When RFx modification is initiated:

• The RFx status changes to In Modification.
• The status of rounds changes to On Hold (except rounds in Closed', Evaluation Started, Evaluation Closed statuses).
• Buyers can:
  • Modify Line Items:
    • Add line items for rounds in any status, except Closed or Evaluation related statuses.
    • Edit line item attribute values for rounds in Draft or Waiting for Approval statuses, and for any round that might be created in future post RFx modification approval.
    • Remove the line items through shortlisting. User can mark them as not selected for rounds in Draft and Waiting for Approval statuses, and for any round that might be created in future post RFx modification approval.
  • Modify Supplier and Supplier Contacts:
    • Add new suppliers for rounds in any status, except Closed and Evaluation related statuses.
    • Add new supplier contacts to existing supplier for rounds in any status, except Closed and Evaluation related statuses.
    • Remove supplier through shortlisting. User can mark them as not selected for rounds in Draft and Waiting for Approval statuses, and for any round that might be created in future post RFx modification approval.
  • Modify Questionnaires
    • Add new questionnaires for rounds in any status, except Closed and Evaluation related statuses.
    • Add new questions to existing questionnaire for rounds in any status except Closed and Evaluation related statuses.
  • Modify External Attachments: 
    • Buyer can add, edit and remove external attachments.
    • When new attachments are added or existing attachments are modified, then the supplier will get the access once RFx modification is approved and at least one round is in Open status. However, suppliers will still have access to other attachments that have not been modified.
  • Update Selective RFx Attributes: 
    • Buyers can selectively edit attributes, except those that have been configured by the administrator as non-editable.
    • The attribute changes are displayed in the audit history. Note that, modifying selective attributes is a specific solution when RFx is In Modification status and is not a standard framework across the sourcing application.
  • Enable or Disable Configuration Flags (Allow Line Item changes in RFx/ Allow Supplier Attachment changes in RFx/ Allow New Question/ Allow New Supplier During RFx Phase):
• Allow Line Item changes in RFx: If this flag is enabled, then buyers can add/edit line items through UI or Excel when RFx is in modification. If flag is disabled, then add/ edit will not be allowed when RFx is in modification.
• Allow New Supplier During RFx Phase/ Allow Supplier Attachment changes in RFx/ Allow New Question: If any of the flags is enabled, then buyers can make changes to supplier/ supplier attachment/ questions respectively when RFx is in modification. If the flag is disabled, then respective changes will not be allowed when RFx is in modification. 

The supplier cannot take actions such as Submit, Recall Bid, and Decline RFx on bids. 

For RFx modification approval, the administrator can configure rules to set the Approver. Approver can approve or reject the changes:

• If the buyer recalls the modification approval or approver rejects the changes, then RFx moves to the In Modification status.
•  If the changes are approved, then the round and RFx status recalculation is done. For example, when RFx is in Bidding Open status, and round is in Open status, and buyer initiates modification, then the round will move to On Hold and RFx will move to In Modification status. When the buyer makes the required changes, and the changes are approved, then status recalculation is done based on round end date.
•  If the round end date has passed, then round status will move to Closed and corresponding RFx status will move to Bidding Closed. 
•  If the round end date has not passed, then round status will move to Open, and corresponding RFx status will move to Bidding Open. In this case, the supplier will then be able to access bid and can perform actions such as Submit, Decline RFx and Recall Bid

When no Approver has been added, the RFx is auto-approved.

RFx Evaluation Workflow 

567274 – Ability to evaluate and score suppliers based on bid submissions

Previously, buyers were not able to evaluate various suppliers in a round/RFx. They need a provision to evaluate suppliers on their bid submissions in response to the RFx as well as other capabilities (technical, commercial, tactical criteria). They can then provide objective scores and assign weightage that will help them not only in the awarding process, but also in selecting suppliers for future rounds.

With this release, buyers and administrators can conduct a review, and evaluators can score the supplier bids as well as provide feedback on the supplier submissions, contractual documents, etc. This is then consolidated and reviewed by the users which helps the event owner make an awarding decision based on the analysis.

Buyers can now:

• Create evaluation types: a mandatory text field. It includes a numeric Weightage field that can have a value between 0 to 100.
• Define evaluation criteria: a mandatory text field. The evaluation criteria data type and response type is added in the masterdata where criteria are created. It includes a Score field that can have a value between 0 and 100.
• Enable or disable evaluation in round: includes a flag Enable Evaluation in Round that is available when creating a RFx and a round. One the RFx or round is approved, this setting cannot be changed even when the RFx is in modification.
• Add evaluation type and evaluation criteria to the round allows user to select any number of evaluation criteria in each evaluation type. Changes can be made anytime till the evaluation starts.
• Add users or a team as evaluators: allows creation of user groups of ICI users. A user can be part of multiple groups, and at least one user must be present in each group.
• View different statuses during evaluation process: includes statuses such as Evaluation Started andEvaluation Closed.
• Close the Evaluation: evaluation type and evaluation criteria per supplier are closed, and gives a consolidated view to buyers/administrators for analyzing ratings given by evaluators.

Assigned evaluators will now: 

• Receive notification about the evaluation that needs to be performed.
• View evaluation type and evaluation criteria assigned to them.
• Perform an evaluation and submit the ratings.

The Start Evaluation button will be available only after the round is closed.

Multi-Currency Support

• Configure the corporate currency in the currency master:
  • Add currencies to the currency masterdata that contains a list of currencies that can be used in an RFx event.
  • Manage currencies from the currency master by adding new currency and currency symbol.
  • Set a single currency as a corporate currency for the organization to be used in Sourcing reporting.
  • Restrict the option to delete the currency and only allow making it inactive. Note that every currency added to the currency master must have a validity period that allows using currencies in different entities.
• Configure the exchange rate of different currencies:
  • Add, remove or edit the exchange rates in the currency masterdata. The specified currency exchange rate must have a defined validity period.
  • Set currency exchange rates for supported currencies. Note that duplication of exchange rates for same currency and same validation is not allowed.
• Select the primary and allowed currency for the RFx:
  • Select one currency as the RFx primary currency which is selected from the list of currencies available in the currency master including the expired currencies. Buyers can also select multiple currencies to be allowed in the RFx. It is mandatory to select a primary and allowed currency for the RFx that will be used in bid analysis excel sheet to convert bid currency to RFx primary currency.
  • Select the primary and allowed currency that can be used by the supplier to bid for the RFx.
  • Restrict editing the currency attributes used in RFx other than the one that is set as RFx primary currency. When RFx primary currency is updated, ICI uses the currency for all other currency attributes automatically, until the RFx is in Draft state.The activities performed by the buyer relevant to the currency selected for an RFx are logged in the RFx History. 
• Select currencies from list of allowed currencies:
  • Allowed currencies for RFx can be used as the bid currency.
  • All currency attributes for a line item are restricted to the RFx currency.
  • The modified allowed currencies for RFx are displayed to suppliers as bid currencies for all items.
• Configure the exchange rate of different currencies for the RFx:
  • Specify the exchange rates that can be used in the RFx.
  • Specify if the applicable exchange rate is based on round start and end date and user selected date.
  • View the applicable exchange rate for the RFx and the history of the exchange rate specified for the selected RFx. Note that the applicable RFx exchange rate is available to both the buyers and suppliers.
  • Download the bid analysis excel at any time that includes all bids from all suppliers for all rounds along with the bid currency and RFx primary currency. The bid analysis file contains details such as line items, bids, and so on. You can download the bid analysis at RFx, Round, Bid level in the Sourcing lifecycle.
• Use conversion rates in bid analysis Excel:
  • Buyers can now:
    • Download the bid analysis Excel file that allows to view all the bids received from multiple suppliers.
    • Download the flexible bid analysis Excel file for each round after it is closed that allows viewing bids received and converted to RFx primary currency. This file contains information for specific rounds only.
  • Buyers can take the following actions when the bid is created: 
    • Select the bid currency that allows submitting surrogate bid on behalf of the supplier.
    • View the changes made to the bid that are logged in RFx History.
  • Suppliers can take the following actions when bidding in multiple currencies:
    • View the supported currencies for RFx that allows viewing the applicable exchange rates.
    • Select the currency from the list of quote currency that allows submitting the bid in the selected currency.
    • Submit the bids for items in selected currencies.
    • Upload or download the bidding template that allows adding bid information in excel sheet and upload to ICI.
    • Update the bid currency using ICI and Microsoft Excel 
  • Buyers can take the following actions when updating the awarding object for the RFx using multiple currencies:
    • Download the awarding decision template that will allow awarding the desired suppliers and upload the awarding decision.
    • Include the bid currency in the awarding decision that allows including the bid currency and other bid information in the contract.

Sourcing Application Enhancements

571048 – Supplier contact management UI improvements

Previously, when selecting a supplier contact, only the first name of the supplier contact was displayed.

With this release:

• The Supplier Contacts window user interface has been improved.
• The name of existing Supplier Contact Name column has been modified to Supplier Contact Full Name. For example, Tom Sibley instead of Tom.
• Buyers can remove a supplier contact from the Supplier Contact page. This updates the count of selected supplier contacts.
• The selected supplier contact’s full name is displayed on the new selected supplier contacts interface.
• The suppliers and supplier contacts saved earlier are now pre-selected when adding more suppliers and supplier contacts.

The supplier contact full name column will be displayed by default on the supplier contact selection page, supplier contact details page and grid view of the supplier contact association.

This makes it is easier for buyers and administrators to identify and select the correct supplier if there are multiple suppliers with the same first name.

Note: This is applicable for RFx, RFI, Rounds and Bulk Agreements.

• The file names will be the same as the left navigation pane when downloading or uploading them to ICI.
• The files will be downloaded as per the defined folder structure and folder naming conventions which helps users to easily identify files under individual folders of the RFx and avoid any discrepancies.
• If the files names are duplicated, then they are handled by appending a numeric value to the file name. 

Note: This is applicable to both RFx and RFI. 

568737 – Ability to link existing supplier contracts for prerequisite, mandatory and associated contracts

Previously, linking existing supplier contracts with the RFx was not possible. This created duplication of contracts and the user had to go through the complete contract lifecycle again.

With this release, an enhancement has been made to allow linking existing RFx supplier contracts for all prerequisite, mandatory and associated contracts.

Buyers can now:

• Link existing supplier contracts (prerequisite, mandatory or associated contracts) allowing buyers to leverage existing contracts with suppliers.
• View the contracts of the supplier when creating the bulk agreement that allows assigning any supplier contact as a signatory for the agreement.
• View the signatory of the prerequisite contracts that allows the suppliers to connect with the signatory if the contracts are not executed.
• Send the agreements for approval in bulk that helps avoiding sending the agreements for approval individually.
• Select the new signature type Click to Sign allowing suppliers to participate in the sourcing event by previewing, accepting or declining the contractual terms set by the buyer.

573435/573436 – Ability to add bulk line items to RFx to address large volume of sourcing data

The bulk associations capability has enabled ICI to handle a large number of associations to the tune of thousands, by presenting itself as a lightweight association as well as tremendously improving performance. The Sourcing event can include many line items for an RFx ranging from 500 to 50,000 maximum. In Sourcing, line items are considered as associations.

The bulk association configuration has now been simplified by providing aEnable Bulk Processing flag at contract type definition level which triggers a set of defaults that has been intentionally restricted. The end user experience for the bulk association has not changed from the way that the conventional association is handled from the UI, rather the underlying data structure has been further enhanced to make it go the distance.

Bulk association is enhanced to be able to address the large volume of data that Sourcing apps require. These enhancements include:

• The associations not having a workflow.
• Simplifying the association team by maintaining single team at proxy level for all instances, instead of each instance having its own team.
• Restricting document assembly, for individual instances, but the instances can be assembled in the parent agreement as a table or saved search.
• Reducing the attributes to be indexed in the parent, so as to cater a greater number of instances driven by the configuration key.

Note: Please refer to the Technical Design Document for more details.  

566709 – Addition of validations for shortlisted suppliers

Previously, validations for prerequisite and mandatory contracts appeared for all suppliers even if they were not shortlisted in the RFx.

Now, buyers will be able to view the validations for the prerequisite and mandatory contracts for the shortlisted suppliers only. For a shortlisted supplier, if all the prerequisite contracts are inactive, or if any one of the contracts is active but not in Approved or later state, then the validations will be displayed. For example, if there is one shortlisted supplier with two prerequisite contracts NDA 1 (in Draft state) and NDA 2 (in Waiting for Approval state), then validations will be displayed.

The validations will not be displayed for shortlisted suppliers when at least one active prerequisite contract exists, and all such contracts are in Approved or later state. For example, if there is one shortlisted supplier with two prerequisite contracts NDA 1 (in Approved state) and NDA 2 (in Expired state), no validations will be displayed since one of the two prerequisite contracts (NDA 1) is in Approved or later state.

404532 – Editing round start and end dates in different states

Previously, when the round was scheduled or open, buyers could not change the round start and end dates. However, in Sourcing, timelines often change for various criteria, internal or external.

With this release, buyers can now edit the round start and end date when the round is in Draft, Waiting for Approval, On Hold, Open or Approved statuses.

You can make changes only to the round end date when the round is in Open state. The changes made to the round start and end date are captured in the History on round Details page.

This does not impact an ongoing round and suppliers can continue to bid. If configured, all the team members (buyers or suppliers) who are on the round receive a notification when the change is made.

627740 – Flexibility to use non-seeded masterdata for supplier and supplier contacts 

Previously, to add supplier contacts, the buyer could select them from a list of supplier and supplier contacts in the Supplier window. This list of contacts belonged to a particular seeded masterdata contract type. Many customers have their own masterdata contract type for maintaining supplier and supplier contacts.

With this release, buyers can use any supplier and supplier contact masterdata contract type to add suppliers, whereas seeded attributes such as ICMAppSrcGlobalSupplierCode and ICMAppSrcSupplierContactEmailID are mandatory and should be a part of the custom contract types.

Note: This is applicable to RFx and RFI. 

Sourcing Reports 

576084 – Inclusion of the RFx Change History Report for a consolidated view of all actions of an entity

Previously, the Sourcing application provided the change history of rounds, bids and awarding separately for rounds and bids within the RFx.

With this release, the Change History Report has been introduced, which provides a consolidated view of all actions for entity. This will help the procurement team to view the entire history of rounds, bids and awarding within a RFx, at a glance for auditing purposes. This report is accessible only to buyers (not suppliers), from within a RFx transaction, hence only authorized users with access to a RFx can view this report. All the latest updated information captured at the point of time when the report is generated will be displayed in it.  

The Change History Report can be generated by applying the following filters - Entity Type, User Name, User Role and Supplier Name. By default, the report is filtered on Entity Type as RFx/RFI. Based on the requirement, users can change filters. The report provides details with columns such as Date & Time, Event, Entity Type, Entity Name, User Name, User Email, User Role, Supplier Name, Notes, Attribute Name, Previous Value and New Value.

Note: 

• This applies to RFx and RFI. 
• If the RFx is in Pre-Draft state the No Data Found message is displayed.

573599 – Enhancements to Sourcing Reports

The RFx Summary Report and RFx Details Report provide a consolidated view of data for RFx with various categorizations, thus providing the visibility to top management on sourcing activities and helping them to take more informed decisions.

With this release:

• The RFx Summary Report now displays: 
  • Sorting capability on RFx Information and Supplier Information columns.
  • The name of column Submitted 'Status is changed to Bidding 'Status and the name Submission Date is now changed to Bidding Status Update Date.
• The RFx Details Report now displays:
  • The RFx status displayed asBidding Closed, Bidding Scheduled, Bidding Open in conjunction with the revamped RFx workflow. 
  • The Bidding Details (within RFx Details Report) displays:
    • Supplier View: Supplier ID, Supplier Name, Round Name, Shortlisted status. 
    • Round View: Round Name, Supplier ID, Supplier Name, Shortlisted status.
    • Line item View: Line Item Name, Round Name.
  • The Supplier Information section (in RFx Summary, RFx Details Report) displays contracts such as NDA, MSA, and so on. The contract names will now also display the classification such as prerequisite, mandatory or associate for ease of use. For example, if Warranty Agreement is added as a prerequisite contract, then it will be displayed as Warranty Agreement (Prerequisite).
• The Bidding Details Report now includes:
  • Quote Currency column next to Quantity, that displays currency specified by supplier for each line item while bidding for a round.
    • For Sealed Bid, Bidding Details will be visible only when the round is inOpen, On Hold, Closed, Evaluation Started orEvaluation Closed status. The round details are not displayed otherwise. For non-submitted bids, submission status will be Not Submitted and Closed.
    • For bids with statusesDraft or Submitted, NA or a blank screen will be displayed for SupplierQuote Currency, Base Price and TotalPrice.
    • For bids with statusesNot Submitted and Closed, Submitted and Closed, the actual value will be displayed for Supplier Quote Currency, Base Price andTotal Price.
    • When the round is in On Hold status, bid object may or may not exist. If bid object exists, then entry will be displayed in bidding details. Otherwise, no entry will be displayed.
    • When round will be in Closed, Evaluation Started, Evaluation Closed status and when bidding status will be Declined, then actual value will be displayed for Supplier Quote Currency, Base Price and Total Price.
    • When round will be in On Hold or Open status, and bidding will be in Declined status, then NA or a blank screen will be displayed for Supplier Quote Currency, Base Price and Total Price.
    • For OpenRFx, Bidding Details will be visible when the round is in Open, On Hold, Closed, Evaluation Started or Evaluation Closed status. The round details are not displayed otherwise.
    • When the bid is Surrogate, then the actual values will be displayed for Supplier Quote Currency, Base Price and Total Price. Also, to highlight that the bid is surrogated, the Bidding Status column will be marked with * symbol. For example, Submitted *
    • For the bid in Draft status, NA or a blank screen will be displayed for Supplier Quote Currency, Base Price andTotal Price.
    • When the bid will be in Not Submitted and Closed, Declined, Submitted, Submitted and Closed status, then actual values will be displayed for Supplier Quote Currency, Base Price andTotal Price.
    • When the round will be On Hold status, bid object may or may not exist. If bid object exists, then entry will be displayed in bidding details. Otherwise, no entry will be displayed.  

Frequently Asked Questions

1. Does the new RFx workflow support customization?

• Yes, the new Sourcing workflow supports customization by making use of business status. Using technical configuration, customers can implement business status as desired to suit their requirements.

2. For customers using older version of Sourcing, do we support migration to the new workflow?

• During upgrade process, existing data shall be migrated to ensure that legacy data uses the new workflow. However, rules that were created previously using older workflow status will have to be reconfigured manually.

3. Can a supplier choose to participate in RFx after declining the RFx?

• Once the supplier has declined RFx, the supplier exits the RFx and shall not be able to participate unless added to the RFx explicitly by the buyer.

4. When using Copy RFx function, can I exclude and include a few attributes?

• While copying RFx, all attributes of the RFx and its associations are copied. However, few attributes can be configured for exclusion. If configured, then values of such attributes are not copied in RFx and its association.

5. When copying an RFx, what does “Link to RFx” do?

• If Link to RFx is set to Yes, it links the copied RFx to the source RFx. By default, this is set to No. In this case, the copied RFx will not be linked to the source RFx.

6. Is approval mandatory when modifying RFx? Can I skip the approval process?

• It is recommended to get RFx modifications approved. However, RFx modification approval can be skipped if approver is not configured.

7. When RFx is in modification, what actions are permitted? Can I add suppliers, items, etc.?

• When RFx is in modification, buyers can add/ shortlist suppliers, add questionnaires, add/ update/ shortlist line items, and add/ update/ remove external attachments.

8. Can I perform RFx evaluation at RFx level?

• No, you cannot do evaluation at RFx level, although you can create the evaluation in a round that has all the suppliers participating in the RFx and keep the evaluation open till all rounds are closed. Hence, the evaluation will be done once and could be treated as RFx level evaluation.

9. Is it necessary to do RFx evaluation for each round?

• No, you can choose before creating a round whether you want to enable evaluation in that round or not. Please note the Enable Evaluation flag cannot be modified using RFX modification.

10. How can I use scores and weightages in RFx evaluation?

• While setting up the evaluation, you may assign weightages and while evaluating you can provide scores while final evaluation you may download the evaluation sheet and use these scores and weightages to get the weighted scores.

11. What are the nuances of evaluator role?

• Evaluator is a new role. The evaluator has to be a provisioned user, who has limited access over the entities in the RFX and round, and can assign his role to someone else.

12. How can I invite different team members to different parts of evaluation?

• After adding the evaluation type, you need to select the evaluators which could be a team too though they all work on the same instance.
• Note: You may have same or different evaluators for different evaluation types.

13. I want to perform a bid analysis for every bid received for all or one supplier at a time? How can I do this'?

• To do bid analysis for every single bid received in the RFx, you can use the Flexible Bid Analysis feature. Select the attributes that you want to use for bid evaluation at the time of creating an Item. As a buyer, you can enter values for each bid evaluation attribute. Thus, you can perform a bid evaluation.

14. Can I add more extension attributes after RFx is approved?

• Currently, adding more extension attributes after RFx is approved is not supported. It is recommended to use all the extension attributes that are intended to be used before the RFx is approved.

15. After initiating award, how can I create another round of RFx?

• After awarding is initiated, new rounds cannot be created. To create new round after initiating awarding, buyer has to delete the awarding object and then create new round the way it is normally done.

16. For customers using older version of Sourcing, do we support migration for currency?

• At the time of migration, system will ensure that currency of existing RFx data is set to the organization currency. Allowed currencies is set to all currencies used in the RFx automatically. Post migration, currencies of existing RFx can be changed depending on the status of the RFx.

17. What happens if no exchange rates are available for any currency?

• If exchange rate is not available for a currency, conversion to RFx primary currency or organization currency does not happen. Once exchange rate is set, conversion to RFx primary currency shall happen.

18. Can I modify exchange rate of currencies? 

• Exchange rate of currencies with current and future validity can be edited. Exchange rate records of the past cannot be changed. New exchange rates shall apply when bid analysis is done thereafter.
   

ICI Risk Management Release Notes

Overview of Risk Management

The Icertis Contract Intelligence (ICI) platform introduces the Risk Management Application to make it easier for professionals to carry out their tasks related to risk management such as assessment, due diligence, remediation, monitoring and reassessment. Risk management is the process of identifying potential risk, assessing the magnitude of risk based on the business objectives, devising strategies to eliminate them and tracking the performance until they are completely mitigated.

The platform’s modern, scalable and integration-friendly cloud architecture can model even the most complex risk management scenarios. The App provides secure access such that only authorized users can access the App entities and data, using ICI’s access control functionalities. The user-friendly interface makes it possible for anyone in the enterprise having access to be able to use the platform with ease. 

Icertis uses a standard framework of discovery, assessment, remediation, monitoring and optimization to manage enterprise risk.

ICI Risk Management supports the following risk management business scenarios:  

• Business Operations Risk: For example, the impact of pandemic on the business operations of an organization. 
• Contractual Risk: For example, managing risks that arise from non-standard agreement terms, clauses, and so on. 
• Counter-Party Risk: For example, managing risks relevant to suppliers and vendors.

Terminology

Here are some terms that will help you better understand the risk management process:

• Risk Assessment: It deals with the process of identifying and evaluating the magnitude of potential risk areas. 

• Risk Area: It is the exposure that an organization has from internal or external factor(s) that impact the normal functioning of business and will lower its bottom line (or profits) or lead it to fail. For example, cyber security risk.

• Risk Taxonomy: It is comprehensive set of risk categories and sub-categories used in an organization. It outlines as approach to categorize and aggregate all types of risks that could affect the organization's objectives.

• Assessment: Risk owner determines or assesses whether identified risk area is valid or not. Likewise, risk owner can add a risk area manually.

• Due Diligence: It is a complete review of the risk area. As part of incomplete or missing information, tasks may be created to gather information. 

• Remediation: It is a strategy created to mitigate risks. For example, Avoid strategy, Transfer Strategy, Reduce Strategy, etc. Based on the remediation strategy, mitigation tasks are initiated.

• Control Effectiveness Rating: It represents the effectiveness of risk remediation actions taken to mitigate risk.  

• Monitor and Optimize: Monitoring involves the process of tracking the progress of residual risk level and risk score of a risk area as against the remediation tasks made for mitigation. If the residual risk score and risk level does not change as compared to the inherent score, then optimization allows taking additional due diligence or remediation tasks to mitigate risk.

• Risk Score Matrix: It is a matrix that uses a combination of likelihood and consequence rating to determine magnitude of risk. 

• Inherent Risk: It is a risk indicator. It is the starting score for each identified risk area and is expected to be controlled.

• Residual Risk: It is a risk indicator. It is the score that depicts the risk remaining once mitigation actions have been planned and implemented.

• Likelihood Rating: On a risk matrix, it represents the likelihood (level of probability) of risk occurrence.

• Consequence Rating: On a risk matrix, it represents the magnitude (level of impact) of risk occurrence.

• Risk Level: It is the qualitative score for every risk area transaction.

• Risk Score: It is the quantitative score for every risk area transaction.

The Challenge

Business risk can emerge from any division of a company and must be managed proactively to avoid devastating impacts. Often, these risks originate in the contracts of an organization with an external party or because of the business and regulatory environment in which the entity operates.

Yet, most organizations manage contractual, regulatory, financial reporting and environmental obligations manually. Automated extraction and monitoring of obligations are prevalent in very few companies across various industry verticals. Consequently, organizations do not have adequate visibility into the status of these obligations and end up being reactive in identifying and handling risks.

This raises the following challenges:

• Companies cannot proactively assess and manage their risks in business environment characterized by unpredictability, volatility and mounting counter-party solvency risks.

• Traditional Governance, Risk and Compliance (GRC) and Risk Management tools are not able to roll-up enterprise-wide risk insights from across contracts which are the ultimate source of commercial truth and hence are only good at reporting and analyzing risks in hindsight. 

• Lack of visibility and insight into obligations, typically spelled out in detail in service contracts, can lead to substantial risks for businesses if not surfaced at the appropriate time and monitored at an adequate level to provide required executive attention.

The Solution

Built   on   the   Icertis   Contract   Intelligence platform, the ICI Risk Management App brings a paradigm shift in the management of business risks. The App offers a process- oriented enterprise-wide  solution  to  stay  on  top  of  all  potential  risks  that  a  business  faces  –  whether  they  emanate  from  the  potential  insolvency  of  a  counter-party,  payment  default  by  a  customer,  supply  disruption  due  to  a  pandemic or natural disaster, logistics blockades due to  localized  conflicts,  or  other  market  turbulence.  

With the Risk Management App, companies can:

• Perform risk discovery, assessment, remediation, monitoring and optimization in any business context that is relevant to a specific organization. For example, supplier risk assessment at the time of onboarding a supplier, customer credit risk check while signing long-term contracts on non-cash terms, contractual performance risk while evaluating technical capabilities of a service provider, etc. 

• Prevent and reduce risk-injection as opposed to only managing risks.
   

The Capabilities

The intelligent and easy-to-use ICI Risk Management App offers these powerful capabilities:

• Ability to embed risk assessment in various business processes:
  • For example, during negotiation, supplier/ customer onboarding, third party contract ingestion, etc.

• Flexible and configurable risk assessment frameworks:
  • To cater to various industry and business specific risk management requirements.

• Questionnaire-based risk identification:
  • Questionnaire configuration capability to discover all vendor or business operation risks based on responses.

• Risk area and scoring model configurability:
  • A configurable risk area to gauge contract, counter-party and operations risk at various levels of business granularity.
  • An easy-to-configure platform that helps to set up a quantitative and qualitative risk score model to meet business needs.

• Alerts and notifications:
  • In-built notifications to inform risk owner about changes in risk area status.

• Auditing:
  • Audit trails of every action with user and time-stamp details.
     

The Benefits

• The ICI Risk Management App changes the risk management paradigm from identification and mitigation to preventing risk injection and remediation.

• Effective risk monitoring reduces the impact of operational, financial and reputational risk, contributing significantly to the company’s bottom line.

• Configurable system can conform to any risk model in the world and even develop industry - and company-specific risk models with no custom code required, thereby greatly reducing deployment costs.

The Risk Management Process

The Risk Management process has the following stages:

• Configure and Setup: 
  • Configure objects for risk assessment and the risk area (with its workflow). 
  • Configure the masterdata that captures risk area, risk taxonomy and risk score matrix to effectively govern the risk management process. 

• Discover: 
  • Rules engine can be used to discover potential risk areas and its risk score and risk level based on responses to risk assessment questions.

• Assess: 
  • Validate if the risk areas being identified are valid or not. If valid, check whether any further information is needed as part of due diligence.
  • Prioritize risks based on the risk category prioritization and risk tolerance.

• Remediation: 
  • Create tasks to mitigate risks based on risk area, and its risk score and risk level.

• Monitor and Optimize: 
  • Track the performance of risk and measure risk remediation effectiveness. 
  • Track residual risk against the inherent risk to continuously monitor and optimize performance by devising other remediation strategies.
     

Here is the ICI Risk Management App workflow:

Configuring the Risk Management App

This section provides details regarding seeded entities, rules and notifications. For more details on configuring the App, please refer to the ICI Risk Management Configuration Guide.

598329 – Seeded Entities

These include entities such as Masterdata and Contract Types that are necessary for the flow of the ICI Risk Management App, hence they are seeded. Using these seeded entities allows risk owners to populate an initial set of data imperative to the entity workflow. 

Masterdata has to be configured for: 

• Risk Taxonomy: As a comprehensive set of risk categories and sub-categories of risks that could affect the organization's objectives.

• Risk Remediation: As a strategy created to mitigate risks. For example, Avoid strategy, Transfer Strategy, Reduce Strategy, etc. Based on remediation strategy, mitigation tasks are initiated.

• Risk Area Master: The masterdata that includes the internal or external factor(s) that impact the normal functioning of business and will lower its bottom line (or profits) or lead it to fail. For example, Cyber Security risk.

• Likelihood Rating: It is a matrix that uses a combination of likelihood and consequence rating to determine the magnitude of risk.

• Risk Matrix: On a risk matrix, it represents the likelihood (level of probability) of risk occurrence.

Contract Types have to be configured for: 

• Risk Assessment: As agreement contract type with Business Application Type as Risk Management and Business Application Category as Risk Assessment.

• Risk Area: As associated document contract type with Business Application Type as Risk Management and Business Application Category as Risk Area.

The risk assessment and risk area actions are controlled using role action mapping.

598331 – Seeded Rules

Business rules that are critical to the flow of the ICI Risk Management App are seeded. These seeded rulesets can be modified as per the business requirement. Alternatively, you can create new rulesets and rules.

The seeded rules include: 

• Instantiating the risk areas after completing the risk assessment: Applicable risk areas are instantiated automatically based on the configured rule.

• Copying attribute values: Attribute values are copied from risk assessment to the risk area automatically based on the configured rule.

• Adding risk area team members: Users are added to the risk area team based on the configured rule.

620116 – Seeded Notifications

Notifications are sent out whenever a certain event occurs such as when a risk area is created. The notifications that are critical in the flow of the ICI Risk Management App are seeded. 

Some of the seeded notifications include: 

• Risk area is created
• Risk area due diligence is initiated
• Risk area remediation is initiated 
• Risk area monitoring is initiated
• Risk area is deactivated

Navigating the Risk Management App

620110 – Risk Management Navigation

A dedicatedRisk Management tile is introduced on the ICI Home page to provide a better user experience while working with risks. Users with view or manage access to the Risk Assessment contract type can access this tile and options Risk Assessments and Create Risk Assessment under it. 

The Risk Management tile allows you to work with existing risk assessments or create a new one.

• Risk Assessments: Clicking this navigates the user to the Advanced Search page where a pre-defined saved search is rendered. This page acts as a Risk Assessment index page that displays the current risk assessments.

Details related to Risk Assessment records such as Risk Assessment ID, Risk Assessment Name, Business Status, Assessment Start Date, Assessment Due Date, Created By and Created Date are displayed along with the actions that can be taken on them.

• Create Risk Assessment: Clicking this navigates the user to the Create Risk Assessment page to create a new risk assessment.

Working with Risk Assessment Contract Type

Risk Assessment contract types have to be configured as agreement contract type with Business Application Type as Risk Management and Business Application Category as Risk Assessment. It is controlled using role action mapping.

598341 – Risk Assessment Workflow

Risk assessment deals with the process of identifying and evaluating the magnitude of potential risk areas. For example, buyers can use the ICI Risk Management App for configuring a questionnaire to perform supplier risk assessment. The risk areas can then be identified based on the responses received for the questionnaire as the outcome of the risk assessment process.

Risk assessment workflow involves the following:

• Initiating Risk Assessment: Risk assessment owners can instantiate the workflow to identify risk areas. For example, a questionnaire can be configured as a risk assessment where users can submit their responses to the questions. This initiates the risk assessment in Draft state. 

• Risk Assessment Approval: Based on the complexity of risk assessment, ICI administrators can configure rules to add approvers to the assessment team. If approvers are added to the team, the risk assessment is sent to them for approval. If no approvers are added to the team, the risk assessment is automatically approved. 

• Risk Assessment Completion: On approval, the status of the risk assessment changes to Assessment Complete. The risk area can be identified and auto-instantiated based on the configured rules.

Working with Risk Area Associations Contract Type

598342 – Risk Area Creation

Icertis risk management seeks to reduce risks and give companies better control over their contracts, supply chain and business processes. If these risks are not attended to, they may impact the compliance, revenue and business relationships. 

Risk area is the exposure that an organization has from internal or external factor(s) that impacts the normal functioning of business and will lower its bottom line (or profits) or lead it to fail. For example, cyber security risk. Risk areas can be auto-instantiated for the potential risks identified based on the responses gathered from the risk assessment questionnaire by configuring rules. Authorized users can also create risk areas manually. 

598343 – Risk Area Workflow

Once the risk areas are identified, risk area includes the following stages:

• Assessment: The risk owner determines whether the identified risk area is valid on not. The risk area is created automatically after the assessment is complete based on the configured rules. Each identified risk area is calculated as the inherent risk (a risk indicator) and is the starting score of the risk area that is expected to be controlled. If the risk area is invalid, risk owner can deactivate the risk area by adding the appropriate reason as supporting information. Based on the requirements, risk owner can add a risk area manually.

• Due Diligence: It involves tasks like getting relevant information from different stakeholders and creating a single source of information. For example, Risk Owner can request procurement team to provide supporting documents for more information.

• Remediation: The risk owners can create strategies/ tasks to mitigate identified risks. For example, strategy to transfer risk or reduce risk.

• Monitoring: It involves the process of tracking the progress of risk area as against the remediation task. It also tracks the residual risk against the inherent risk. The residual risk (a risk indicator) is the score that depicts the risk remaining once mitigation actions have been planned and implemented. The risk owners can update the residual risk regularly and track its progress. If the residual risk level does not improve within a stipulated time period, the risk owners can initiate due diligence or remediation on the risk area again.

The workflow is multi-directional. The risk area can move forward or backward in the workflow. The user can manually change risk related attributes.

Frequently Asked Questions

1. Is the ICI Risk Management tile name configurable?

• Yes, the Risk Management tile name is configurable.

2. Is the App available on smartphone as a mobile App?

• No, the App is currently not supported on mobile App.

3. Is localization supported by the App?

• Yes, the App has localization support for all languages supported in ICI.

4. Can I view a list of active risk area?

• Yes, a list of active risk areas and risk assessments can be monitored.

5. Are audit logs available in the App?

• Yes, audit trails of every action with user and time-stamp details are available.

Technical Requirements for Release 7.12