You do not have permission to edit this page, for the following reason:
You can view and copy the source of this page:
Return to ICI Risk Management.
The Icertis (ICM) platform introduces the Risk Management application to make it easier for professionals to carry out their tasks related to Risk Management such as assessment, due diligence, remediation, monitoring and reassessment. Risk Management is the process of identifying the potential risk, assessing the magnitude of the risk based on business objectives and devising strategies to mitigate them and tracking the performance until they are completely mitigated.
It enables secure communication with different parties involved in the process of Risk Management that is more effective than the traditional ways of communication such as email. Its user-friendly interface makes it possible for anyone in the enterprise, from the risk management personnel to the supply analytics team, to be able to use the platform with ease.
ICM Risk Management consists of:
screen 1
ICM Risk Management application is based on the ICM platform that supports the following business scenarios:
The user must have:
ICM offers the ability to determine the application type (Contracting, Sourcing, Obligation Management and Risk Management application) when creating a contract type. This is possible with the inclusion of two new choice type attributes, Business Application Type and Business Application Category at the contract type level. This feature helps effortlessly drive business applications on ICM platform.
These attributes are enabled through technical configuration and applicable for agreements and associated document contract types. The access privileges for business applications (such as Risk Management) are managed through security groups.
screen2
The Risk Management Application provides some seeded entities that are necessary for the flow of the Risk Management. Some of the entities are:
Please refer to the Risk Management Configuration guide for details.
Risk Management Application provides some seeded masterdata that are necessary for the flow of the Risk Management. Users can create masterdata instances with desired values.
To create masterdata instance:
Screen 3
Screen 4
screen 5
Similarly, setup masterdata for Risk Taxonomy, Risk Remediation action, Risk Area, Likelihood Rating, Likelihood & Consequence Rating and Risk Score Matrix Masters.
The Icertis Risk Management app enables users to manage risks by creating risk assessment. Risk Assessment deals with the process of identifying and evaluating the magnitude of potential risk areas. For example, buyers can use the ICM Risk Management application that allows configuring a questionnaire to perform supplier risk assessment. The risk areas can be identified based on the responses received for the questionnaire as the outcome of the risk assessment process.
Risk assessment workflow performed by risk assessment owners typically involves the following:
Here is the Risk Assessment workflow at a glance:
image 6
screen 7
The sections on the attributes page can be:
screen 8
screen 9
Note: The template to create the risk assessment is seeded and selected through the configured Template Selection rule.
screen 10
Once created, users can Edit, Delete, Cancel or Submit the Risk Assessment.
screen 11
The saved search result page opens with all Risk Assessment records.
screen 12
screen 13
screen 14
screen 15
The confirmation window opens.
screen 16
screen 17
screen 18
screen 19
screen 20
Approvers can Approve or Reject the Risk Assessment from the risk assessment Details page.
To reject:
screen 21
To approve:
If there are no Approvers added to the Risk Assessment Team, the record will be approved directly and move to the Assessment Complete state.
screen 22
Note: The Assessment Complete state is the final state for Risk Assessment, and users cannot take further actions.
Changes made to the Risk Assessment record during various ICM risk management workflows are captured and can be viewed under History tab. For example, changes in Risk_Assessment_May2020 throughout its lifecycle are captured.
screen 23
Managing Risk Area includes:
The risk area can be generated automatically by seeded rules based on the risk assessment responses. Users can also add the risk area manually to the risk assessment.
To create a risk area for risk assessment:
screen 1
The Create Association Risk Area page has sections:
Reference Risk Assessment
This section contains the attributes:
screen 2
Risk Area Details
This section contains the attributes:
screen 3
Note: The values in the risk area details section can be auto-populated from Risk Area Master. The Risk Owner can be added to the risk area through configured rules.
Inherent Risk Rating
Inherent risk rating is the risk rating applicable to the risk when it was determined for the first time.
This section contains the attributes:
Note: The Inherent risk level and score is determined from the values in inherent likelihood rating and consequences rating and can be entered manually or by configuring rules.
screen 4
Risk Remediation Plan
This section includes the informaton related to the remediation stategies and actions that can be taken to mitigate the risk areas.
This section contains the attributes:
screen 5
Residual Risk Rating
This section includes the information related to the residual risk left after the remediation actions are taken.
This section contains the attributes:
screen 6
screen 7
screen 8
Risk Area records can be searched from:
To search risk area from association index page:
screen 9
To search risk area from Risk Assessments search result page:
screen 10
The Risk owner can be added to the risk area through configured rules. Risk owner then can take certain actions from the risk area Details page when the risk area is in Assessment state.
The actions can be:
Users can repeat the workflow Due Diligence – Remediate – Monitor until the risk is completely mitigated.
Users can also automate the workflows to initiate due diligence, remediate and monitor risk areas by configuring rules.
screen 11
Click Initiate Due Diligence. The Risk Area Details page opens again.
screen 12
The status of the risk area changes to Due Diligence.
screen 13
Click Remediate on the risk area Details page. The Risk Area Details page opens again.
screen 14
The status of the risk area changes to Remediation.
screen 15
Users can monitor the risk areas based on the remediation actions taken to check whether the risks are reduced.
To monitor a risk area:
Click Monitor on the risk area Details page. The Risk Area Details page opens.
screen 16
The status of the risk area changes to Monitoring.
screen 17
Users can repeat the actions taken on the risk areas until the risks are completely mitigated.
screen 18
screen 19
Risk owners can deactivate the invalid risk area. Once deactivated, no further actions are allowed on the risk area.
screen 20
screen 21
Changes made to the Risk Area record during various ICM risk management workflows are captured and can be viewed under History tab. The History tab for Risk Area has All, Draft, Approval and Post-Approval tabs. For example, changes in ICMRiskArea_372 throughout its lifecycle are captured.
screen 22
The Risk Area action workflows can also be managed automatically by configuring rules. Users can set the value in the script type attribute Target ICM to move the Risk Area workflow automatically from Assessment state to Due Diligence, Remediation or Monitoring state.
Users can create remediation tasks for managing risks using commitments, obligations or any third party system. ICM Risk management app currently supports managing Risk Assessments using ICM Commitment functionaity.
To create a task using commitment:
screen 1
screen 2
screen 3
To view and take action on the commitment tasks:
screen 4
The ICM Risk Management app sends the notifications when certain actions are taken on the Risk Area. These notifications are seeded.
The notifications are sent when events occurs:
The recipients can access the notifications from Notification Dashboard:
screen 5
You do not have permission to edit this page, for the following reason:
You are not allowed to execute the action you have requested.
You can view and copy the source of this page:
Return to ICI Risk Management.