How to use Business Processes

Michael Oosten1
Tera Expert

‎01-20-2023 08:33 AM

Hi,

I was looking into Business Processes (Policy and Compliance > Scoping > Business Process, or Risk > Scoping > Business Process) for rolling up risk & compliance to process level.

 

The documentation (see diagram at the bottom of the page) suggests that you can define the relationship of the process with the associated risks and controls. And that you can determine how associating the risks and controls helps to derive the risk rating of the process. How exactly does this work? The documentation (or RCI training) doesn't describe how you can accomplish this and what the best-practices are.

 

Typically I would create an Entity Type called Business Processes and relate my Risk Statements and Control Objectives. But the documentation seem to suggest there is another way. Does anyone know?

 

Thanks,

Michael

0 Helpfuls
  • 1,332 Views
2 REPLIES 2

Community Alums
Not applicable

‎01-23-2023 06:52 AM

Hi @Michael Oosten1 ,

Your idea is correct!!

You are actually creating Entity Type by using a Entity filter which is eventually called from a table which comprises of your Business Application , something like this :

SandeepDutta_0-1674485139617.png

This is your Entity filter :

SandeepDutta_1-1674485171860.png

Now, you can either relate the Risk Statements and Control Objectives in this entity filter itself or at the control objective level too , something like below :

SandeepDutta_2-1674485331228.png

 

 

0 Helpfuls

Michael Oosten1
Tera Expert

‎01-24-2023 07:23 AM

Yes, thanks for your reply. And I'm well versed in Entity Types and Filters. The documentation of Business Process (not Business Application!) seems to suggest another type of usage, but I guess that's meant as a conceptual explanation.

 

Thanks,

Michael

0 Helpfuls