Risk Acceptance
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎06-08-2022 02:04 AM
We are setting up GRC and using OOTB as much as possible but we have a slightly different response to our Risk Acceptance workflow.
The OOTB behaviour is that the response approach of 'Accept' for a risk requires an approval from the risk owner.
We would like to extend the approval logic where the risk has an impact to the enterprise and residual risk scoring.
Example if the risk impacts a local area then risk owner can accept but if that risk impact threat rating is higher than say 16 out of 20, or it effects multiple business areas then it needs to be escalated to a senior level for review.
We are being advised that this falls into 'pro-code' customisation. But from the standard approach below it does look like the enterprise escalation is standard?
- Labels:
-
Risk Management
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎06-08-2022 12:05 PM
every organization has a pretty much different risk acceptance process. so in fact, this type of workflow configuration is expected. and from a technical stand-point, the configuration needs to be done to one workflow(Risk acceptance approval)
Thanks,
Ahmed
Please mark my answer as ✅ Correct / Helpful based on the Impact
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎06-10-2022 01:39 AM
Can you elaborate on your answer please. Where do i create that workflow?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎06-13-2022 05:53 AM
You don't need to create a new workflow.
- Navigate to Workflow editor
- Search Risk acceptance approval workflow
- edit the workflow to accommodate your needs
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎06-12-2022 08:18 AM
You need to go to Workflow Designer since the BR is only there to check is risk.owner is empty and if not it triggers the WF Risk Acceptance Approval. The issue there is that the "random" value (16 or 20) you choose to escalate would be coded in the WF itself. You would need to put in place a check to verify that there is a user_id for the "senior level" to escalate to.