Workflow of a risk using Advanced Risk

  • Release version: Washingtondc
  • Updated February 1, 2024
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Workflow of a risk using Advanced Risk Governance, Risk, and Compliance

    The Advanced Risk Assessment feature enhances the management of risks by providing a clearer view of various risk states and simplifying the risk form. Once the "Migrate to Advanced Risk Assessments" property is enabled, the risk lifecycle transitions from a binary active/inactive classification to a more detailed multi-state process. This migration is irreversible.

    Show full answer Show less

    Key Features

    • Risk States: Starting with version 14.0, risks can be in one of five states: Draft, Assess, Respond, Monitor, or Retired.
    • Actions per State: Each state has specific actions available, allowing risk owners to manage risks effectively throughout their lifecycle.
    • Direct Initiation: Risk assessments can be initiated directly from the risk form.

    Key Outcomes

    • Draft: Identify and map risks. Actions include saving, assessing, monitoring, retiring, and navigating to assessment scope.
    • Assess: Perform risk assessments with options to save, view, cancel assessments, or return to draft.
    • Respond: Manage ongoing risk response tasks, with the ability to save, assess, retire, or return to draft.
    • Monitor: Oversee risks post-assessment, with actions to save, assess, retire, or return to draft.
    • Retire: Archive risks no longer valid while retaining a system of record for audits, with options to reactivate risks.

    When you migrate to advanced risk assessment, you can view the various states of the risks take the necessary actions. This ability simplifies your view of the risk form.

    When your risk administrator enables the Migrate to Advanced Risk Assessments property located under Advanced Risk Assessment > Administration > Properties, the life cycle of the classic or legacy risks undergo a change. You can also initiate a risk assessment directly from the risk form.
    Note:
    Once you enable this property, you cannot disable it.
    Prior to version 14.0, when the Migrate to Advanced Risk Assessments property was enabled, the risks were only classified as either active or inactive. Starting with version 14.0, as a risk owner, when you enable Advanced Risk, you can view the following states of your risks.
    1. Draft
    2. Assess
    3. Respond
    4. Monitor
    5. Retired
    Figure 1. States of a risk with advanced risk assessment
    States of a risk with advanced risk assessments enabled.
    All the states and the actions available for each state are explained in the following table.
    State Description Actions available
    Draft This is the state of a risk when a risk is created by the second line of defense or identified by the first line of defense.

    The objective in this state is to map and identify the risk pertaining to your organization. If you modify the entity or the primary risk assessment methodology (RAM) for a risk, the state of the risk gets updated based on the primary RAM's latest assessment.
    • Save
    • Assess: Pushes the workflow and initiates the risk assessment.
    • Monitor: If you do not want to assess the risk but want to monitor the risk.
    • Retire: The risk is retired along with all underlying risk assessment and risk response.
    • Navigate to assessment scope: Shortcut to risk assessment scope. The primary risk assessment methodology is passed.
    • 360 degree: View the complete 360-degree relationships for the risk.
    Assess This is the state of a risk when advanced risk assessment is initiated and being performed. If there is a response strategy, then the risk moves to the Respond state otherwise it moves to the Monitor state once the assessment is completed.
    • Save
    • View assessment: Navigates to the actual risk assessment form.
    • Cancel assessment: If you want to cancel the current assessment. The respective risk assessor is notified about the canceled assessment.
    • Return to draft: Cancels the current assessments and returns the risk to the previous state.
    • Retire
    • Navigate to assessment scope
    • 360 degree
    Respond This is the state of the risk when the risk response task is in progress.

    Once the risk response task is closed, the risk is automatically moved into the Monitor state
    • Save
    • Assess: Pushes the workflow back in the workflow. The in-progress risk response task would be canceled.
    • Retire
    • Navigate to assessment scope
    • 360 degree
    • Return to draft
    Monitor This is the state of the risk when the risk has been assessed and the response task is closed.

    If KRIs are defined (through Metrics), they are executed to monitor the risk.
    • Save
    • Assess: Moves the risk back to Assess state and initiates the risk assessment.
    • Retire
    • Navigate to assessment scope
    • 360 degree
    • Return to draft
    Retire This is the state of the risk when the risk is no longer valid but the organization wants to keep a system of record for audit purposes.
    • 360 degree
    • Activate: Reactivates the risk and moves it back to Draft state.
    • Navigate to assessment scope.