Hello Community!
We have an existing process where we can order external ressources via a catalog item. Now we want to add risk assessment to this process.
I already have
- an attestation which the requester has to answer after committing the request
- a risk assessment which calculates the inherent risk based on attestation answers
- approval configuration with two levels which create approvals for different departments, based on the risk rating (low/ medium/ high)
Depending on approval / rejection the order will be executed or aborted.
My question is about best practice setup:
1️⃣ Should I use the risk assessment for risk calculation and approval process? (This was my first setup, as the RA process has a state "awaiting approval".)
2️⃣ OR should I use the RA only for risk calculation and use the risk as the base for my approval process?
Thank you in advance! 🙂
Max
