Line 18: | Line 18: | ||
*Counter Party Risk Management (for example managing risks relevant to suppliers or vendors) | *Counter Party Risk Management (for example managing risks relevant to suppliers or vendors) | ||
*Business Operations Level Risk Management | *Business Operations Level Risk Management | ||
+ | |||
+ | == The Prerequisites == | ||
+ | |||
+ | The user must have: | ||
+ | |||
+ | *Completed ICM Product Training | ||
+ | *Risk Management App must be enabled on customer environment | ||
== Configuration setup overview == | == Configuration setup overview == | ||
Line 73: | Line 80: | ||
Similarly, setup masterdata for Risk Taxonomy, Risk Remediation action, Risk Area, Likelihood Rating, Likelihood & Consequence Rating, Risk Score Matrix Masters. | Similarly, setup masterdata for Risk Taxonomy, Risk Remediation action, Risk Area, Likelihood Rating, Likelihood & Consequence Rating, Risk Score Matrix Masters. | ||
− | | + | == Working with Risk Assessment == |
+ | |||
+ | The Icertis Risk Management app enables users to manage risks by creating risk assessment. Risk Assessment deals with the process of identifying and evaluating the magnitude of potential risk areas. For example, buyers can use the ICM Risk Management application that allows configuring a questionnaire to perform supplier risk assessment. The risk areas can be identified based on the responses received for the questionnaire as the outcome of the risk assessment process.<br/> Risk assessment workflow performed by risk assessment owners typically involves the following: | ||
+ | |||
+ | *Initiating Risk Assessment: The risk assessment owners can instantiate the risk assessment workflow to identify the risks. For example, the risk assessment can be a questionnaire where the users respond to the questions by submitting the risk assessment. This initiates the risk assessment in Draft state. | ||
+ | *Risk Assessment approval: Based on the complexity of risk assessment, ICM administrators can configure the rules to add approvers to the assessment team. If there are approvers added to the assessment team, the risk assessment is sent to the approvers for approval. The risk assessment is approved automatically if no approvers are added to the assessment team. | ||
+ | *Risk Assessment Complete: The status of the risk assessment changes to Assessment Complete when the risk assessment is approved. The risk area can be identified and auto instantiated based on the configured rules. | ||
+ | |||
+ | <br/> Here is the Risk Assessment workflow at a glance: | ||
+ | |||
+ | image 6 | ||
+ | |||
+ | == Creating a Risk Assessment == | ||
+ | |||
+ | #Click the Risk Management tile on the Home page. The drop-down opens with options: | ||
+ | <ul style="margin-left: 40px;"> | ||
+ | <li>Risk Assessment</li> | ||
+ | <li>Create Risk Assessment</li> | ||
+ | </ul> | ||
+ | |||
+ | screen 7 | ||
+ | |||
+ | #Click Create Risk Assessment. The Attributes page for Create Risk Assessment opens. The Attributes page includes questions to capture the responses based on which the risk areas can be generated. These questions are non-seeded attributes and users can add them to the Risk Assessment contract type as per their business needs. | ||
+ | |||
+ | The sections on the attributes page can be: | ||
+ | <ul style="margin-left: 40px;"> | ||
+ | <li>Identification</li> | ||
+ | <li>Risk Assessment Timeline</li> | ||
+ | <li>Supplier Perspective</li> | ||
+ | <li>Risk Assessment and Treatment</li> | ||
+ | <li>Security Policy</li> | ||
+ | <li>Organization Security</li> | ||
+ | <li>Asset and Information</li> | ||
+ | <li>Human Resource Security</li> | ||
+ | <li>Physical and Environmental</li> | ||
+ | <li>Ops Management</li> | ||
+ | <li>Access Control</li> | ||
+ | <li>Application Security</li> | ||
+ | <li>Incident Management</li> | ||
+ | <li>Business Resilience</li> | ||
+ | <li>Compliance</li> | ||
+ | </ul> | ||
+ | <ol start="3"> | ||
+ | <li>Enter the details in fields in the Identification section:</li> | ||
+ | </ol> | ||
+ | <ul style="margin-left: 40px;"> | ||
+ | <li>Risk Assessment Name: Enter the risk assessment name. To make it easier for the users of your organization to find the risk assessment, the name should include some basic information about the risk assessment. For example, purpose of the risk assessment. For example, enter a name as Risk_Assessment_May2020.</li> | ||
+ | <li>Risk Assessment Description: Enter the description of the risk assessment you are creating. This should include information that will help in finding the risk assessment based on the information you entered. For example, this is created to assess the probable risks due to the COVID-19 pandemic. </li> | ||
+ | <li>Risk Assessment Entity: Select the entity for which you are creating the risk assessment. This includes entities which might be at risk. For example, select Business Operations.</li> | ||
+ | </ul> | ||
+ | |||
+ | screen 8 | ||
+ | <ol start="4"> | ||
+ | <li>Enter the details in fields in the Risk Assessment Timeline section.</li> | ||
+ | </ol> | ||
+ | <ul style="margin-left: 40px;"> | ||
+ | <li>Assessment Start Date: Select the start date of the assessment. This is the date from which you want to assess the probable risks to business due to specific reasons. For example May 31, 2020.</li> | ||
+ | <li>Assessment End Date: Select the end date of the assessment. This is the date till which the probable risks to business will be assessed. For example, June 1, 2020.</li> | ||
+ | </ul> | ||
+ | |||
+ | screen 9 | ||
+ | <ol start="5"> | ||
+ | <li>Enter the details in fields in all the sections on the Attributes page.</li> | ||
+ | <li>Click Next. The Verify page opens.</li> | ||
+ | </ol> | ||
+ | |||
+ | Note: The template to create the risk assessment is seeded and selected through the configured Template Selection rule. | ||
+ | <ol start="7"> | ||
+ | <li>Click Create. The risk assessment is created in Draft state. </li> | ||
+ | </ol> | ||
+ | |||
+ | screen 10 | ||
− | | + | Once created, users can Edit, Delete, Cancel or Submit the Risk Assessment. |
Revision as of 09:52, 13 August 2020
Contents
ICM Risk Management App
Overview
The Icertis (ICM) platform introduces the Risk Management application to make it easier for professionals to carry out their tasks related to Risk Management such as assessment, due diligence, remediation, monitoring and reassessment. Risk Management is the process of identifying the potential risk, assessing the magnitude of the risk based on business objectives and devising strategies to mitigate them and tracking the performance until they are completely mitigated.
It enables secure communication with different parties involved in the process of Risk Management that is more effective than the traditional ways of communication such as email. Its user-friendly interface makes it possible for anyone in the enterprise, from the risk management personnel to the supply analytics team, to be able to use the platform with ease.
ICM Risk Management consists of:
- Risk assessment (with survey)
- Auto instantiation of risk area
- Configurable contract types risk assessment and risk area with its workflow based on risk management process
- Masterdata that captures risk library, risk taxonomy and risk score matrix to effectively govern the risk management process
screen 1
ICM Risk Management application is based on the ICM platform that supports the following business scenarios:
- Contractual Risk Management
- Counter Party Risk Management (for example managing risks relevant to suppliers or vendors)
- Business Operations Level Risk Management
The Prerequisites
The user must have:
- Completed ICM Product Training
- Risk Management App must be enabled on customer environment
Configuration setup overview
ICM offers the ability to determine the application type (Contracting, Sourcing, Obligation Management and Risk Management application) when creating a contract type. This is possible with the inclusion of two new choice type attributes, Business Application Type and Business Application Category at the contract type level. This feature helps effortlessly drive business applications on ICM platform.
These attributes are enabled through technical configuration and applicable for agreements and associated document contract types. The access privileges for business applications (such as Risk Management) are managed through security groups.
screen2
The Risk Management Application provides some seeded entities that are necessary for the flow of the Risk Management. Some of the entities are:
- Masterdata:
- Risk Taxonomy
- Risk Remediation
- Risk Area Master
- Likelihood Rating
- Likelihood & Consequence Rating
- Risk Score Matrix
- Contract types:
- Risk Assessment as agreement contract type with business application type as risk management and business application category as risk assessment defined at contract type level
- Risk Area as associated document contract type with business application type as risk management and business application category as risk area defined at contract type level
- Rules:
- Instantiate the risk areas after completing the risk assessment
- Copy attribute values from risk assessment to the risk area
- Add risk area owner to the team
- Add Approver
- Add Team members
- Select the Template
- Notifications for events:
- Risk area is created
- Risk area due diligence is initiated
- Risk area remediation is initiated
- Risk area monitoring is initiated
- Risk area is deactivated
Please refer to the Risk Management Configuration guide for details.
Setting up masterdata values
Risk Management Application provides some seeded masterdata that are necessary for the flow of the Risk Management. Users can create masterdata instances with desired values.
To create masterdata instance:
- Click Configuration > Masterdata > Create Masterdata on the Home page. The Create Masterdata page opens.
Screen 3
- Select the Masterdata Contract Type. For example, Risk Area Master.
Screen 4
- Click Next. The Attributes page opens.
- Enter or select the details in the fields.
- Click Save. The masterdata instance is created.
screen 5
Similarly, setup masterdata for Risk Taxonomy, Risk Remediation action, Risk Area, Likelihood Rating, Likelihood & Consequence Rating, Risk Score Matrix Masters.
Working with Risk Assessment
The Icertis Risk Management app enables users to manage risks by creating risk assessment. Risk Assessment deals with the process of identifying and evaluating the magnitude of potential risk areas. For example, buyers can use the ICM Risk Management application that allows configuring a questionnaire to perform supplier risk assessment. The risk areas can be identified based on the responses received for the questionnaire as the outcome of the risk assessment process.
Risk assessment workflow performed by risk assessment owners typically involves the following:
- Initiating Risk Assessment: The risk assessment owners can instantiate the risk assessment workflow to identify the risks. For example, the risk assessment can be a questionnaire where the users respond to the questions by submitting the risk assessment. This initiates the risk assessment in Draft state.
- Risk Assessment approval: Based on the complexity of risk assessment, ICM administrators can configure the rules to add approvers to the assessment team. If there are approvers added to the assessment team, the risk assessment is sent to the approvers for approval. The risk assessment is approved automatically if no approvers are added to the assessment team.
- Risk Assessment Complete: The status of the risk assessment changes to Assessment Complete when the risk assessment is approved. The risk area can be identified and auto instantiated based on the configured rules.
Here is the Risk Assessment workflow at a glance:
image 6
Creating a Risk Assessment
- Click the Risk Management tile on the Home page. The drop-down opens with options:
- Risk Assessment
- Create Risk Assessment
screen 7
- Click Create Risk Assessment. The Attributes page for Create Risk Assessment opens. The Attributes page includes questions to capture the responses based on which the risk areas can be generated. These questions are non-seeded attributes and users can add them to the Risk Assessment contract type as per their business needs.
The sections on the attributes page can be:
- Identification
- Risk Assessment Timeline
- Supplier Perspective
- Risk Assessment and Treatment
- Security Policy
- Organization Security
- Asset and Information
- Human Resource Security
- Physical and Environmental
- Ops Management
- Access Control
- Application Security
- Incident Management
- Business Resilience
- Compliance
- Enter the details in fields in the Identification section:
- Risk Assessment Name: Enter the risk assessment name. To make it easier for the users of your organization to find the risk assessment, the name should include some basic information about the risk assessment. For example, purpose of the risk assessment. For example, enter a name as Risk_Assessment_May2020.
- Risk Assessment Description: Enter the description of the risk assessment you are creating. This should include information that will help in finding the risk assessment based on the information you entered. For example, this is created to assess the probable risks due to the COVID-19 pandemic.
- Risk Assessment Entity: Select the entity for which you are creating the risk assessment. This includes entities which might be at risk. For example, select Business Operations.
screen 8
- Enter the details in fields in the Risk Assessment Timeline section.
- Assessment Start Date: Select the start date of the assessment. This is the date from which you want to assess the probable risks to business due to specific reasons. For example May 31, 2020.
- Assessment End Date: Select the end date of the assessment. This is the date till which the probable risks to business will be assessed. For example, June 1, 2020.
screen 9
- Enter the details in fields in all the sections on the Attributes page.
- Click Next. The Verify page opens.
Note: The template to create the risk assessment is seeded and selected through the configured Template Selection rule.
- Click Create. The risk assessment is created in Draft state.
screen 10
Once created, users can Edit, Delete, Cancel or Submit the Risk Assessment.