDueDiligence1.png]]</div> <div class="image-green-border">&nbsp;</div> <div class="image-green-border">&nbsp;</div>  
+
<div class="image-green-border">[[File:RMApp-RAActions5.PNG|720px|RMApp-RAActions5.PNG]]</div> <div class="image-green-border">&nbsp;</div> <div class="image-green-border">&nbsp;</div>  
 
==== Remediating the risk area ====
 
==== Remediating the risk area ====
  
'''Click '''Remediate on the risk area Details page. The Risk Area Details page opens again.&nbsp;
+
With the status of the risk area in&nbsp;"Due Diligence", '''click '''"Remediate" on the risk area Details page.
<div class="image-green-border">[[File:7.12-RemediateRiskArea.png|720px|7.12-RemediateRiskArea.png]]</div>
+
&nbsp;
+
 
+
The risk area Details page opens again and the status of the risk area changes to Remediation..
+
<div class="image-green-border">[[File:7.12-RiskAreaRemediation1.png|720px|7.12-RiskAreaRemediation1.png]]</div>
+
&nbsp;
+
  
 +
The Risk Area Details page opens again&nbsp;and the status of the risk area changes to "Remediation".
 +
<div class="image-green-border">[[File:RMApp-RAActions6.PNG|720px|RMApp-RAActions6.PNG]]</div> <div class="image-green-border" style="text-align: justify;">&nbsp;</div> <div class="image-green-border" style="text-align: justify;">&nbsp;</div>
 
==== Monitoring the risk area ====
 
==== Monitoring the risk area ====
  
Line 390: Line 486:
 
To monitor a risk area:&nbsp;
 
To monitor a risk area:&nbsp;
  
'''Click''' ''Monitor'' on the risk area Details page. The risk area ''Details'' page opens again and the status of the risk area changes to ''Monitoring''.&nbsp;
+
'''Click'''&nbsp;"Monitor" on the risk area Details page. The risk area Details page opens again and the status of the risk area changes to "Monitoring".&nbsp;
<div class="image-green-border">[[File:7.12-MonitoringRiskArea1.png|720px|7.12-MonitoringRiskArea1.png]]</div>  
+
<div class="image-green-border">[[File:RMApp-RAActions7.PNG|600px|RMApp-RAActions7.PNG]]</div>  
The status of the risk area changes to Monitoring.
+
The status of the risk area changes to "Monitoring".
<div class="image-green-border">[[File:7.12-MonitoringRiskArea.png|720px|7.12-MonitoringRiskArea.png]]</div>  
+
<div class="image-green-border">[[File:RMApp-RAActions8.PNG|600px|RMApp-RAActions8.PNG]]</div> <div class="image-green-border">&nbsp;</div>
&nbsp;
+
 
+
 
==== Iterating workflow&nbsp;for risk area ====
 
==== Iterating workflow&nbsp;for risk area ====
  
 
Users can repeat the actions taken on the risk areas until the risks are completely mitigated.
 
Users can repeat the actions taken on the risk areas until the risks are completely mitigated.
  
1.'''Click '''Initiate Due Diligence or Remediate on the risk area Details page for the risk area in the Monitoring state. For example, select Initiate Due Diligence. The Association ''Initiate Due Diligence note'' window opens to add a note.
+
1.&nbsp;'''Click '''"Initiate Due Diligence" or "Remediate" on the risk area Details page for the risk area in the Monitoring state. For example, select Initiate Due Diligence. The Association "Initiate Due Diligence" note window opens to add a note.
 +
 
 +
2.&nbsp;'''Add '''a note text and select a Reason code.
 +
<div class="image-green-border">[[File:RMApp-RAActions9.PNG|600px|RMApp-RAActions9.PNG]]</div>
 +
3.&nbsp;'''Click '''"Add". The status of the risk area changes back to Due Diligence.
  
2.'''Add '''a note text and select a Reason code.
 
<div class="image-green-border">[[File:7.12-Association Initiate Due Diligence.png|720px|7.12-Association Initiate Due Diligence.png]]</div>
 
3.&nbsp;'''Click '''Add. The status of the risk area changes back to Due Diligence.
 
<div class="image-green-border">[[File:7.12-Association Initiate Due Diligence1.png|720px|7.12-Association Initiate Due Diligence1.png]]</div>
 
 
&nbsp;
 
&nbsp;
  
Line 412: Line 506:
 
Risk owners can deactivate the invalid risk area. Once deactivated, no further actions are allowed on the risk area.
 
Risk owners can deactivate the invalid risk area. Once deactivated, no further actions are allowed on the risk area.
  
1.&nbsp;'''Click '''Deactivate on the risk area Details page. The Association Deactivate note window opens to add a note.
+
1.&nbsp;'''Click '''"Deactivate" on the risk area Details page. The "Add Note - Deactivate" drawer opens to add a note.
<div class="image-green-border">[[File:7.12-DeactivateRiskArea.png|720px|7.12-DeactivateRiskArea.png]]</div>  
+
<div class="image-green-border">[[File:RMApp-RAActions10.PNG|720px|RMApp-RAActions10.PNG]]</div>  
 
2.&nbsp;'''Add '''a note text and select a Reason code.
 
2.&nbsp;'''Add '''a note text and select a Reason code.
<div class="image-green-border">[[File:7.12-DeactivateRiskArea1.png|720px|7.12-DeactivateRiskArea1.png]]</div>  
+
<div class="image-green-border">[[File:RMApp-RAActions12.PNG|600px|RMApp-RAActions12.PNG]]</div>  
3.&nbsp;'''Click '''Add. The status of the risk area changes to Deactivated.
+
3.&nbsp;'''Click '''"Add". The status of the risk area changes to "Deactivated".
<div class="image-green-border">[[File:7.12-DeactivateRiskArea2.png|720px|7.12-DeactivateRiskArea2.png]]</div>  
+
<div class="image-green-border">[[File:RMApp-RAActions13.PNG|600px|RMApp-RAActions13.PNG]]</div> <div class="image-green-border">&nbsp;</div> <div class="image-green-border">&nbsp;</div>
&nbsp;
+
 
+
 
==== Auditing Risk Area ====
 
==== Auditing Risk Area ====
  
Changes made to the Risk Area record during various ICI risk management workflows are captured and can be viewed under History tab. For example, changes in ICIRiskArea_372 throughout its lifecycle are captured.
+
Changes made to the Risk Area record during various ICI risk management workflows are captured and can be viewed under History tab. For example, changes in "ICMRiskArea_100"&nbsp;throughout its lifecycle are captured.
<div class="image-green-border">[[File:7.12-AuditingRiskArea.png|720px|7.12-AuditingRiskArea.png]]</div> <div class="image-green-border">&nbsp;</div>  
+
<div class="image-green-border">[[File:RMApp-RiskWorkflow30.PNG|720px|RMApp-RiskWorkflow30.PNG]]</div>  
'''Click''' ''Show All Changes'' to view the details of the particular event of the risk area instance.
+
'''Click'''&nbsp;"Show Changes" to view the details of the particular event of the risk area instance.
<div class="image-green-border">[[File:7.12-AuditingRiskArea1.png|720px|7.12-AuditingRiskArea1.png]]</div>  
+
<div class="image-green-border">[[File:RMApp-RiskWorkflow31.PNG|720px|RMApp-RiskWorkflow31.PNG]]</div> <div class="image-green-border">&nbsp;</div> <div class="image-green-border">&nbsp;</div> <div class="image-green-border">Clicking the status of the&nbsp;Risk Area on the "Details" page opens the “History” window.</div> <div class="image-green-border">&nbsp;</div> <div class="image-green-border">[[File:8.1-RMApp-History1.png|720px|8.1-RMApp-History1.png]]</div> <div class="image-green-border">&nbsp;</div> <div class="image-green-border">&nbsp;</div>  
 
&nbsp;
 
&nbsp;
  
'''Moving Risk Area workflow automatically'''
+
==== Moving Risk Area workflow automatically ====
  
The users can manage the Risk Assessment and Risk Area action workflows using the script attribute Target ICM Status. Users can set the value in Target ICM Status to specific status and move records to that particular state during the risk management workflow.&nbsp;For example, risk area record can be moved from the Draft &nbsp;state to either Due Diligence, Remediation or Monitoring state using attribute Target ICM status .
+
Users can manage the Risk Assessment and Risk Area action workflows using the script attribute Target ICM Status. Users can set the value in Target ICM Status to specific status and move records to that particular state during the risk management workflow.&nbsp;For example, risk area record can be moved from the Draft &nbsp;state to either Due Diligence, Remediation or Monitoring state using attribute Target ICM status .
  
 
Risk assessment and risk area records can be uploaded in ICI directly in specific status by setting the state value in the Target ICM Status attribute using ICI’s Legacy Upload functionality. The business status would then be set accordingly.
 
Risk assessment and risk area records can be uploaded in ICI directly in specific status by setting the state value in the Target ICM Status attribute using ICI’s Legacy Upload functionality. The business status would then be set accordingly.
Line 436: Line 528:
 
For example, when users want to upload large number of historical risk assessment records using Legacy Upload, they can directly upload in the Approved state by setting it in the Target ICM Status attribute and the business state would be set as Assessment Complete.
 
For example, when users want to upload large number of historical risk assessment records using Legacy Upload, they can directly upload in the Approved state by setting it in the Target ICM Status attribute and the business state would be set as Assessment Complete.
  
Refer &nbsp;the ICI Risk Management Configuration Guide for details on Managing Risk Workflows using attribute Target ICM Status.
+
Refer the ICI Risk Management Configuration Guide for details on Managing Risk Workflows using attribute Target ICM Status.
  
 
&nbsp;
 
&nbsp;
Line 444: Line 536:
 
Users &nbsp;can create remediation tasks for managing risks using commitments, obligations or any third party system. ICI Risk Management app currently supports managing Risk Assessment and Risk Area using ICI Commitment functionality.
 
Users &nbsp;can create remediation tasks for managing risks using commitments, obligations or any third party system. ICI Risk Management app currently supports managing Risk Assessment and Risk Area using ICI Commitment functionality.
  
<br/> To create a task using commitment:
+
To create a task using commitment:
  
1.&nbsp;'''Click '''the ''Risk Management'' > ''Risk Assessment'' on the ''Home'' page. The saved search result page opens with all Risk Assessment records.
+
1.&nbsp;'''Click '''"Risk Management" > "Risk Assessment" from the "Home" page. The saved search result page opens with all Risk Assessment records.
  
2.&nbsp;'''Click '''the ''View Record'' icon next to the ''Risk Assessment'' record you want to open. For example, Risk_Assessment_May2020. The Risk Assessment ''Details'' page opens.
+
2.&nbsp;'''Click '''the View Record icon next to the "Risk Assessment" record you want to open. For example, "Risk_Assessment_Jan2022". The Risk Assessment Details page opens.
  
3.&nbsp;'''Click '''the ''Commitments'' tab in the left navigation. The existing commitments are displayed if any.
+
3.&nbsp;'''Click '''the "Commitments" tab in the left navigation. The existing commitments are displayed if any.
 
+
<div class="image-green-border">[[File:RMApp-RiskWorkflow1.PNG|800px|RMApp-RiskWorkflow1.PNG]]</div>  
4.&nbsp;'''Click''' ''Add Commitment'' action icon. The ''Add Commitment'' window opens
+
4.&nbsp;'''Click'''&nbsp;"Add Commitment" action icon. The "Add Commitment" drawer opens.
<div class="image-green-border">&nbsp;[[File:7.12-RiskManagement-AddCommitment.png|720px|7.12-RiskManagement-AddCommitment.png]]</div>  
+
<div class="image-green-border">[[File:RMApp-RiskWorkflow2.PNG|600px|RMApp-RiskWorkflow2.PNG]]</div>  
5.&nbsp;'''Enter&nbsp;'''the details for the commitment.
+
5.&nbsp;Enter&nbsp;the details for the commitment and '''c''''''lick '''"Save". The commitment is created and added to risk assessment.&nbsp;
<div class="image-green-border">[[File:7.12-RiskManagement-AddCommitment1.png|720px|7.12-RiskManagement-AddCommitment1.png]]</div>  
+
<div class="image-green-border">[[File:RMApp-RiskWorkflow3.PNG|720px|RMApp-RiskWorkflow3.PNG]]</div>  
6.&nbsp;'''Click '''Add Commitment. The commitment is created and added to risk assessment.&nbsp;
+
<div class="image-green-border">[[File:7.12-RiskManagement-AddCommitment2.png|720px|7.12-RiskManagement-AddCommitment2.png]]</div>  
+
 
To view and take action on the commitment tasks:
 
To view and take action on the commitment tasks:
  
1.&nbsp;'''Click '''the icon ''Take action on commitment''. The ''Add Action'' window opens.
+
1.&nbsp;'''Click '''the&nbsp;three dots menu and click "Take action on commitment". The "Take&nbsp;Action on Commitment" drawer opens.
<div class="image-green-border">[[File:7.12-RiskManagement-TakeAction on commitments.png|720px|7.12-RiskManagement-TakeAction on commitments.png]]</div>  
+
<div class="image-green-border">[[File:RMApp-RiskWorkflow5-5.PNG|720px|RMApp-RiskWorkflow5-5.PNG]]</div>  
 
2.&nbsp;'''Add '''the action details.
 
2.&nbsp;'''Add '''the action details.
  
3.&nbsp;'''Click '''Save. The Commitment status is updated according to the action taken.
+
3.&nbsp;'''Click '''"Save". The Commitment status is updated according to the action taken.
<div class="image-green-border">[[File:7.12-RiskManagement-TakeAction on commitments1.png|720px|7.12-RiskManagement-TakeAction on commitments1.png]]</div>  
+
<div class="image-green-border">[[File:RMApp-RiskWorkflow6.PNG|500px|RMApp-RiskWorkflow6.PNG]]<br/> &nbsp;</div> <div class="note-box">'''Note:&nbsp;'''The action can also be delegated to a desired user by clicking on the "Delegate" button.</div>  
Refer to the Compliance Management for more details on working with commitments.
+
Refer to the "Compliance Management" page for more details on working with commitments.
 +
 
 +
&nbsp;
  
 
== Accessing the Risk Area actions Notifications&nbsp; ==
 
== Accessing the Risk Area actions Notifications&nbsp; ==
  
The ICI Risk Management app sends the notifications when certain actions are taken on the Risk Area. These notifications are seeded.<br/> The notifications are sent when events occurs:
+
The ICI Risk Management app sends&nbsp;notifications when certain actions are taken on the Risk Area. These&nbsp;seeded notifications are sent when an events occurs:
  
 
*Risk area is created  
 
*Risk area is created  
Line 478: Line 570:
 
*Risk area is deactivated  
 
*Risk area is deactivated  
  
The recipients can access the notifications from ''Notification'' Dashboard:
+
The recipients can access the notifications from "Notification Dashboard":
  
#'''Click '''Notifications tab on the Home page. The ''Notifications Dashboard'' opens.  
+
#'''Click '''the'''&nbsp;'''Notifications bell icon on&nbsp;the top right. The "Notifications Dashboard" opens.  
#'''Click '''''Risk Management Notifications''. The list of notification events opens.  
+
<div class="image-green-border">[[File:RMApp-RiskNotifications1.PNG|600px|RMApp-RiskNotifications1.PNG]]</div> <ol start="2">
#'''Expand '''the notification event. The notifications belonging to the selected event are displayed.&nbsp;  
+
<li>'''Click '''"Risk Management Notifications". The list of notification events opens.</li>
#'''Select '''the Notification you want to view. The selected Notification opens in the right pane.  
+
<li>'''Expand '''the notification event. The notifications belonging to the selected event are displayed.&nbsp;</li>
<div class="image-green-border">[[File:7.12-RiskAreaNotifications.png|720px|7.12-RiskAreaNotifications.png]]</div>  
+
<li>'''Select '''the Notification you want to view. The selected Notification opens in the right pane.</li>
 +
</ol>
 +
<div class="image-green-border">[[File:RMApp-Notifications.png|720px|RMApp-Notifications.png]]</div>  
 
&nbsp;
 
&nbsp;
  
Line 491: Line 585:
 
&nbsp;
 
&nbsp;
  
'''Related Topics''':''&nbsp;[[Agreement_Management|Agreement Management]]&nbsp;| [[ICI_Sourcing_App|ICI Sourcing App]] |&nbsp;&nbsp;[[Working_with_RFx|Working with RFx]]&nbsp;|&nbsp;[[Working_with_RFI|Working with RFI]]&nbsp;|&nbsp;[[Obligation_Management|Obligation Management]]&nbsp;| [[Biz_Apps_Release_Notes|Biz Apps Release Notes]] |&nbsp;''
+
'''Related Topics''':''&nbsp;[[Agreement_Management|Agreement Management]]&nbsp;|&nbsp;''

Latest revision as of 17:21, 22 August 2022

ICI Risk Management App

Overview

The Icertis Contract Intelligence (ICI) platform introduces the Risk Management Application to make it easier for professionals to carry out their tasks related to risk management such as assessment, due diligence, remediation, monitoring and reassessment. Risk management is the process of identifying potential risk, assessing the magnitude of risk based on the business objectives, devising strategies to eliminate them and tracking the performance until they are completely mitigated.

The platform’s modern, scalable and integration-friendly cloud architecture can model even the most complex risk management scenarios. The App provides secure access such that only authorized users can access the App entities and data, using ICI’s access control functionalities. The user-friendly interface makes it possible for anyone in the enterprise having access to be able to use the platform with ease. 

Icertis uses a standard framework of discovery, assessment, remediation, monitoring and optimization to manage enterprise risk.

ICI Risk Management supports the following risk management business scenarios:  
  • Business Operations Risk: For example, the impact of pandemic on the business operations of an organization. 
  • Contractual Risk: For example, managing risks that arise from non-standard agreement terms, clauses, and so on. 
  • Counter-Party Risk: For example, managing risks relevant to suppliers and vendors.

The Terminology

Here are some terms that will help you better understand the risk management process:

  • Risk Assessment:  It deals with the process of identifying and evaluating the magnitude of potential risk areas.
  • Risk Area: It is the exposure that an organization has from internal or external factor(s) that impact the normal
    functioning of business and will lower its bottom line (or profits) or lead it to fail. For example, cyber security
    risk.
    • Risk Taxonomy: It is comprehensive set of risk categories and sub-categories used in an
      organization. It outlines as approach to categorize and aggregate all types of risks that could affect
      the organization's objectives.
    • Assessment: Risk owner determines or assesses whether identified risk area is valid or not.
      Likewise, risk owner can add a risk area manually.
    • Due Diligence: It is a complete review of the risk area. As part of incomplete or missing
      information, tasks may be created to gather information.
    • Remediation: It is a strategy created to mitigate risks. For example, Avoid strategy, Transfer
      Strategy, Reduce Strategy, etc. Based on the remediation strategy, mitigation tasks are initiated.
      • Control Effectiveness Rating: It represents the effectiveness of risk remediation actions
        taken to mitigate risk. 
  • Monitor and Optimize: Monitoring involves the process of tracking the progress of residual risk level and risk
    score of a risk area as against the remediation tasks made for mitigation. If the residual risk score and risk
    level does not change as compared to the inherent score, then optimization allows taking additional due
    diligence or remediation tasks to mitigate risk.
  • Risk Score Matrix:  It is a matrix that uses a combination of likelihood and consequence rating to determine
    magnitude of risk. 
    • Inherent Risk: It is a risk indicator. It is the starting score for each identified risk area and is
      expected to be controlled.
    • Residual Risk: It is a risk indicator. It is the score that depicts the risk remaining once mitigation
      actions have been planned and implemented.
    • Likelihood Rating: On a risk matrix, it represents the likelihood (level of probability) of risk
      occurrence.
    • Consequence Rating: On a risk matrix, it represents the magnitude (level of impact) of risk
      occurrence.
    • Risk Level:  It is the qualitative score for every risk area transaction.
    • Risk Score: It is the quantitative score for every risk area transaction.

The Challenge

Business risk can emerge from any division of a company and must be managed proactively to avoid devastating
impacts. Often, these risks originate in the contracts of an organization with an external party or because of the
business and regulatory environment in which the entity operates.
Yet, most organizations manage contractual, regulatory, financial reporting and environmental obligations
manually. Automated extraction and monitoring of obligations are prevalent in very few companies across various
industry verticals. Consequently, organizations do not have adequate visibility into the status of these obligations
and end up being reactive in identifying and handling risks.

This raises the following challenges: 

  • Companies cannot proactively assess and manage their risks in business environment characterized by
    unpredictability, volatility and mounting counter-party solvency risks.
  • Traditional Governance, Risk and Compliance (GRC) and Risk Management tools are not able to roll-up
    enterprise-wide risk insights from across contracts which are the ultimate source of commercial truth, and
    hence are only good at reporting and analyzing risks in hindsight. 
  • Lack of visibility and insight into obligations, typically spelled out in detail in service contracts, can lead to
    substantial risks for businesses if not surfaced at the appropriate time and monitored at an adequate level to
    provide required executive attention.

The Solution

Built on the Icertis Contract Intelligence platform, the ICI Risk Management App brings a paradigm shift in
the management of business risks. The App offers a process-oriented enterprise-wide solution to stay on top
of all potential risks that a business faces – whether they emanate from the potential insolvency of a
counter-party, payment default by a customer, supply disruption due to a pandemic or natural disaster,
logistics blockades due to localized conflicts, or other market turbulence.

With the Risk Management App, companies can: 

  • Perform risk discovery, assessment, remediation, monitoring and optimization in any business context that is
    relevant to a specific organization. For example, supplier risk assessment at the time of onboarding a supplier,
    customer credit risk check while signing long-term contracts on non-cash terms, contractual performance risk
    while evaluating technical capabilities of a service provider, etc. 
  • Prevent and reduce risk-injection as opposed to only managing risks.

The Capabilities

The intelligent and easy-to-use ICI Risk Management App offers these powerful capabilities:

  • Ability to embed risk assessment in various business processes:
    • For example, during negotiation, supplier/ customer onboarding, third party contract ingestion, etc.
  • Flexible and configurable risk assessment frameworks:
    • To cater to various industry and business-specific risk management requirements.
  • Questionnaire-based risk identification:
    • Questionnaire configuration capability to discover all vendor or business operation risks based on
      responses.
  • Risk area and scoring model configurability:
    • A configurable risk area to gauge contract, counter-party and operations risk at various levels of
      business granularity.
    • An easy-to-configure platform that helps to set up a quantitative and qualitative risk score model to
      meet business needs.
  • Alerts and notifications: 
    • In-built notifications to inform risk owner about changes in risk area status.
  • Auditing: 
    • Audit trails of every action with user and time-stamp details.

The Benefits 

  • The ICI Risk Management App changes the risk management paradigm from identification and mitigation to
    preventing risk injection and remediation.
  • Effective risk monitoring reduces the impact of operational, financial and reputational risk, contributing
    significantly to the company’s bottom line.
  • Configurable system can conform to any risk model in the world and even develop industry and companyspecific risk models with no custom code required, thereby greatly reducing deployment costs.

The Prerequisites

The user must have: 

  • Completed ICI Product Training
  • Risk Management App must be enabled on customer environment 

Configuration setup overview

ICI offers the ability to determine the application type (Contracting, Sourcing, Obligation Management and Risk Management application) when creating a contract type. This is possible with the inclusion of two new choice type attributes, Business Application Type and Business Application Category at the contract type level. This feature helps effortlessly drive business applications on ICI platform.
These attributes are enabled through technical configuration and  applicable for agreements and associated document contract types. The access privileges for business applications (such as Risk Management) are managed through security groups. 

Seeded Configuration and setup

The ICI Risk Management application provides  some seeded  entities, attributes, workflows, rules and notifications that are necessary for the flow of the risk management. Some of the entities are:

  • Masterdata: 
    • Risk Taxonomy
    • Risk Remediation
    • Risk Area Master
    • Likelihood Rating
    • Risk Score Matrix
  • Contract types:
    • Risk Assessment: as agreement contract type with Business Application Type as Risk Management and Business Application Category as Risk Assessment defined at contract type level.Risk Area as associated document contract type with business application type as risk management and business application category as risk area defined at contract type level.
    • Risk Area: as associated document contract type with Business Application Type as Risk Management and Business Application Category as Risk Area defined at contract type level.
  • Rules:
    • Instantiate the risk areas after completing the risk assessment
    • Copy attribute values from risk assessment to the risk area
    • Add Team members to the risk area
  • Notifications for events:
    • Risk area is created
    • Risk area due diligence is initiated
    • Risk area remediation is initiated
    • Risk area monitoring is initiated
    • Risk area is deactivated

Refer the Risk Management Configuration guide for details.
 

Prerequisite set-up 

The ICI Risk Management application provides some seeded masterdata that are necessary for the flow of the risk management. Users can create masterdata instances with desired values.
To create masterdata instance:

1. Click "Configure" > "Masterdata" from the "Home" page menu. The Masterdata page opens.

RMApp1-11.PNG

2. Click "Create" button. The "Create Masterdata" page opens.

RMApp1-12.PNG

3.Select the "Masterdata" Contract Type. For example, "Risk Area Master".

RMApp1-13.PNG

3. Click "Next". The "Attributes" page opens.

4. Enter or select the details in all relevant fields. For example, enter "Risk Area Name" as "Anti-Bribery Corruption".

5. Click "Create". The masterdata instance is created.

RMApp1-14.PNG

Similarly, setup masterdata for "Risk Taxonomy", "Risk Remediation",  "Likelihood Rating" and  "Risk Score Matrix" Masters.

Working with Risk Assessment

The ICI Risk Management application enables users to manage risks by creating risk assessment. Risk Assessment deals with the process of identifying and evaluating the magnitude of potential risk areas. For example, buyers can use the ICI Risk Management application  that allows configuring a questionnaire to perform supplier risk assessment. The risk areas can be identified based on the responses received for the questionnaire as the outcome of the risk assessment process.
Risk assessment workflow performed by risk assessment owners typically involves the following:

  • Initiating Risk Assessment: The risk assessment owners can initiate the risk assessment workflow to identify the risks. For example, the risk assessment can be a questionnaire where the users respond to the questions by submitting it. This initiates the risk assessment in "Draft" state.
  • Approving Risk Assessment: Based on the complexity of risk assessment, ICI administrators can configure the rules to add approvers to the assessment team. If there are approvers added to the team, the risk assessment is sent to the approvers for approval. The risk assessment is approved automatically if no approvers are added to the team.
  • Completing Risk Assessment: The status of the risk assessment changes to "Assessment Complete" when the risk assessment is approved. The risk area can be identified and auto-instantiated based on the configured rules.

Here is the Risk Assessment workflow at a glance:

7.12-RiskManagementWorkflow.png

 

 

 


Creating a Risk Assessment

1.Click the "Risk Management" tile on the "Home" page. The dropdown opens with  the following option:

  • Risk Assessments
RMApp1.PNG
 
Click "Create" on the Risk Assessment index page to open the "Create Risk Assessment" page. 
 
8.1-RiskAssessmentIndexPage.PNG
 
    a. Alternatively, click the Create workbench plus icon, the "Create" workbench drawer opens with several create action options.
 
RMApp-RiskWorkflow13.PNG
 
    b. Click "Create Assessment".
 
RMApp-RiskWorkflow15.PNG

2. Click "Create Risk Assessment". The "Attributes" page for "Create Risk Assessment" opens. The "Attributes" page includes questions to capture the responses based on which the risk areas can be generated. These questions are non-seeded attributes and users can configure  them to the Risk Assessment contract type as per their business needs.

Attributes page has seeded sections as:

  • Identification
  • Risk Assessment Timeline

3. Enter the details in fields in the "Identification" section:

  • Risk Assessment Name
  • Risk Assessment Description 
  • Risk Assessment Entity: The context for which the risk assessment is being created. For example, "Business Operations", "Contractual" or "Counter Party".
 RMApp1-15.PNG

4. Enter the details in fields in the "Risk Assessment Timeline" section.

  • Assessment Start Date: The date that you start the risk assessment of entity. For example, January 15, 2022.
  • Assessment Due Date: The date by which risk assessment of entity should be completed. The assessment due date should be greater than the start date, otherwise a validation error message is displayed.
RMApp1-17.PNG

5. Enter the details in fields in all the sections on the Attributes page.

6. Click "Next". The "Verify" page opens.

7. Verify the details and click "Create".

8.0 RM 1.PNG
 
The risk assessment is created in "Draft" state.
 
RMApp1-18.PNG

Once created, users can "Edit", "Delete", "Cancel" or "Submit" the "Risk Assessment".

On deleting the risk assessment, users will be redirected to the Risk Assessment “Index” page. 
  
Some actions that are used less frequently such as “Delete”, option is now moved under the three dots icon on the Risk Assessment “Details” page.

The “Copy Record” action is not supported for Risk Assessment.

Note: Users can configure the less frequently used actions such as “Copy Record”, “Delete”  as per the requirement.  

 


Searching and viewing the Risk Assessment

1. Click the "Risk Management" > "Risk Assessments" tile options on the "Home" page.

The Risk Assessment index page opens displaying all the risk assessments. Users can refine the search result by applying filters, options and keywords.
 
8.1-RiskAssessmentIndexPage.PNG

2. Click the View Record eye icon next to the Risk Assessment record you want to open. For example, "Risk Assessment for Acme Corporation". The Risk Assessment Details page opens.

RMApp1-20.PNG
 
The left navigation pane can be expanded or collapsed, as needed. The collapsed view gives a wider view of the Risk Assessment Details page.
 
RMApp-RiskWorkflow26.PNG
 
Clicking the hamburger menu icon Hamburger-menu-1.jpg expands the left pane.
 
RMApp-RiskWorkflow27.PNG
 
 
Advanced Search
 
The Advanced Search now displays the business app entity Risk Assessment and Risk Area in the Advanced Search window. 
 
8.1-RMApp-AdvancedSearch.PNG
 

Editing the Risk Assessment

1. Click "Edit" on the Risk Assessment Details page. The Edit Risk Assessment page opens.

RMApp-Edit.PNG
 
2. Make the required changes and click "Next". The "Verify" page opens. 
 
RMApp-Edit2.PNG

3. Verify the details and click "Update". The risk assessment is updated and remains in "Draft" state.

RMApp-Edit3.PNG

 

Canceling the Risk Assessment

1.Click "Cancel" on the Risk Assessment Details page.

RMApp-Cancel.PNG

The confirmation window opens.

RMApp-Cancel2.PNG

2. Click "Yes". The "Add Note" drawer opens.

RMApp-Cancel3.PNG

3. Add note text and select the "Reason Code".

4. Click "Add". The Risk Assessment status changes to "Cancelled".

RMApp-Cancel4.PNG

 

 

Deleting the Risk Assessment

1. Click "Delete" on the Risk Assessment Details page. 

RMApp-Delete1.PNG
 
The "Add Note" window opens.
 
2. Add note text and select the "Reason Code".

3. Click "Add". The risk assessment will be deleted and risk assessment index page opens.

 

Submitting the Risk Assessment

 Click "Submit" on the Risk Assessment Details page.

RMApp-Submit.PNG
 
The risk assessment is sent for approval and its status changes to "Waiting for Approval".
 
RMApp-Submit2.PNG

Approvers can Approve or Reject the Risk Assessment from the risk assessment Details page.

 

 

Rejecting the risk assessment

To reject:

1. Click "Reject". 

RMApp-Reject1.PNG

2. Add note text and select the Reason Code.

RMApp-Reject2.PNG

3. Click "Add". The Risk Assessment is rejected and goes back to "Draft" state.

 

 

Approving the risk assessment

To approve:

1. Click "Approve". The "Add Note" window opens. 

1080px-8.0 RM 3.PNG
 
2. Add note text.
 
3. Click "Add". The Risk Assessment state changes to "Assessment Complete".

If there are no Approvers added to the Risk Assessment Team, the record will be approved directly and move to the "Assessment Complete" state.

RMApp-Complete.PNG

 

Note: The "Assessment Complete" state is the final state for Risk Assessment, and users cannot take further actions.

 

 

Auditing Risk Assessment

Changes made to the Risk Assessment record during various ICI risk management workflows are captured and can be viewed under "History" tab. For example, changes in "Risk Assessment for Acme Corporation throughout its lifecycle are captured.

RMApp-RiskWorkflow12.PNG

Click "Show Changes" to view the details of the particular event of the risk assessment instance.

RMApp-History2.PNG
 
Clicking the status of the Risk Assessment or Risk Area opens the “History” window.
 
8.1-RMApp-History.png
 

Working with Risk Area

Managing Risk Area includes: 

  • Ensuring the validity of the identified risk area
  • Devising strategies to mitigate risks
  • Tracking the performance until risks are completely mitigated

The risk area can be generated automatically by seeded rules based on the risk assessment responses. Users can also add the risk area manually to the risk assessment.

 


Creating Risk Area automatically using rules

The ICI Risk Management application provides set of rules to generate Risk Areas automatically based on the responses gathered from the risk assessment. Refer the "ICI Risk Management Configuration Guide" for details on rules used in the ICI Risk Management application.

The workflow for generating risk areas automatically includes process as follows:

1. A recommended rule "Identify Risk Areas" can be configured by the app implementation team on the event "Risk Assessment Created" to identify applicable risk areas, based on the specific attribute values from the Risk Assessment record.

For the attribute "Risk Assessment Description", if the response is "Sup" (representing supplier), then the Applicable Risk Area is identified and set as "Sanctions".

RMApp-RiskWorkflow32.png
 
2. Once the "Risk Areas" are identified, the seeded rule "Auto instantiate applicable risk area" generates those identified risk areas.
3. Another seeded rule "Copy Attribute Values" then copies values specified in the rule from Risk Assessment record to the Risk Areas.
For example, when the "Risk_Assessment_Jan2022" is approved, the risk area is automatically created as "Sanctions".
 
RMApp-RiskWorkflow33.PNG

 

 

Creating Risk Area manually 

To create a risk area for risk assessment: 

1. Click "Risk Management" > "Risk Assessments" from the "Home" page. The search results page with all risk assessment records opens.

2. Click the View Record icon next to the Risk Assessment for which you want to create Risk Area. The Risk Assessment Details page opens.

3. Click Create Association action icon (plus sign) next to Risk Area under the Associations. The "Create Association" for Risk Area page opens.

RMApp-Association1-1.PNG

The "Create Association Risk Area" page has these sections:

  • Reference Risk Assessment
  • Risk Area Details 
  • Inherent Risk Rating 
  • Risk Remediation Plan 
  • Residual Risk Rating 

4. Select or enter the details in the attributes in all the sections. The attributes can be mandatory, lookup type, cascading, conditional, multi-select and so on.

Reference Risk Assessment

This section contains the attributes:

  • Risk Assessment Name: This field is populated automatically based on the information entered when creating the risk assessment. 
  • Risk Assessment Description: This field is populated automatically based on the information entered when creating the risk assessment. 
RMApp-Association2.PNG

Risk Area Details 

This section contains the attributes: 

  • Risk Area Instance ID: This is generated automatically after the risk area is created.
  • Risk Area Name: Select the risk area name from the dropdown list. This populates the information for the following attributes from the masterdata. 
    • Risk Area Master ID 
    • Short Description
    • Category
    • Sub Category
    • "Risk Area Owner"
  • Origin: Enter the description that contains information about the probable source of risk area. 
  • Effect: Enter the description about the probable effects of the risks foreseen based on the risk assessment created.
  • Additional Risk Area Owners: If risk area owner is not available in master, then user can add additional risk area owners. 

Risk Area owners are Subject Matter Experts who can look into risk area end to end for validity of risk, planning risk remediation, monitoring the progress and performance of risk remediation actions

RMApp-Association3.PNG

 

Note: The certain values in the risk area details section can be auto-populated from Risk Area Master . The Risk Owner and Additional Risk Area Owners can be added to the risk area team through configured rules.

Inherent Risk Rating 

Inherent risk rating is the risk rating applicable to the risk when it was determined for the first time.
This section contains the attributes:

  • Inherent Risk Trigger Date: The date and time on which the inherent risk record is created.
  • Inherent Likelihood Rating: The probability of occurrence of risk.
  • Inherent Consequence Rating: The impact or consequence of risk occurrence. 
  • Inherent Risk Level:Qualitative scoring based on likelihood of risk occurrence and consequence if risk occurred. 
  • Inherent Risk score:Quantitative scoring based on likelihood of risk occurrence and consequence if risk occurred. 
Note: The Inherent risk level and score is determined from the values in inherent likelihood rating and consequences rating and can be entered manually or by configuring rules.
  • Comments: This includes any additional information that you might want to provide regarding the risk assessment created.
RMApp-Association4.PNG

Risk Remediation Plan 

This section includes the informaton related to the remediation strategies and actions that can be taken to mitigate the risk areas.
This section contains the attributes: 

  • Remediation Action: Enter the remediation action that is planned to be taken to minimize the probable risks. 
  • Control Effectiveness: Select the level from the dropdown list that defines the level of effectiveness of measures that will be applied to minimize the risks.
  • Remediation Action Details: Enter the remediation action details that describe the remediation actions that will be taken to minimize the risk. 
 RMApp-Association5.PNG

Residual Risk Rating
This section includes the information related to the residual risk left after the remediation actions are taken.
This section contains the attributes:

  • Residual Risk Update Date: The date on which the residual risk record is updated.
  • Residual Likelihood Rating: This indicates the likelihood of occurrence of the remaining risk. 
  • Residual Consequence Rating: This indicates impact of occurrence of the remaining risks happening after the mitigations actions are implemented.
  • Residual Risk Level: Qualitative scoring based on likelihood and consequence if residual risk occurred.  
  • Residual Risk Score: Quantitative scoring based on likelihood and consequence if residual risk occurred. 
  • Comments for Residual Risk: This includes any additional information that you might want to provide regarding the risk area.
RMApp-Association6.PNG

5. Click "Create". The Risk Area is created in Assessment state. 

RMApp-RiskWorkflow14.PNG

 

 

 

 

 

 

Searching Risk Area records

Risk Area records can be searched from:

  • Advanced Search page
  • Global Search

To search risk area from Advanced Search page:

1. Click the "Advanced" link on the header toolbar. The "Advanced Search" page opens.

RMApp-RiskWorkflow16.PNG


2. Select "Risk Area" in the "Entity" dropdown field.

RMApp-RASearch1.PNG

3. Click the search icon. All available Risk Area records are displayed.

RMApp-RASearch2.PNG

 

The left navigation pane can be expanded or collapsed, as needed. The collapsed view gives a wider view of the Risk Area Details page.

RMApp-RiskWorkflow28.PNG
Clicking the hamburger menu icon Hamburger-menu-1.jpg expands the left pane.
 
RMApp-RiskWorkflow29.PNG

 

Risk Area using Global Search

To search risk area using Global Search:

Enter the relevant search criteria in the Enter search here…search bar on the ICI UI. For example, "Risk Area". All available Risk Area records are displayed in a dropdown.

RMApp-RASearch3.PNG

 

 


Working of existing ICI actions for Risk Area

Risk area owner can take existing ICI actions for associations on risk area.

  • Preview Document: Opens the preview of the risk area if available, in the Document Viewer drawer.
  • View Smart Links: Opens the smart links if available, in a Smart Links window. 
  • Edit: Opens the Edit Associated Document - Risk Area page to modify the details of the risk area instance.
  • View Details: Opens the Risk Area Details page.
900px-8.1-RiskAreaAssociationList.png
 

Taking actions on the Risk Area

The Risk owner can be added to the risk area through configured rules. Risk owner can then take certain actions from the risk area Details page.  
The actions can be:

  • Initiate Due Diligence - action taken to capture more information related to the risk and validate the identified risk area. 
  • Remediate - action taken to mitigate the valid risk area.
  • Deactivate - action taken for risk area identified as invalid. Users cannot take further  actions once the risk area is deactivated.
  • Monitor - action taken to track the performance based on remediation actions until risks are completely mitigated

Users can repeat the workflow Due Diligence – Remediate – Monitor until the risk is completely mitigated.
Users can also automate the workflows to initiate due diligence, remediate and monitor risk areas by configuring rules.

 

 

 

 

Editing Risk Area from Three Dots Menu

1. Click "Risk Management" > "Risk Assessments" from the Home page. The list of all available risk assessments opens.

2. Click View Record icon next to the Risk Assessment you want to opens. The Risk Assessment Details page opens.

3. Click "Risk Area" tab in the left navigation. The risk area grid opens.

RMApp-RiskWorkflow21.PNG

4.  Click the three dots menu of a Risk Area record.

5. Click "Edit". The "Edit Risk Area" for Risk Area page opens.
 
RMApp-RiskWorkflow25.PNG
 
6. Make the required changes and click "Update". The Risk Area will be updated and the Risk Area Details page opens again.
 
RMApp-RiskWorkflow24.PNG

 

Editing Risk Area from Risk Area Details page

 
Users can edit the Risk Area from the Risk Area Details page as well:

1. Click View Record icon next to the risk area you want to open. The risk area Details page opens.

RMApp-RiskWorkflow22.PNG

2. Click "Edit". The "Edit Associated Document" for Risk Area page opens. Then, follow the aforementioned step # 6 under "Editing Risk Area from Three Dots Menu" to edit and save the editing.

RMApp-RiskWorkflow23.PNG
 
 
 

Initiating Due Diligence

Click "Initiate Due Diligence". The Risk Area Details page opens again.

RMApp-RAActions4-4.PNG

The status of the risk area changes to "Due Diligence".

RMApp-RAActions5.PNG
 
 

Remediating the risk area

With the status of the risk area in "Due Diligence", click "Remediate" on the risk area Details page.

The Risk Area Details page opens again and the status of the risk area changes to "Remediation".

RMApp-RAActions6.PNG
 
 

Monitoring the risk area

Users can monitor the risk areas based on the remediation actions taken to check whether the risks are reduced. 

To monitor a risk area: 

Click "Monitor" on the risk area Details page. The risk area Details page opens again and the status of the risk area changes to "Monitoring". 

RMApp-RAActions7.PNG

The status of the risk area changes to "Monitoring".

RMApp-RAActions8.PNG
 

Iterating workflow for risk area

Users can repeat the actions taken on the risk areas until the risks are completely mitigated.

1. Click "Initiate Due Diligence" or "Remediate" on the risk area Details page for the risk area in the Monitoring state. For example, select Initiate Due Diligence. The Association "Initiate Due Diligence" note window opens to add a note.

2. Add a note text and select a Reason code.

RMApp-RAActions9.PNG

3. Click "Add". The status of the risk area changes back to Due Diligence.

 

Deactivating the risk area

Risk owners can deactivate the invalid risk area. Once deactivated, no further actions are allowed on the risk area.

1. Click "Deactivate" on the risk area Details page. The "Add Note - Deactivate" drawer opens to add a note.

RMApp-RAActions10.PNG

2. Add a note text and select a Reason code.

RMApp-RAActions12.PNG

3. Click "Add". The status of the risk area changes to "Deactivated".

RMApp-RAActions13.PNG
 
 

Auditing Risk Area

Changes made to the Risk Area record during various ICI risk management workflows are captured and can be viewed under History tab. For example, changes in "ICMRiskArea_100" throughout its lifecycle are captured.

RMApp-RiskWorkflow30.PNG

Click "Show Changes" to view the details of the particular event of the risk area instance.

RMApp-RiskWorkflow31.PNG
 
 
Clicking the status of the Risk Area on the "Details" page opens the “History” window.
 
8.1-RMApp-History1.png
 
 

 

Moving Risk Area workflow automatically

Users can manage the Risk Assessment and Risk Area action workflows using the script attribute Target ICM Status. Users can set the value in Target ICM Status to specific status and move records to that particular state during the risk management workflow. For example, risk area record can be moved from the Draft  state to either Due Diligence, Remediation or Monitoring state using attribute Target ICM status .

Risk assessment and risk area records can be uploaded in ICI directly in specific status by setting the state value in the Target ICM Status attribute using ICI’s Legacy Upload functionality. The business status would then be set accordingly.

For example, when users want to upload large number of historical risk assessment records using Legacy Upload, they can directly upload in the Approved state by setting it in the Target ICM Status attribute and the business state would be set as Assessment Complete.

Refer the ICI Risk Management Configuration Guide for details on Managing Risk Workflows using attribute Target ICM Status.

 

Creating and managing tasks for Risk workflow

Users  can create remediation tasks for managing risks using commitments, obligations or any third party system. ICI Risk Management app currently supports managing Risk Assessment and Risk Area using ICI Commitment functionality.

To create a task using commitment:

1. Click "Risk Management" > "Risk Assessment" from the "Home" page. The saved search result page opens with all Risk Assessment records.

2. Click the View Record icon next to the "Risk Assessment" record you want to open. For example, "Risk_Assessment_Jan2022". The Risk Assessment Details page opens.

3. Click the "Commitments" tab in the left navigation. The existing commitments are displayed if any.

RMApp-RiskWorkflow1.PNG

4. Click "Add Commitment" action icon. The "Add Commitment" drawer opens.

RMApp-RiskWorkflow2.PNG

5. Enter the details for the commitment and 'c'lick "Save". The commitment is created and added to risk assessment. 

RMApp-RiskWorkflow3.PNG

To view and take action on the commitment tasks:

1. Click the three dots menu and click "Take action on commitment". The "Take Action on Commitment" drawer opens.

RMApp-RiskWorkflow5-5.PNG

2. Add the action details.

3. Click "Save". The Commitment status is updated according to the action taken.

RMApp-RiskWorkflow6.PNG
 
Note: The action can also be delegated to a desired user by clicking on the "Delegate" button.

Refer to the "Compliance Management" page for more details on working with commitments.

 

Accessing the Risk Area actions Notifications 

The ICI Risk Management app sends notifications when certain actions are taken on the Risk Area. These seeded notifications are sent when an events occurs:

  • Risk area is created
  • Risk area due diligence is initiated
  • Risk area remediation is initiated
  • Risk area monitoring is initiated
  • Risk area is deactivated

The recipients can access the notifications from "Notification Dashboard":

  1. Click the Notifications bell icon on the top right. The "Notifications Dashboard" opens.
RMApp-RiskNotifications1.PNG
  1. Click "Risk Management Notifications". The list of notification events opens.
  2. Expand the notification event. The notifications belonging to the selected event are displayed. 
  3. Select the Notification you want to view. The selected Notification opens in the right pane.
RMApp-Notifications.png

 

 

 

Related Topics: Agreement Management |